Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yet another Google redirected victim


  • This topic is locked This topic is locked
12 replies to this topic

#1 theowner6

theowner6

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 10 December 2011 - 12:04 PM

Just hoping to get my system as clean as possible so that when the new computer arrives, I don't transfer any infections over. Google's search results get redirected 80% of the time. Furthermore, I've had the Windows Recovery virus recently and while I'm not affected directly by that anymore, ever since fixing that, Shockwave Flash has been constantly crashing, and my browsers (especially Chrome) tend to hang on "sending request" quite often and could take minutes to complete. You guys have never let me down in the past so I appreciate the help in advance.

Logs:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_29
Run by Steve at 0:29:07 on 2011-12-10
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3326.891 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norton AntiVirus *Disabled/Outdated* {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: Norton Internet Security *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\2Wire\Gateway\2PortalMon.exe
C:\WINDOWS\system32\wltray.exe
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
F:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\WinPcap\rpcapd.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Belkin\Router Setup and Monitor\ndis_events.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyServer = 58.241.86.19:8080
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Yahoo! Companion BHO: {13f537f0-af09-11d6-9029-0002b31f9e59} - c:\program files\yahoo!\common\ycomp5,0,8,0.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Web assistant: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\common\ycomp5,0,8,0.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Google Update] "c:\documents and settings\steve\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [URLLSTCK.exe] c:\program files\norton internet security\UrlLstCk.exe
mRun: [2wSysTray] c:\program files\2wire\gateway\2PortalMon.exe
mRun: [wltray.exe] c:\windows\system32\wltray.exe
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer
mRun: [OneTouch Monitor] c:\progra~1\vision~1\ONETOU~2.EXE
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SNM] c:\program files\spynomore\SNM.exe /startup
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [volmgr] %APPDATA%\volmgr.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [volmgr] %APPDATA%\volmgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - f:\program files\logitech\setpoint\SetPoint.exe
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {2499216C-4BA5-11D5-BD9C-000103C116D5} - {2499216C-4BA5-11D5-BD9C-000103C116D5} - c:\program files\yahoo!\common\ylogin.dll
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} - hxxp://www.worldwinner.com/games/v54/zengems/zengems.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {2E062718-4B2D-4926-9E31-36ECB6F4F273} - hxxp://www.worldwinner.com/games/v46/nhltrivia/nhltrivia.cab
DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - hxxp://www.worldwinner.com/games/v63/bjattack/bja.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v51/bejeweled/bejeweled.cab
DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - hxxp://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.21.01.0/iewwload.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} - hxxp://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab
DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} - hxxp://www.worldwinner.com/games/v68/clue/clue.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} - hxxp://www.worldwinner.com/games/v49/luxor/luxor.cab
DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} - hxxp://www.worldwinner.com/games/v46/monopoly/monopoly.cab
DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} - hxxp://www.worldwinner.com/games/v43/paint/paint.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} - hxxp://www.worldwinner.com/games/v49/familyfeud/familyfeud.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1 72.240.13.7 72.240.13.6 156.154.70.43
TCP: Interfaces\{45265EA1-93CA-4D06-AE8A-AA0A6AB6C7CA} : DhcpNameServer = 192.168.2.1 192.168.2.1 72.240.13.7 72.240.13.6 156.154.70.43
TCP: Interfaces\{91666777-968D-44C5-8ECD-24FFF2601D47} : DhcpNameServer = 192.168.2.1 192.168.2.1 72.240.13.7 72.240.13.6 156.154.70.43
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 94.63.240.131 www.google.com
Hosts: 94.63.240.132 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\steve\application data\mozilla\firefox\profiles\yt0e8zcc.default user\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\documents and settings\steve\application data\mozilla\firefox\profiles\yt0e8zcc.default user\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\documents and settings\steve\application data\mozilla\firefox\profiles\yt0e8zcc.default user\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}\components\MailUtil.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\steve\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\steve\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\steve\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\steve\application data\move networks\plugins\npqmp071705000014.dll
FF - plugin: c:\documents and settings\steve\local settings\application data\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\worldwinner.com, inc\worldwinner games\npwwload.dll
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: AOL Messaging Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - %profile%\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\steve\application data\Move Networks
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.sessionstore.resume_from_crash - false
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-12-3 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-12-3 314456]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\SAVRTPEL.SYS [2003-11-21 37056]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-12-3 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-12-3 44768]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2003-11-21 255600]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2003-11-21 218736]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2003-11-21 235120]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-12-18 189736]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-8-4 1361288]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2011-5-2 10384]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-8-23 32512]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2009-6-17 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2009-6-17 10384]
S0 gurgylu;gurgylu;c:\windows\system32\drivers\mlayd.sys --> c:\windows\system32\drivers\mlayd.sys [?]
S2 COM+ Event System (EventSystem);COM+ Event System (EventSystem);c:\program files\common files\\system\\smss.exe --> c:\program files\common files\\system\\smss.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-15 136176]
S3 33d9464c-a926-47c9-bb08-64fe92de773a;33d9464c-a926-47c9-bb08-64fe92de773a;\??\d:\cds300\cds300.dll --> d:\cds300\cds300.dll [?]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2003-11-21 87664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-15 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20051007.016\NAVENG.Sys [2005-10-10 77816]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20051007.016\NavEx15.Sys [2005-10-10 665816]
S3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\SAVRT.SYS [2003-11-21 308416]
S3 usbu2a;UsbU2A;c:\windows\system32\drivers\usbu2a.sys [2001-8-30 5108]
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [2001-1-2 19677]
.
=============== Created Last 30 ================
.
2011-12-03 23:25:37 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-03 23:25:07 41184 ----a-w- c:\windows\avastSS.scr
2011-12-03 23:24:54 -------- d-----w- c:\program files\AVAST Software
2011-12-03 23:24:54 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
.
==================== Find3M ====================
.
2011-11-22 01:29:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-23 16:31:19 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-10-03 09:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 06:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2000-08-30 19:46:18 1807072 ------w- c:\program files\vcredist.exe
.
============= FINISH: 0:34:01.20 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:04 AM

Posted 10 December 2011 - 03:05 PM

Hi,

Please do the following


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT



Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 theowner6

theowner6
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 10 December 2011 - 07:44 PM

18:33:52.0328 4960 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
18:33:52.0812 4960 ============================================================
18:33:52.0812 4960 Current date / time: 2011/12/10 18:33:52.0812
18:33:52.0812 4960 SystemInfo:
18:33:52.0812 4960
18:33:52.0812 4960 OS Version: 5.1.2600 ServicePack: 2.0
18:33:52.0812 4960 Product type: Workstation
18:33:52.0812 4960 ComputerName: D1R23P51
18:33:52.0812 4960 UserName: Steve
18:33:52.0812 4960 Windows directory: C:\WINDOWS
18:33:52.0812 4960 System windows directory: C:\WINDOWS
18:33:52.0812 4960 Processor architecture: Intel x86
18:33:52.0812 4960 Number of processors: 2
18:33:52.0812 4960 Page size: 0x1000
18:33:52.0812 4960 Boot type: Normal boot
18:33:52.0812 4960 ============================================================
18:33:53.0500 4960 Initialize success
18:35:19.0359 3376 ============================================================
18:35:19.0359 3376 Scan started
18:35:19.0359 3376 Mode: Manual;
18:35:19.0359 3376 ============================================================
18:35:19.0921 3376 33d9464c-a926-47c9-bb08-64fe92de773a - ok
18:35:20.0062 3376 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys
18:35:20.0078 3376 Aavmker4 - ok
18:35:20.0093 3376 Abiosdsk - ok
18:35:20.0187 3376 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
18:35:20.0187 3376 abp480n5 - ok
18:35:20.0234 3376 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:35:20.0234 3376 ACPI - ok
18:35:20.0296 3376 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:35:20.0296 3376 ACPIEC - ok
18:35:20.0328 3376 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
18:35:20.0343 3376 adpu160m - ok
18:35:20.0406 3376 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
18:35:20.0406 3376 aec - ok
18:35:20.0468 3376 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
18:35:20.0468 3376 AegisP - ok
18:35:20.0500 3376 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
18:35:20.0500 3376 AFD - ok
18:35:20.0531 3376 AFGMp50 - ok
18:35:20.0593 3376 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\AFGSp50.sys
18:35:20.0593 3376 AFGSp50 - ok
18:35:20.0609 3376 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:35:20.0625 3376 agp440 - ok
18:35:20.0640 3376 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
18:35:20.0640 3376 agpCPQ - ok
18:35:20.0671 3376 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
18:35:20.0671 3376 Aha154x - ok
18:35:20.0687 3376 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
18:35:20.0703 3376 aic78u2 - ok
18:35:20.0718 3376 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
18:35:20.0718 3376 aic78xx - ok
18:35:20.0750 3376 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
18:35:20.0750 3376 AliIde - ok
18:35:20.0781 3376 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
18:35:20.0781 3376 alim1541 - ok
18:35:20.0812 3376 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
18:35:20.0812 3376 amdagp - ok
18:35:20.0843 3376 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
18:35:20.0843 3376 amsint - ok
18:35:20.0875 3376 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
18:35:20.0875 3376 asc - ok
18:35:20.0906 3376 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
18:35:20.0906 3376 asc3350p - ok
18:35:20.0921 3376 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
18:35:20.0921 3376 asc3550 - ok
18:35:21.0000 3376 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys
18:35:21.0000 3376 aswFsBlk - ok
18:35:21.0078 3376 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys
18:35:21.0078 3376 aswMon2 - ok
18:35:21.0125 3376 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys
18:35:21.0125 3376 aswRdr - ok
18:35:21.0218 3376 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys
18:35:21.0234 3376 aswSnx - ok
18:35:21.0312 3376 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys
18:35:21.0312 3376 aswSP - ok
18:35:21.0390 3376 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys
18:35:21.0390 3376 aswTdi - ok
18:35:21.0437 3376 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:35:21.0437 3376 AsyncMac - ok
18:35:21.0468 3376 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:35:21.0468 3376 atapi - ok
18:35:21.0484 3376 Atdisk - ok
18:35:21.0546 3376 ati2mtag (c82240ce60a9326e52282f62ba923f27) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:35:21.0546 3376 ati2mtag - ok
18:35:21.0593 3376 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:35:21.0593 3376 Atmarpc - ok
18:35:21.0640 3376 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:35:21.0640 3376 audstub - ok
18:35:21.0671 3376 b57w2k (4826fcf97c47b361a2e2f68cd487a19e) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
18:35:21.0687 3376 b57w2k - ok
18:35:21.0750 3376 BCM43XX (e7debb46b9ef1f28932e533be4a3d1a9) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
18:35:21.0765 3376 BCM43XX - ok
18:35:21.0796 3376 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:35:21.0796 3376 Beep - ok
18:35:21.0843 3376 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
18:35:21.0843 3376 cbidf - ok
18:35:21.0859 3376 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:35:21.0859 3376 cbidf2k - ok
18:35:21.0890 3376 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
18:35:21.0906 3376 cd20xrnt - ok
18:35:21.0921 3376 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:35:21.0921 3376 Cdaudio - ok
18:35:21.0953 3376 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
18:35:21.0968 3376 Cdfs - ok
18:35:22.0031 3376 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:35:22.0031 3376 Cdrom - ok
18:35:22.0046 3376 Changer - ok
18:35:22.0093 3376 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
18:35:22.0093 3376 CmdIde - ok
18:35:22.0125 3376 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
18:35:22.0140 3376 Cpqarray - ok
18:35:22.0156 3376 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
18:35:22.0156 3376 dac2w2k - ok
18:35:22.0203 3376 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
18:35:22.0203 3376 dac960nt - ok
18:35:22.0234 3376 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
18:35:22.0234 3376 Disk - ok
18:35:22.0296 3376 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
18:35:22.0328 3376 dmboot - ok
18:35:22.0390 3376 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
18:35:22.0406 3376 dmio - ok
18:35:22.0453 3376 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:35:22.0468 3376 dmload - ok
18:35:22.0515 3376 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
18:35:22.0515 3376 DMusic - ok
18:35:22.0546 3376 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
18:35:22.0546 3376 dpti2o - ok
18:35:22.0578 3376 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
18:35:22.0578 3376 drmkaud - ok
18:35:22.0625 3376 drvmcdb (049177996e5e33b5faf40cad2b82098c) C:\WINDOWS\system32\drivers\drvmcdb.sys
18:35:22.0640 3376 drvmcdb - ok
18:35:22.0671 3376 drvnddm (2f4134d073f972575c174e3d621f0107) C:\WINDOWS\system32\drivers\drvnddm.sys
18:35:22.0671 3376 drvnddm - ok
18:35:22.0812 3376 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
18:35:22.0812 3376 DSproct - ok
18:35:22.0875 3376 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
18:35:22.0875 3376 dsunidrv - ok
18:35:22.0921 3376 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
18:35:22.0937 3376 dvd43llh - ok
18:35:22.0984 3376 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
18:35:22.0984 3376 E100B - ok
18:35:23.0046 3376 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
18:35:23.0046 3376 Fastfat - ok
18:35:23.0093 3376 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:35:23.0093 3376 Fdc - ok
18:35:23.0125 3376 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
18:35:23.0125 3376 Fips - ok
18:35:23.0156 3376 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:35:23.0156 3376 Flpydisk - ok
18:35:23.0171 3376 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:35:23.0171 3376 FltMgr - ok
18:35:23.0234 3376 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:35:23.0234 3376 Fs_Rec - ok
18:35:23.0281 3376 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:35:23.0281 3376 Ftdisk - ok
18:35:23.0343 3376 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:35:23.0343 3376 GEARAspiWDM - ok
18:35:23.0375 3376 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:35:23.0375 3376 Gpc - ok
18:35:23.0406 3376 gurgylu - ok
18:35:23.0484 3376 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
18:35:23.0484 3376 hamachi - ok
18:35:23.0593 3376 HCF_MSFT (4236e014632f4163f53ebb717f41594c) C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys
18:35:23.0640 3376 HCF_MSFT - ok
18:35:23.0703 3376 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:35:23.0703 3376 HidUsb - ok
18:35:23.0750 3376 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
18:35:23.0750 3376 hpn - ok
18:35:23.0828 3376 HTTP (bfb7b73c942e816c4fb4a5a7bae87136) C:\WINDOWS\system32\Drivers\HTTP.sys
18:35:23.0828 3376 HTTP - ok
18:35:23.0859 3376 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
18:35:23.0859 3376 i2omgmt - ok
18:35:23.0890 3376 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
18:35:23.0890 3376 i2omp - ok
18:35:23.0921 3376 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:35:23.0921 3376 i8042prt - ok
18:35:24.0031 3376 iaStor (d7731536e183b4397402ca6f9e1d52f7) C:\WINDOWS\system32\drivers\iaStor.sys
18:35:24.0046 3376 iaStor - ok
18:35:24.0093 3376 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:35:24.0093 3376 Imapi - ok
18:35:24.0125 3376 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
18:35:24.0125 3376 ini910u - ok
18:35:24.0156 3376 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:35:24.0156 3376 IntelIde - ok
18:35:24.0203 3376 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:35:24.0203 3376 intelppm - ok
18:35:24.0234 3376 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:35:24.0234 3376 Ip6Fw - ok
18:35:24.0281 3376 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:35:24.0281 3376 IpFilterDriver - ok
18:35:24.0312 3376 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:35:24.0312 3376 IpInIp - ok
18:35:24.0375 3376 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:35:24.0375 3376 IpNat - ok
18:35:24.0406 3376 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:35:24.0406 3376 IPSec - ok
18:35:24.0453 3376 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:35:24.0468 3376 IRENUM - ok
18:35:24.0500 3376 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:35:24.0500 3376 isapnp - ok
18:35:24.0531 3376 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:35:24.0531 3376 Kbdclass - ok
18:35:24.0593 3376 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:35:24.0593 3376 kbdhid - ok
18:35:24.0625 3376 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
18:35:24.0625 3376 kmixer - ok
18:35:24.0687 3376 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
18:35:24.0687 3376 KSecDD - ok
18:35:24.0734 3376 L8042Kbd (0c6e346cde730cf1356dd69ad6e9bc42) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
18:35:24.0734 3376 L8042Kbd - ok
18:35:24.0812 3376 LBeepKE (9ffd1cf2a782f2560e78eec4b8b8689e) C:\WINDOWS\system32\Drivers\LBeepKE.sys
18:35:24.0812 3376 LBeepKE - ok
18:35:24.0843 3376 lbrtfdc - ok
18:35:24.0906 3376 LEqdUsb (70035567754bed4e6ad353ca3f175127) C:\WINDOWS\system32\Drivers\LEqdUsb.Sys
18:35:24.0906 3376 LEqdUsb - ok
18:35:24.0968 3376 LHidEqd (32491b6bae0afad1d7a62c0ef0af4321) C:\WINDOWS\system32\Drivers\LHidEqd.Sys
18:35:24.0968 3376 LHidEqd - ok
18:35:25.0031 3376 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
18:35:25.0031 3376 LHidFilt - ok
18:35:25.0109 3376 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
18:35:25.0109 3376 LMouFilt - ok
18:35:25.0125 3376 MBAMSwissArmy - ok
18:35:25.0218 3376 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:35:25.0218 3376 mnmdd - ok
18:35:25.0250 3376 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
18:35:25.0265 3376 Modem - ok
18:35:25.0343 3376 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:35:25.0359 3376 Mouclass - ok
18:35:25.0406 3376 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:35:25.0421 3376 mouhid - ok
18:35:25.0468 3376 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
18:35:25.0468 3376 MountMgr - ok
18:35:25.0500 3376 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
18:35:25.0500 3376 mraid35x - ok
18:35:25.0531 3376 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:35:25.0531 3376 MRxDAV - ok
18:35:25.0593 3376 MRxSmb (5ddc9a1b2eb5a4bf010ce8c019a18c1f) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:35:25.0625 3376 MRxSmb - ok
18:35:25.0671 3376 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
18:35:25.0687 3376 Msfs - ok
18:35:25.0765 3376 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:35:25.0781 3376 MSKSSRV - ok
18:35:25.0828 3376 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:35:25.0828 3376 MSPCLOCK - ok
18:35:25.0890 3376 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
18:35:25.0890 3376 MSPQM - ok
18:35:25.0937 3376 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:35:25.0953 3376 mssmbios - ok
18:35:26.0000 3376 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
18:35:26.0000 3376 Mup - ok
18:35:26.0078 3376 MxlW2k (a1520761f42dbb06db7929d6fa9753ea) C:\WINDOWS\system32\drivers\MxlW2k.sys
18:35:26.0078 3376 MxlW2k - ok
18:35:26.0265 3376 NAVENG (d47dd81567d084cc7dd0f7d4da6fc7b2) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20051007.016\NAVENG.Sys
18:35:26.0265 3376 NAVENG - ok
18:35:26.0328 3376 NAVEX15 (35b3e9c24e156a7aa02110e48d037326) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20051007.016\NavEx15.Sys
18:35:26.0359 3376 NAVEX15 - ok
18:35:26.0515 3376 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
18:35:26.0515 3376 NDIS - ok
18:35:26.0593 3376 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:35:26.0593 3376 NdisTapi - ok
18:35:26.0625 3376 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:35:26.0625 3376 Ndisuio - ok
18:35:26.0656 3376 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:35:26.0656 3376 NdisWan - ok
18:35:26.0687 3376 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
18:35:26.0687 3376 NDProxy - ok
18:35:26.0734 3376 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:35:26.0734 3376 NetBIOS - ok
18:35:26.0765 3376 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:35:26.0765 3376 NetBT - ok
18:35:26.0859 3376 NPF (d21fee8db254ba762656878168ac1db6) C:\WINDOWS\system32\drivers\npf.sys
18:35:26.0859 3376 NPF - ok
18:35:26.0921 3376 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
18:35:26.0921 3376 Npfs - ok
18:35:27.0046 3376 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
18:35:27.0078 3376 Ntfs - ok
18:35:27.0125 3376 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:35:27.0125 3376 Null - ok
18:35:27.0265 3376 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:35:27.0343 3376 nv - ok
18:35:27.0390 3376 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:35:27.0390 3376 NwlnkFlt - ok
18:35:27.0437 3376 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:35:27.0437 3376 NwlnkFwd - ok
18:35:27.0484 3376 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
18:35:27.0500 3376 omci - ok
18:35:27.0546 3376 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
18:35:27.0562 3376 Parport - ok
18:35:27.0578 3376 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
18:35:27.0593 3376 PartMgr - ok
18:35:27.0625 3376 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:35:27.0625 3376 ParVdm - ok
18:35:27.0656 3376 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
18:35:27.0656 3376 PCI - ok
18:35:27.0687 3376 PCIDump - ok
18:35:27.0718 3376 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:35:27.0718 3376 PCIIde - ok
18:35:27.0765 3376 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:35:27.0765 3376 Pcmcia - ok
18:35:27.0796 3376 PDCOMP - ok
18:35:27.0859 3376 PDFRAME - ok
18:35:27.0906 3376 PDRELI - ok
18:35:27.0937 3376 PDRFRAME - ok
18:35:28.0000 3376 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
18:35:28.0000 3376 perc2 - ok
18:35:28.0031 3376 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
18:35:28.0031 3376 perc2hib - ok
18:35:28.0109 3376 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:35:28.0109 3376 PptpMiniport - ok
18:35:28.0171 3376 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
18:35:28.0171 3376 PSched - ok
18:35:28.0234 3376 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:35:28.0234 3376 Ptilink - ok
18:35:28.0296 3376 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:35:28.0296 3376 PxHelp20 - ok
18:35:28.0328 3376 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
18:35:28.0328 3376 ql1080 - ok
18:35:28.0359 3376 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
18:35:28.0359 3376 Ql10wnt - ok
18:35:28.0390 3376 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
18:35:28.0390 3376 ql12160 - ok
18:35:28.0421 3376 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
18:35:28.0421 3376 ql1240 - ok
18:35:28.0453 3376 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
18:35:28.0468 3376 ql1280 - ok
18:35:28.0484 3376 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:35:28.0484 3376 RasAcd - ok
18:35:28.0515 3376 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:35:28.0531 3376 Rasl2tp - ok
18:35:28.0546 3376 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:35:28.0546 3376 RasPppoe - ok
18:35:28.0578 3376 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:35:28.0578 3376 Raspti - ok
18:35:28.0625 3376 Rdbss (809ca45caa9072b3176ad44579d7f688) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:35:28.0640 3376 Rdbss - ok
18:35:28.0656 3376 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:35:28.0656 3376 RDPCDD - ok
18:35:28.0718 3376 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:35:28.0734 3376 rdpdr - ok
18:35:28.0796 3376 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
18:35:28.0796 3376 RDPWD - ok
18:35:28.0843 3376 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:35:28.0859 3376 redbook - ok
18:35:28.0984 3376 SAVRT (7a1dcba368dacb5ca41e40f97f43aaa8) C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS
18:35:29.0000 3376 SAVRT - ok
18:35:29.0046 3376 SAVRTPEL (395df1ccad06b8d47f2d78c2d78f4cd5) C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS
18:35:29.0046 3376 SAVRTPEL - ok
18:35:29.0125 3376 sdcplh (b7ea2f12416693d2d9bffaaa5eff7037) C:\WINDOWS\system32\drivers\sdcplh.sys
18:35:29.0125 3376 sdcplh - ok
18:35:29.0171 3376 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:35:29.0187 3376 Secdrv - ok
18:35:29.0296 3376 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
18:35:29.0343 3376 senfilt - ok
18:35:29.0390 3376 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:35:29.0406 3376 serenum - ok
18:35:29.0421 3376 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
18:35:29.0437 3376 Serial - ok
18:35:29.0500 3376 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:35:29.0500 3376 Sfloppy - ok
18:35:29.0562 3376 Simbad - ok
18:35:29.0625 3376 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
18:35:29.0625 3376 sisagp - ok
18:35:29.0703 3376 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
18:35:29.0703 3376 smwdm - ok
18:35:29.0765 3376 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
18:35:29.0765 3376 Sparrow - ok
18:35:29.0796 3376 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
18:35:29.0796 3376 splitter - ok
18:35:29.0843 3376 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
18:35:29.0843 3376 sr - ok
18:35:29.0906 3376 Srv (553007ecce7f6565bbe645beb66d3b69) C:\WINDOWS\system32\DRIVERS\srv.sys
18:35:29.0921 3376 Srv - ok
18:35:29.0968 3376 sscdbhk5 (7c0c9bdca2d351ff3b4f9b69f99aa995) C:\WINDOWS\system32\drivers\sscdbhk5.sys
18:35:29.0968 3376 sscdbhk5 - ok
18:35:30.0000 3376 ssrtln (31726706d54894d5059f7471111a87bb) C:\WINDOWS\system32\drivers\ssrtln.sys
18:35:30.0015 3376 ssrtln - ok
18:35:30.0062 3376 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:35:30.0062 3376 swenum - ok
18:35:30.0093 3376 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
18:35:30.0093 3376 swmidi - ok
18:35:30.0156 3376 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
18:35:30.0156 3376 symc810 - ok
18:35:30.0203 3376 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
18:35:30.0203 3376 symc8xx - ok
18:35:30.0265 3376 SYMDNS (1f0a3f93fecba6e873e75ac34538708b) C:\WINDOWS\System32\Drivers\SYMDNS.SYS
18:35:30.0265 3376 SYMDNS - ok
18:35:30.0359 3376 SymEvent (1e55d29e0793cba72634087f814091c0) C:\Program Files\Symantec\SYMEVENT.SYS
18:35:30.0359 3376 SymEvent - ok
18:35:30.0390 3376 SYMFW (ca212638c07f7a1736667319589f416e) C:\WINDOWS\System32\Drivers\SYMFW.SYS
18:35:30.0390 3376 SYMFW - ok
18:35:30.0453 3376 SYMIDS (83a0415ab669afe9f2b7fccc52f23153) C:\WINDOWS\System32\Drivers\SYMIDS.SYS
18:35:30.0468 3376 SYMIDS - ok
18:35:30.0531 3376 SYMIDSCO (32675ba1704b3511143504c685e64985) C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20051208.051\symidsco.sys
18:35:30.0531 3376 SYMIDSCO - ok
18:35:30.0578 3376 SYMNDIS (2a8ebb694d702d91d8046b31c3da2220) C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
18:35:30.0578 3376 SYMNDIS - ok
18:35:30.0609 3376 SYMREDRV (7c73b65f1bdfab9052a5076c0ca622de) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
18:35:30.0609 3376 SYMREDRV - ok
18:35:30.0687 3376 SYMTDI (b4562798891dca27ed67ca07acbadbd9) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
18:35:30.0687 3376 SYMTDI - ok
18:35:30.0781 3376 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
18:35:30.0781 3376 sym_hi - ok
18:35:30.0812 3376 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
18:35:30.0828 3376 sym_u3 - ok
18:35:30.0859 3376 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
18:35:30.0859 3376 sysaudio - ok
18:35:30.0968 3376 Tcpip (583e063fdc888ca30d05c2724b0d7ef4) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:35:31.0000 3376 Tcpip - ok
18:35:31.0031 3376 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:35:31.0031 3376 TDPIPE - ok
18:35:31.0078 3376 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
18:35:31.0078 3376 TDTCP - ok
18:35:31.0125 3376 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:35:31.0125 3376 TermDD - ok
18:35:31.0203 3376 tfsnboio (b0d311f33c5b4a5858e4e6c965a79267) C:\WINDOWS\system32\dla\tfsnboio.sys
18:35:31.0203 3376 tfsnboio - ok
18:35:31.0234 3376 tfsncofs (250f74fce5d1eccb29ad9abeb55f35d8) C:\WINDOWS\system32\dla\tfsncofs.sys
18:35:31.0234 3376 tfsncofs - ok
18:35:31.0265 3376 tfsndrct (e23291934c59e1741ba83582e7a209c0) C:\WINDOWS\system32\dla\tfsndrct.sys
18:35:31.0265 3376 tfsndrct - ok
18:35:31.0328 3376 tfsndres (0d863d020633025f1e4ad3e0e325d503) C:\WINDOWS\system32\dla\tfsndres.sys
18:35:31.0328 3376 tfsndres - ok
18:35:31.0359 3376 tfsnifs (e3e10696663e35062851a376299198bd) C:\WINDOWS\system32\dla\tfsnifs.sys
18:35:31.0359 3376 tfsnifs - ok
18:35:31.0390 3376 tfsnopio (00cc366bdcbd8a9a1c95c1c59900dd9b) C:\WINDOWS\system32\dla\tfsnopio.sys
18:35:31.0390 3376 tfsnopio - ok
18:35:31.0437 3376 tfsnpool (84a91d08f49831e8c24e4d25ddefae87) C:\WINDOWS\system32\dla\tfsnpool.sys
18:35:31.0437 3376 tfsnpool - ok
18:35:31.0468 3376 tfsnudf (55b761c6e2d4fcedac3b46b6c0724830) C:\WINDOWS\system32\dla\tfsnudf.sys
18:35:31.0468 3376 tfsnudf - ok
18:35:31.0500 3376 tfsnudfa (64c6e8c217e30ee595120c66f6e783ba) C:\WINDOWS\system32\dla\tfsnudfa.sys
18:35:31.0515 3376 tfsnudfa - ok
18:35:31.0578 3376 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
18:35:31.0578 3376 TosIde - ok
18:35:31.0656 3376 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
18:35:31.0671 3376 Udfs - ok
18:35:31.0718 3376 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
18:35:31.0718 3376 ultra - ok
18:35:31.0781 3376 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
18:35:31.0781 3376 Update - ok
18:35:31.0859 3376 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:35:31.0859 3376 USBAAPL - ok
18:35:31.0921 3376 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:35:31.0937 3376 usbccgp - ok
18:35:31.0968 3376 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:35:31.0968 3376 usbehci - ok
18:35:32.0000 3376 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:35:32.0000 3376 usbhub - ok
18:35:32.0078 3376 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:35:32.0093 3376 usbprint - ok
18:35:32.0140 3376 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:35:32.0140 3376 usbscan - ok
18:35:32.0203 3376 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:35:32.0218 3376 USBSTOR - ok
18:35:32.0250 3376 usbu2a (cf3d8df9bd492ed282ad891ed84241e0) C:\WINDOWS\system32\Drivers\usbu2a.sys
18:35:32.0250 3376 usbu2a - ok
18:35:32.0296 3376 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:35:32.0312 3376 usbuhci - ok
18:35:32.0375 3376 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
18:35:32.0390 3376 VgaSave - ok
18:35:32.0421 3376 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
18:35:32.0421 3376 viaagp - ok
18:35:32.0453 3376 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
18:35:32.0453 3376 ViaIde - ok
18:35:32.0515 3376 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
18:35:32.0515 3376 VolSnap - ok
18:35:32.0578 3376 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:35:32.0578 3376 Wanarp - ok
18:35:32.0593 3376 wanatw - ok
18:35:32.0703 3376 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
18:35:32.0718 3376 Wdf01000 - ok
18:35:32.0750 3376 WDICA - ok
18:35:32.0812 3376 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
18:35:32.0812 3376 wdmaud - ok
18:35:32.0937 3376 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:35:32.0937 3376 WudfPf - ok
18:35:33.0015 3376 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:35:33.0015 3376 WudfRd - ok
18:35:33.0109 3376 xbreader (05a74d2be6f493c65d7221d1d0e8a23c) C:\WINDOWS\system32\Drivers\xbreader.sys
18:35:33.0109 3376 xbreader - ok
18:35:33.0156 3376 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
18:35:33.0156 3376 \Device\Harddisk0\DR0 - ok
18:35:33.0171 3376 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR4
18:35:33.0203 3376 \Device\Harddisk1\DR4 - ok
18:35:33.0218 3376 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR5
18:35:33.0218 3376 \Device\Harddisk2\DR5 - ok
18:35:33.0234 3376 Boot (0x1200) (f1d6fd6d984982d7ed75c211719056d3) \Device\Harddisk0\DR0\Partition0
18:35:33.0234 3376 \Device\Harddisk0\DR0\Partition0 - ok
18:35:33.0234 3376 Boot (0x1200) (db6103f97555aae6abe8c75d5ac3ce55) \Device\Harddisk1\DR4\Partition0
18:35:33.0250 3376 \Device\Harddisk1\DR4\Partition0 - ok
18:35:33.0250 3376 Boot (0x1200) (30890389e945c8e75e1ee4b5cdedda53) \Device\Harddisk2\DR5\Partition0
18:35:33.0250 3376 \Device\Harddisk2\DR5\Partition0 - ok
18:35:33.0250 3376 ============================================================
18:35:33.0250 3376 Scan finished
18:35:33.0250 3376 ============================================================
18:35:33.0265 1608 Detected object count: 0
18:35:33.0265 1608 Actual detected object count: 0
18:36:06.0250 5408 Deinitialize success

ComboFix 11-12-10.01 - Steve 12/10/2011 18:52:26.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3326.2469 [GMT -5:00]
Running from: c:\documents and settings\Steve\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norton AntiVirus *Disabled/Outdated* {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: Norton Internet Security *Disabled* {825036E0-9F94-4752-8789-8B92454AF49B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Steve\LOCALS~1\Temp\1.tmp\F_IN_BOX.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Steve\3wn.nes
c:\documents and settings\Steve\Application Data\EurekaLog
c:\documents and settings\Steve\Local Settings\Temp\1.tmp\F_IN_BOX.dll
c:\documents and settings\Steve\WINDOWS
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
F:\Autorun.inf
F:\Setup.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-11-11 to 2011-12-11 )))))))))))))))))))))))))))))))
.
.
2011-12-03 23:25 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-12-03 23:25 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-12-03 23:25 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-03 23:25 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-12-03 23:25 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-12-03 23:25 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-12-03 23:25 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-12-03 23:25 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-12-03 23:25 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2011-12-03 23:25 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-12-03 23:24 . 2011-12-03 23:24 -------- d-----w- c:\program files\AVAST Software
2011-12-03 23:24 . 2011-12-03 23:24 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
3427-09-26 03:40 . 2005-12-08 06:32 418 ----a-w- c:\windows\Fonts\_ReadMe.txt
2011-11-22 01:29 . 2011-06-25 18:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-23 16:31 . 2011-10-23 16:31 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-10-03 09:06 . 2011-10-23 21:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 06:37 . 2009-01-24 23:14 73728 ----a-w- c:\windows\system32\javacpl.cpl
2000-08-30 19:46 . 2000-08-30 19:46 1807072 ------w- c:\program files\vcredist.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-12-24 395640]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 135168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-26 335872]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-07-01 71280]
"URLLSTCK.exe"="c:\program files\Norton Internet Security\UrlLstCk.exe" [2003-12-11 70800]
"2wSysTray"="c:\program files\2Wire\Gateway\2PortalMon.exe" [2002-11-14 446464]
"wltray.exe"="c:\windows\system32\wltray.exe" [2005-03-10 778348]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2005-10-26 100056]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-12-18 197928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-03-17 1141144]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-07-28 273544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-04 1955208]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - f:\program files\Logitech\SetPoint\SetPoint.exe [2011-5-2 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 16:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2009-05-19 05:23 49968 ----a-w- c:\program files\AIM6\aim6.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
2006-02-23 20:54 704512 ----a-w- c:\program files\dvd43\DVD43_Tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-04-11 16:43 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2004-04-19 19:45 53248 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2005-09-19 04:02 7083056 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\SYSTEM32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 05:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-12-24 21:28 395640 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2002-08-27 15:55 1421312 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YPager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"f:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"f:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"f:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"f:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"f:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7070:TCP"= 7070:TCP:smss
"53:TCP"= 53:TCP:smss
.
R1 aswSnx;aswSnx;c:\windows\SYSTEM32\DRIVERS\aswSnx.sys [12/3/2011 6:25 PM 435032]
R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [12/3/2011 6:25 PM 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [12/3/2011 6:25 PM 20568]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [12/18/2009 10:25 AM 189736]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [8/4/2011 2:34 PM 1361288]
R2 LBeepKE;LBeepKE;c:\windows\SYSTEM32\DRIVERS\LBeepKE.sys [5/2/2011 11:19 AM 10384]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/14/2008 12:13 AM 24652]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\SYSTEM32\DRIVERS\LEqdUsb.sys [6/17/2009 11:55 AM 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\SYSTEM32\DRIVERS\LHidEqd.sys [6/17/2009 11:55 AM 10384]
S0 gurgylu;gurgylu;c:\windows\system32\drivers\mlayd.sys --> c:\windows\system32\drivers\mlayd.sys [?]
S2 COM+ Event System (EventSystem);COM+ Event System (EventSystem);c:\program files\Common Files\\System\\smss.exe --> c:\program files\Common Files\\System\\smss.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/15/2011 4:30 PM 136176]
S3 33d9464c-a926-47c9-bb08-64fe92de773a;33d9464c-a926-47c9-bb08-64fe92de773a;\??\d:\cds300\cds300.dll --> d:\cds300\cds300.dll [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/15/2011 4:30 PM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 usbu2a;UsbU2A;c:\windows\SYSTEM32\DRIVERS\usbu2a.sys [8/30/2001 4:14 PM 5108]
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\SYSTEM32\DRIVERS\xbreader.sys [1/2/2001 10:53 PM 19677]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [3/6/2010 11:53 PM 85504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-15 10:36]
.
2011-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-15 10:36]
.
2011-12-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1733856361-3488808524-2105740647-1007Core.job
- c:\documents and settings\Steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 07:48]
.
2011-12-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1733856361-3488808524-2105740647-1007UA.job
- c:\documents and settings\Steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 07:48]
.
2011-12-10 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2003-11-21 22:22]
.
2011-12-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1733856361-3488808524-2105740647-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-12-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1733856361-3488808524-2105740647-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-12-11 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-06-17 23:38]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = 58.241.86.19:8080
uInternet Settings,ProxyOverride = *.local
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1 72.240.13.7 72.240.13.6 156.154.70.43
FF - ProfilePath - c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\yt0e8zcc.Default User\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: AOL Messaging Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - %profile%\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Steve\Application Data\Move Networks
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.sessionstore.resume_from_crash - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SNM - c:\program files\SpyNoMore\SNM.exe
HKLM-Run-volmgr - c:\documents and settings\Steve\Application Data\volmgr.exe
HKU-Default-Run-volmgr - c:\documents and settings\Steve\Application Data\volmgr.exe
MSConfigStartUp-ares vista - c:\program files\Ares Vista\AresVista.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-10 19:29
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(964)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(2204)
c:\progra~1\COMMON~1\SYMANT~1\ANTISPAM\asOEHook.dll
f:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
c:\program files\Belkin\Router Setup and Monitor\ndis_events.exe
.
**************************************************************************
.
Completion time: 2011-12-10 19:37:02 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-11 00:36
.
Pre-Run: 32,244,322,304 bytes free
Post-Run: 34,960,490,496 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - D630BA5F8EB45F56562D9E08691B893E

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:04 AM

Posted 10 December 2011 - 08:05 PM

Hi,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://www.bleepingcomputer.com/forums/index.php?app=forums&module=post&section=post&do=reply_post&f=22&t=431687

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7070:TCP"=-
"53:TCP"=-

Driver::
gurgylu

Collect::
c:\windows\system32\drivers\mlayd.sys

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 theowner6

theowner6
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 11 December 2011 - 06:41 AM

ComboFix 11-12-10.01 - Steve 12/10/2011 23:06:15.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3326.2566 [GMT -5:00]
Running from: c:\documents and settings\Steve\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Steve\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norton AntiVirus *Disabled/Outdated* {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: Norton Internet Security *Disabled* {825036E0-9F94-4752-8789-8B92454AF49B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gurgylu
.
.
((((((((((((((((((((((((( Files Created from 2011-11-11 to 2011-12-11 )))))))))))))))))))))))))))))))
.
.
2011-12-03 23:25 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-12-03 23:25 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-12-03 23:25 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-03 23:25 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-12-03 23:25 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-12-03 23:25 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-12-03 23:25 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-12-03 23:25 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-12-03 23:25 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2011-12-03 23:25 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-12-03 23:24 . 2011-12-03 23:24 -------- d-----w- c:\program files\AVAST Software
2011-12-03 23:24 . 2011-12-03 23:24 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
3427-09-26 03:40 . 2005-12-08 06:32 418 ----a-w- c:\windows\Fonts\_ReadMe.txt
2011-11-22 01:29 . 2011-06-25 18:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-23 16:31 . 2011-10-23 16:31 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-10-03 09:06 . 2011-10-23 21:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 06:37 . 2009-01-24 23:14 73728 ----a-w- c:\windows\system32\javacpl.cpl
2000-08-30 19:46 . 2000-08-30 19:46 1807072 ------w- c:\program files\vcredist.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-11_00.29.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-11 04:25 . 2011-12-11 04:25 16384 c:\windows\Temp\Perflib_Perfdata_ae0.dat
+ 2005-06-17 13:05 . 2011-12-11 00:32 71640 c:\windows\SYSTEM32\PERFC009.DAT
- 2005-06-17 13:05 . 2011-12-10 16:47 71640 c:\windows\SYSTEM32\PERFC009.DAT
+ 2005-06-17 13:05 . 2011-12-11 00:32 440606 c:\windows\SYSTEM32\PERFH009.DAT
- 2005-06-17 13:05 . 2011-12-10 16:47 440606 c:\windows\SYSTEM32\PERFH009.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-12-24 395640]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 135168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-26 335872]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-07-01 71280]
"URLLSTCK.exe"="c:\program files\Norton Internet Security\UrlLstCk.exe" [2003-12-11 70800]
"2wSysTray"="c:\program files\2Wire\Gateway\2PortalMon.exe" [2002-11-14 446464]
"wltray.exe"="c:\windows\system32\wltray.exe" [2005-03-10 778348]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2005-10-26 100056]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-12-18 197928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-03-17 1141144]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-07-28 273544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-04 1955208]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - f:\program files\Logitech\SetPoint\SetPoint.exe [2011-5-2 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 16:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2009-05-19 05:23 49968 ----a-w- c:\program files\AIM6\aim6.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
2006-02-23 20:54 704512 ----a-w- c:\program files\dvd43\DVD43_Tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-04-11 16:43 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2004-04-19 19:45 53248 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2005-09-19 04:02 7083056 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\SYSTEM32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 05:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-12-24 21:28 395640 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2002-08-27 15:55 1421312 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YPager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"f:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"f:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"f:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"f:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"f:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
.
R1 aswSnx;aswSnx;c:\windows\SYSTEM32\DRIVERS\aswSnx.sys [12/3/2011 6:25 PM 435032]
R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [12/3/2011 6:25 PM 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [12/3/2011 6:25 PM 20568]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [12/18/2009 10:25 AM 189736]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [8/4/2011 2:34 PM 1361288]
R2 LBeepKE;LBeepKE;c:\windows\SYSTEM32\DRIVERS\LBeepKE.sys [5/2/2011 11:19 AM 10384]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/14/2008 12:13 AM 24652]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\SYSTEM32\DRIVERS\LEqdUsb.sys [6/17/2009 11:55 AM 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\SYSTEM32\DRIVERS\LHidEqd.sys [6/17/2009 11:55 AM 10384]
S2 COM+ Event System (EventSystem);COM+ Event System (EventSystem);c:\program files\Common Files\\System\\smss.exe --> c:\program files\Common Files\\System\\smss.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/15/2011 4:30 PM 136176]
S3 33d9464c-a926-47c9-bb08-64fe92de773a;33d9464c-a926-47c9-bb08-64fe92de773a;\??\d:\cds300\cds300.dll --> d:\cds300\cds300.dll [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/15/2011 4:30 PM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 usbu2a;UsbU2A;c:\windows\SYSTEM32\DRIVERS\usbu2a.sys [8/30/2001 4:14 PM 5108]
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\SYSTEM32\DRIVERS\xbreader.sys [1/2/2001 10:53 PM 19677]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [3/6/2010 11:53 PM 85504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-15 10:36]
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-15 10:36]
.
2011-12-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1733856361-3488808524-2105740647-1007Core.job
- c:\documents and settings\Steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 07:48]
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1733856361-3488808524-2105740647-1007UA.job
- c:\documents and settings\Steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 07:48]
.
2011-12-10 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2003-11-21 22:22]
.
2011-12-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1733856361-3488808524-2105740647-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-12-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1733856361-3488808524-2105740647-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-12-11 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-06-17 23:38]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = 58.241.86.19:8080
uInternet Settings,ProxyOverride = *.local
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1 72.240.13.7 72.240.13.6 156.154.70.43
FF - ProfilePath - c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\yt0e8zcc.Default User\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: AOL Messaging Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - %profile%\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Steve\Application Data\Move Networks
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.sessionstore.resume_from_crash - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-10 23:26
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(972)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(3584)
c:\progra~1\COMMON~1\SYMANT~1\ANTISPAM\asOEHook.dll
f:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Belkin\Router Setup and Monitor\ndis_events.exe
.
**************************************************************************
.
Completion time: 2011-12-10 23:32:43 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-11 04:32
ComboFix2.txt 2011-12-11 00:37
.
Pre-Run: 35,028,303,872 bytes free
Post-Run: 35,080,568,832 bytes free
.
- - End Of File - - 662F8872D5B227581E70E11A2E9262FB

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8351

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

12/10/2011 11:45:29 PM
mbam-log-2011-12-10 (23-45-29).txt

Scan type: Quick scan
Objects scanned: 193663
Time elapsed: 3 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


C:\Documents and Settings\Default User\My Documents\My Music\Canyon__Mansion_On_The_Mountain.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Documents and Settings\Default User\My Documents\My Music\Chuck_Prophet__What_Makes_the_Monkey_Dance.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Documents and Settings\Default User\My Documents\My Music\Cordero__Vamos_Nenas.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Documents and Settings\Default User\My Documents\My Music\Drive_by_Truckers__My_Sweet_Annette.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Documents and Settings\Default User\My Documents\My Music\Imperial_Teen__Sugar.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Documents and Settings\Default User\My Documents\My Music\Jon_Dee_Graham__One_Moment.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Documents and Settings\Default User\My Documents\My Music\Secondhand_Jive__San_Francisco96.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Documents and Settings\Default User\My Documents\My Music\Slobberbone__Sister_Beams.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Documents and Settings\Default User\My Documents\My Music\The_Flatlanders__Julia.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Documents and Settings\Default User\My Documents\My Music\Vic_Chestnut__Im_Through.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Documents and Settings\Steve\My Documents\My Music\downloads\09D588C5\Protected_03_09_2006_13_56_47.asf a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Documents and Settings\Steve\My Documents\My Music\downloads\1B887CF6\Protected_03_13_2006_00_25_47.asf a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\forthedvds\copy's\5thSCresults[1].wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\forthedvds\copy's\5thSCs[1].wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\forthedvds\copy's\booboo[1].wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\forthedvds\copy's\bullseye1[1].wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\forthedvds\copy's\CBSsunday[1].wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\forthedvds\copy's\GGexacta[1].wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\forthedvds\copy's\OneAway-goof[1].wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\forthedvds\copy's\PABgoof[1].wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\forthedvds\copy's\PaPgoof[1].wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\from the 4500\ashlee_snl.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\from the 4500\moSMB3.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\from the 4500\VS2001.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\from the 4500\vsshow2001abc.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\fromthe2000\cd2\DMB mp3's\54--The Dreaming Tree 07-24-98.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\I386\MDLIB.WMV a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\I386\RTUNER.WMV a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Jasc Software Inc\Paint Shop Photo Album\Music\Ambiance.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Jasc Software Inc\Paint Shop Photo Album\Music\Classical Interlude 2.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Jasc Software Inc\Paint Shop Photo Album\Music\Jazz Groove.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Jasc Software Inc\Paint Shop Photo Album\Music\Light Piano.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Jasc Software Inc\Paint Shop Photo Album\Music\Piano Blues 1.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Jasc Software Inc\Paint Shop Photo Album\Music\Piano Blues 2.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Jasc Software Inc\Paint Shop Photo Album\Music\Pop Groove.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Jasc Software Inc\Paint Shop Photo Album\Music\Prelude.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Jasc Software Inc\Paint Shop Photo Album\Music\Rock Groove.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Jasc Software Inc\Paint Shop Photo Album\Music\Sports Night.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Sonic\MyDVD\Styles\NTSC\DefaultMotionStyles_Lite\DefaultMotionStyles_Lite\Generic1Motion.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Sonic\MyDVD\Styles\PAL\DefaultMotionStyles_Lite\DefaultMotionStyles_Lite\CorporateMotion.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Sonic\MyDVD\Styles\PAL\DefaultMotionStyles_Lite\DefaultMotionStyles_Lite\Generic1Motion.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Sonic\MyDVD\Styles\PAL\DefaultMotionStyles_Lite\DefaultMotionStyles_Lite\Generic1MotionPAL.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\attack\attack\Attack.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\,Bounce\Bounce.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\,Bubbles\03 Bubbles.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\- Miss Murder\- Miss Murder.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\1,2 STEP (JOHNNY BUDZ RADIO EDIT)\1,2 STEP (JOHNNY BUDZ RADIO EDIT).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\1,2,3,4,007 (SPEED POP MIX)\1,2,3,4,007 (SPEED POP MIX).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\1mswgo\My Spirit Will Go On.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\A THOUSAND MILES (Speedo Mix)\A THOUSAND MILES (Speedo Mix).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\A.D.D\A.D.D.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\A7 Unholy Confessions\Avenged Sevenfold - Unholy Confessions.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\Aerials\System Of A Down - Aerials.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\Aeris Theme\Aeris Theme.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\All Things Will End\All Things Will End.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\Attack\01-system_of_a_down-attack.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\Atwa\Atwa.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\B.Y.O.B\Byob.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\Bat Country\Bat Country.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\BECAUSE OF YOU (The Factory Eurotrance Mix)\BECAUSE OF YOU (The Factory Eurotrance Mix).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\BEER!\BEER!.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\Behind These Hazel Eyes (Speedbreaker Remix)\hazel_eyes_speed.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\Better if you do\09 But It's Better If You Do.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\Bleeding Mascara [Flam's Mix]\02. Bleeding Mascara.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\Blinded in Chains\Blinded in Chains.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\BOB\BOB.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\BOOM!\BOOM!.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\Boss\Boss.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\Breaking The Habit\Breaking The Habit.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\BulletRide\In Flames - Bullet Ride.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\Burn it Down\Burn it Down.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\By the Way\Red Hot Chili Peppers - By the Way.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\China Town\China Town.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\Copy of Mad World\gary_jules_-_mad_world.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\Critical Acclaim\Critical Acclaim.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\Darude Vs Robert Miles - Children Of The Sandstorm (DJ Extacy Remix)\Darude Vs Robert Miles - Children Of The Sandstorm (DJ Extacy Remix).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\Day of the Baphomets\Day of the Baphomets.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\Disturbed - Land Of Confusion\Disturbed - Land Of Confusion.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\DO YOU WANT TO (Dance Version)\DO YOU WANT TO (Dance Version).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\Enter The Sandman\22-Metallica - Enter Sandman.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\Epic of Time Wasted\Epic of Time Wasted.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\EVERYBODY 2 THE SUN (Scorccio Radio Mix)\EVERYBODY 2 THE SUN (Scorccio Radio Mix).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\Haunted\Haunted.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\HUNGRY LIKE THE WOLF\HUNGRY LIKE THE WOLF.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\I HOPE YOU DIE\I HOPE YOU DIE.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\I Write Sins Not Tradgedies\I Write Sins, Not Tradgedies.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\I'll Fly With You\Gigi D'Agostino - L'amour Toujours - I'll Fly With You (Short Trance ReMix).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\in the end\In the End.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\Jenova\NG11852.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\KISS KISS\KISS KISS.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\Knights Of Cydonia\ Muse - Knights Of Cydonia.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\LAYLA (Speedo Remix)\LAYLA (Speedo Remix).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\Life's Gonna Suck\Life's Gonna Suck.MP3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\Little Too Late\Little Too Late.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\Lonely Day\11 - Lonely Day.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\mindfeilds\06 - MindfieldsMIXED.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\Mr. Brightside\Mr. Brightside.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\Mr. Jack\System_of_a_down - mr_jack.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\Muse Super Massive Black Hole\Muse Super Massive Black Hole.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\NEVER ENDING STORY\NEVER ENDING STORY.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\NEW CANCER\NEW CANCER.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\Numb\sm_numb.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\Papa Roach - Last Resort\Papa Roach - Last Resort.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\Serenade No. 13 in G major, K. 525, EINE KLEINE NACHATMUSIK - 1st Movement\Serenade No. 13 in G major, K. 525, EINE KLEINE NACHATMUSIK - 1st Movement.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\SHE WILL BE LOVED (Factory Speedo Mix)\SHE WILL BE LOVED (Factory Speedo Mix).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\Sky Is Over\06 Sky Is Over.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\Spiders\05 Spiders.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\Summer Shudder\Summer Shudder.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\SYMPHONY No.9\SYMPHONY No.9.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\Thank you for the Venom\09-my_chemical_romance-thank_you_for_the_venom-rtb.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\The Kill\02 The Kill.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\The Only Difference\The Only Difference Between Martyrdom and Suicide Is Press Coverage.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\THE PROMISE YOU MADE\THE PROMISE YOU MADE - KATE RYAN.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\The Used - Take it Away\The Used - Take it Away.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\Time is Running Out\Time is Running Out.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\TOXIC (The Trance-Speedo Mix)\TOXIC (The Trance-Speedo Mix).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\U-Fig\System of a Down - Hypnotize - 07 - U-Fig.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\Viva La Vida\01 Viva la Vida.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\Wait and Bleed\Wait and Bleed.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\WHAT IS LOVE\WHAT IS LOVE.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new\WORD UP\WORD UP.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new2\Ace of Spades\Ace of Spades.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new2\Empty Walls\Serj Tankian - Empty walls(2).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new2\Holy Mountains\08 Holy Mountains.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new2\Jesus of Suburbia\Jesus of Suburbia.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new2\Lie Lie Lie\09 Lie Lie Lie.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new2\Revenga\03 Revenga.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new2\Science\10 Science.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\StepMania\Songs\new2\Stealing Society\05 Stealing Society.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\themusic\`a\Dave Matthews Band - Crush (live 12-7-98).WMA a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\themusic\`a\Earshot - Get Away.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\thevideos\celebrityjeopardies\snl01a[1].wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\thevideos\celebrityjeopardies\snl02a[1].wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\thevideos\celebrityjeopardies\snl03a[1].wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\thevideos\celebrityjeopardies\snl04a[1].wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\thevideos\celebrityjeopardies\snl05a[1].wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\thevideos\celebrityjeopardies\snl06a[1].wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\thevideos\celebrityjeopardies\snl07a[1].wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\thevideos\celebrityjeopardies\snl08a[1].wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\thevideos\celebrityjeopardies\snl09a[1].wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\thevideos\celebrityjeopardies\snl10a[1].wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\thevideos\celebrityjeopardies\snl11a[1].wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\thevideos\celebrityjeopardies\snl12a[1].wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\thevideos\celebrityjeopardies\snl13b[1].wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\various files from the desktop\gg's\pmb07.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\various files from the desktop\gg's\pmb07a.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Video\COPYCD.WMV a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Video\MDLIB.WMV a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Video\RTUNER.WMV a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Video\VIZ.WMV a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\My Documents\My Music\Canyon__Mansion_On_The_Mountain.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\My Documents\My Music\Chuck_Prophet__What_Makes_the_Monkey_Dance.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\My Documents\My Music\Cordero__Vamos_Nenas.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\My Documents\My Music\Drive_by_Truckers__My_Sweet_Annette.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\My Documents\My Music\Get More with Jukebox Plus.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\My Documents\My Music\Imperial_Teen__Sugar.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\My Documents\My Music\Jon_Dee_Graham__One_Moment.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\My Documents\My Music\Secondhand_Jive__San_Francisco96.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\My Documents\My Music\Slobberbone__Sister_Beams.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\My Documents\My Music\The_Flatlanders__Julia.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\My Documents\My Music\Vic_Chestnut__Im_Through.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\WINDOWS\SYSTEM32\OOBE\IMAGES\TITLE.WMA a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\MoveOvers\videos\100706_nyadet_clinch_350.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\MoveOvers\videos\101406_oakdet_clinch_350.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\MoveOvers\videos\muse_kroq07_0001.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\MoveOvers\videos\therally.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\MoveOvers\videos\unholyvid_high.asf a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\MoveOvers\videos\kroq2006\+44 - Live From Almost Acoustic Christmas.asf a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\MoveOvers\videos\kroq2006\30STM_2006.12.09.asf a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\MoveOvers\videos\kroq2006\foo.asf a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\MoveOvers\videos\kroq2006\Incubus_2006.12.09.asf a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\MoveOvers\videos\kroq2006\kroq_live_hi_live_+44_slimer5.asf a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\MoveOvers\videos\kroq2006\kroq_live_hi_live_foofighters_slimer5.asf a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\MoveOvers\videos\kroq2006\kroq_live_raconteurs.asf a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\MoveOvers\videos\kroq2006\MCR_2006.12.09.asf a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\MoveOvers\videos\kroq2006\PanicAtTheDisco_2006.12.10.asf a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\MoveOvers\videos\kroq2006\paparoach.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\MoveOvers\videos\kroq2006\PAPAROACH30secsFOB.asf a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\MoveOvers\videos\kroq2006\Saosin + Wolf Mother.asf a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\MoveOvers\videos\kroq2006\Saosin.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\MoveOvers\videos\kroq2006\SheWantsRevenge_2006.12.10.asf a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\MoveOvers\videos\kroq2006\WMKROQXIII.asf a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\MoveOvers\videos\kroq2006\Wolfmother.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\MoveOvers\videos\kroq2006\xAFI_2006.12.09.asf a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\MoveOvers\videos\kroq2006\xAngelsAndAirwaves_2006.12.10.asf a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\MoveOvers\videos\kroq2006\xBeck_2006.12.10.asf a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\MoveOvers\videos\kroq2006\xFallOutBoy_2006.12.09.asf a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\MoveOvers\videos\kroq2006\xGnarlsBarkley_2006.12.10.asf a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\MoveOvers\videos\kroq2006\xKillers_2006.12.10.asf a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\MoveOvers\videos\kroq2006\xkroq_live_evanescence.asf a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\MoveOvers\videos\kroq2006\xkroq_live_foo2.asf a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\MoveOvers\videos\kroq2006\snowpatrol\kroq_live_hi[11].asf a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\MoveOvers\videos\kroq2006\snowpatrol\kroq_live_hi[16].asf a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\MoveOvers\videos\kroq2006\snowpatrol\kroq_live_hi[9].asf a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\MoveOvers\videos\muse_kroq07\[U-8994][T-28556][P-937685]feeling good.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\MoveOvers\videos\muse_kroq07\[U-8994][T-28556][P-937685]hysteria.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\MoveOvers\videos\muse_kroq07\[U-8994][T-28556][P-937685]knights of cydonia.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\MoveOvers\videos\muse_kroq07\[U-8994][T-28556][P-937685]map of the problematique.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\MoveOvers\videos\muse_kroq07\[U-8994][T-28556][P-937685]new born.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\MoveOvers\videos\muse_kroq07\[U-8994][T-28556][P-937685]plug in baby.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\MoveOvers\videos\muse_kroq07\[U-8994][T-28556][P-937685]ruled by secrecy.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\MoveOvers\videos\muse_kroq07\[U-8994][T-28556][P-937685]starlight.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\MoveOvers\videos\muse_kroq07\[U-8994][T-28556][P-937685]stockholm syndrome + dead star + hyper music riffs.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\MoveOvers\videos\muse_kroq07\[U-8994][T-28556][P-937685]supermassive black hole.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\MoveOvers\videos\muse_kroq07\[U-8994][T-28556][P-937685]take a bow.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\MoveOvers\videos\muse_kroq07\[U-8994][T-28556][P-937685]time is running out.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:04 AM

Posted 11 December 2011 - 03:53 PM

Hi,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Documents and Settings\Default User\My Documents\My Music\Canyon__Mansion_On_The_Mountain.mp3 
C:\Documents and Settings\Default User\My Documents\My Music\Chuck_Prophet__What_Makes_the_Monkey_Dance.mp3 
C:\Documents and Settings\Default User\My Documents\My Music\Cordero__Vamos_Nenas.mp3 
C:\Documents and Settings\Default User\My Documents\My Music\Drive_by_Truckers__My_Sweet_Annette.mp3 
C:\Documents and Settings\Default User\My Documents\My Music\Imperial_Teen__Sugar.mp3 
C:\Documents and Settings\Default User\My Documents\My Music\Jon_Dee_Graham__One_Moment.mp3 
C:\Documents and Settings\Default User\My Documents\My Music\Secondhand_Jive__San_Francisco96.mp3 
C:\Documents and Settings\Default User\My Documents\My Music\Slobberbone__Sister_Beams.mp3 
C:\Documents and Settings\Default User\My Documents\My Music\The_Flatlanders__Julia.mp3 
C:\Documents and Settings\Default User\My Documents\My Music\Vic_Chestnut__Im_Through.mp3 
C:\Documents and Settings\Steve\My Documents\My Music\downloads\09D588C5\Protected_03_09_2006_13_56_47.asf 
C:\Documents and Settings\Steve\My Documents\My Music\downloads\1B887CF6\Protected_03_13_2006_00_25_47.asf 
C:\forthedvds\copy's\5thSCresults[1].wmv 
C:\forthedvds\copy's\5thSCs[1].wmv 
C:\forthedvds\copy's\booboo[1].wmv 
C:\forthedvds\copy's\bullseye1[1].wmv 
C:\forthedvds\copy's\CBSsunday[1].wmv 
C:\forthedvds\copy's\GGexacta[1].wmv 
C:\forthedvds\copy's\OneAway-goof[1].wmv 
C:\forthedvds\copy's\PABgoof[1].wmv 
C:\forthedvds\copy's\PaPgoof[1].wmv 
C:\from the 4500\ashlee_snl.wmv 
C:\from the 4500\moSMB3.wmv 
C:\from the 4500\VS2001.wmv 
C:\from the 4500\vsshow2001abc.wmv 
C:\fromthe2000\cd2\DMB mp3's\54--The Dreaming Tree 07-24-98.wma 
C:\I386\MDLIB.WMV 
C:\I386\RTUNER.WMV 
C:\Program Files\Jasc Software Inc\Paint Shop Photo Album\Music\Ambiance.mp3 
C:\Program Files\Jasc Software Inc\Paint Shop Photo Album\Music\Classical Interlude 2.mp3 
C:\Program Files\Jasc Software Inc\Paint Shop Photo Album\Music\Jazz Groove.mp3 
C:\Program Files\Jasc Software Inc\Paint Shop Photo Album\Music\Light Piano.mp3 
C:\Program Files\Jasc Software Inc\Paint Shop Photo Album\Music\Piano Blues 1.mp3 
C:\Program Files\Jasc Software Inc\Paint Shop Photo Album\Music\Piano Blues 2.mp3 
C:\Program Files\Jasc Software Inc\Paint Shop Photo Album\Music\Pop Groove.mp3 
C:\Program Files\Jasc Software Inc\Paint Shop Photo Album\Music\Prelude.mp3 
C:\Program Files\Jasc Software Inc\Paint Shop Photo Album\Music\Rock Groove.mp3
C:\Program Files\Jasc Software Inc\Paint Shop Photo Album\Music\Sports Night.mp3 
C:\Program Files\Sonic\MyDVD\Styles\NTSC\DefaultMotionStyles_Lite\DefaultMotionStyles_Lite\Generic1Motion.mp3 
C:\Program Files\Sonic\MyDVD\Styles\PAL\DefaultMotionStyles_Lite\DefaultMotionStyles_Lite\CorporateMotion.mp3 
C:\Program Files\Sonic\MyDVD\Styles\PAL\DefaultMotionStyles_Lite\DefaultMotionStyles_Lite\Generic1Motion.mp3 
C:\Program Files\Sonic\MyDVD\Styles\PAL\DefaultMotionStyles_Lite\DefaultMotionStyles_Lite\Generic1MotionPAL.wmv 
C:\Program Files\StepMania\Songs\attack\attack\Attack.mp3 
C:\Program Files\StepMania\Songs\new\,Bounce\Bounce.mp3 
C:\Program Files\StepMania\Songs\new\,Bubbles\03 Bubbles.mp3 
C:\Program Files\StepMania\Songs\new\- Miss Murder\- Miss Murder.mp3 
C:\Program Files\StepMania\Songs\new\1,2 STEP (JOHNNY BUDZ RADIO EDIT)\1,2 STEP (JOHNNY BUDZ RADIO EDIT).mp3 
C:\Program Files\StepMania\Songs\new\1,2,3,4,007 (SPEED POP MIX)\1,2,3,4,007 (SPEED POP MIX).mp3 
C:\Program Files\StepMania\Songs\new\1mswgo\My Spirit Will Go On.mp3 
C:\Program Files\StepMania\Songs\new\A THOUSAND MILES (Speedo Mix)\A THOUSAND MILES (Speedo Mix).mp3 
C:\Program Files\StepMania\Songs\new\A.D.D\A.D.D.mp3 
C:\Program Files\StepMania\Songs\new\A7 Unholy Confessions\Avenged Sevenfold - Unholy Confessions.mp3 
C:\Program Files\StepMania\Songs\new\Aerials\System Of A Down - Aerials.mp3 
C:\Program Files\StepMania\Songs\new\Aeris Theme\Aeris Theme.mp3 
C:\Program Files\StepMania\Songs\new\All Things Will End\All Things Will End.mp3 
C:\Program Files\StepMania\Songs\new\Attack\01-system_of_a_down-attack.mp3 
C:\Program Files\StepMania\Songs\new\Atwa\Atwa.mp3 
C:\Program Files\StepMania\Songs\new\B.Y.O.B\Byob.mp3 
C:\Program Files\StepMania\Songs\new\Bat Country\Bat Country.mp3 
C:\Program Files\StepMania\Songs\new\BECAUSE OF YOU (The Factory Eurotrance Mix)\BECAUSE OF YOU (The Factory Eurotrance Mix).mp3 
C:\Program Files\StepMania\Songs\new\BEER!\BEER!.mp3 
C:\Program Files\StepMania\Songs\new\Behind These Hazel Eyes (Speedbreaker Remix)\hazel_eyes_speed.mp3
C:\Program Files\StepMania\Songs\new\Better if you do\09 But It's Better If You Do.mp3 
C:\Program Files\StepMania\Songs\new\Bleeding Mascara [Flam's Mix]\02. Bleeding Mascara.mp3 
C:\Program Files\StepMania\Songs\new\Blinded in Chains\Blinded in Chains.mp3 
C:\Program Files\StepMania\Songs\new\BOB\BOB.mp3 
C:\Program Files\StepMania\Songs\new\BOOM!\BOOM!.mp3 
C:\Program Files\StepMania\Songs\new\Boss\Boss.mp3 
C:\Program Files\StepMania\Songs\new\Breaking The Habit\Breaking The Habit.mp3 
C:\Program Files\StepMania\Songs\new\BulletRide\In Flames - Bullet Ride.mp3 
C:\Program Files\StepMania\Songs\new\Burn it Down\Burn it Down.mp3 
C:\Program Files\StepMania\Songs\new\By the Way\Red Hot Chili Peppers - By the Way.mp3 
C:\Program Files\StepMania\Songs\new\China Town\China Town.mp3 
C:\Program Files\StepMania\Songs\new\Copy of Mad World\gary_jules_-_mad_world.mp3 
C:\Program Files\StepMania\Songs\new\Critical Acclaim\Critical Acclaim.mp3 
C:\Program Files\StepMania\Songs\new\Darude Vs Robert Miles - Children Of The Sandstorm (DJ Extacy Remix)\Darude Vs Robert Miles - Children Of The Sandstorm (DJ Extacy Remix).mp3 
C:\Program Files\StepMania\Songs\new\Day of the Baphomets\Day of the Baphomets.mp3 
C:\Program Files\StepMania\Songs\new\Disturbed - Land Of Confusion\Disturbed - Land Of Confusion.mp3 
C:\Program Files\StepMania\Songs\new\DO YOU WANT TO (Dance Version)\DO YOU WANT TO (Dance Version).mp3 
C:\Program Files\StepMania\Songs\new\Enter The Sandman\22-Metallica - Enter Sandman.mp3 
C:\Program Files\StepMania\Songs\new\Epic of Time Wasted\Epic of Time Wasted.mp3 
C:\Program Files\StepMania\Songs\new\EVERYBODY 2 THE SUN (Scorccio Radio Mix)\EVERYBODY 2 THE SUN (Scorccio Radio Mix).mp3 
C:\Program Files\StepMania\Songs\new\Haunted\Haunted.mp3 
C:\Program Files\StepMania\Songs\new\HUNGRY LIKE THE WOLF\HUNGRY LIKE THE WOLF.mp3 
C:\Program Files\StepMania\Songs\new\I HOPE YOU DIE\I HOPE YOU DIE.mp3 
C:\Program Files\StepMania\Songs\new\I Write Sins Not Tradgedies\I Write Sins, Not Tradgedies.mp3 
C:\Program Files\StepMania\Songs\new\I'll Fly With You\Gigi D'Agostino - L'amour Toujours - I'll Fly With You (Short Trance ReMix).mp3 
C:\Program Files\StepMania\Songs\new\in the end\In the End.mp3 
C:\Program Files\StepMania\Songs\new\Jenova\NG11852.mp3 
C:\Program Files\StepMania\Songs\new\KISS KISS\KISS KISS.mp3 
C:\Program Files\StepMania\Songs\new\Knights Of Cydonia\ Muse - Knights Of Cydonia.mp3 
C:\Program Files\StepMania\Songs\new\LAYLA (Speedo Remix)\LAYLA (Speedo Remix).mp3 
C:\Program Files\StepMania\Songs\new\Life's Gonna Suck\Life's Gonna Suck.MP3 
C:\Program Files\StepMania\Songs\new\Little Too Late\Little Too Late.mp3 
C:\Program Files\StepMania\Songs\new\Lonely Day\11 - Lonely Day.mp3 
C:\Program Files\StepMania\Songs\new\mindfeilds\06 - MindfieldsMIXED.mp3 
C:\Program Files\StepMania\Songs\new\Mr. Brightside\Mr. Brightside.mp3 
C:\Program Files\StepMania\Songs\new\Mr. Jack\System_of_a_down - mr_jack.mp3 
C:\Program Files\StepMania\Songs\new\Muse Super Massive Black Hole\Muse Super Massive Black Hole.mp3 
C:\Program Files\StepMania\Songs\new\NEVER ENDING STORY\NEVER ENDING STORY.mp3 
C:\Program Files\StepMania\Songs\new\NEW CANCER\NEW CANCER.mp3 
C:\Program Files\StepMania\Songs\new\Numb\sm_numb.mp3 
C:\Program Files\StepMania\Songs\new\Papa Roach - Last Resort\Papa Roach - Last Resort.mp3 
C:\Program Files\StepMania\Songs\new\Serenade No. 13 in G major, K. 525, EINE KLEINE NACHATMUSIK - 1st Movement\Serenade No. 13 in G major, K. 525, EINE KLEINE NACHATMUSIK - 1st Movement.mp3 
C:\Program Files\StepMania\Songs\new\SHE WILL BE LOVED (Factory Speedo Mix)\SHE WILL BE LOVED (Factory Speedo Mix).mp3 
C:\Program Files\StepMania\Songs\new\Sky Is Over\06 Sky Is Over.mp3 
C:\Program Files\StepMania\Songs\new\Spiders\05 Spiders.mp3 
C:\Program Files\StepMania\Songs\new\Summer Shudder\Summer Shudder.mp3 
C:\Program Files\StepMania\Songs\new\SYMPHONY No.9\SYMPHONY No.9.mp3 
C:\Program Files\StepMania\Songs\new\Thank you for the Venom\09-my_chemical_romance-thank_you_for_the_venom-rtb.mp3 
C:\Program Files\StepMania\Songs\new\The Kill\02 The Kill.mp3 
C:\Program Files\StepMania\Songs\new\The Only Difference\The Only Difference Between Martyrdom and Suicide Is Press Coverage.mp3 
C:\Program Files\StepMania\Songs\new\THE PROMISE YOU MADE\THE PROMISE YOU MADE - KATE RYAN.mp3 
C:\Program Files\StepMania\Songs\new\The Used - Take it Away\The Used - Take it Away.mp3 
C:\Program Files\StepMania\Songs\new\Time is Running Out\Time is Running Out.mp3 
C:\Program Files\StepMania\Songs\new\TOXIC (The Trance-Speedo Mix)\TOXIC (The Trance-Speedo Mix).mp3 
C:\Program Files\StepMania\Songs\new\U-Fig\System of a Down - Hypnotize - 07 - U-Fig.mp3 
C:\Program Files\StepMania\Songs\new\Viva La Vida\01 Viva la Vida.mp3 
C:\Program Files\StepMania\Songs\new\Wait and Bleed\Wait and Bleed.mp3 
C:\Program Files\StepMania\Songs\new\WHAT IS LOVE\WHAT IS LOVE.mp3 
C:\Program Files\StepMania\Songs\new\WORD UP\WORD UP.mp3 
C:\Program Files\StepMania\Songs\new2\Ace of Spades\Ace of Spades.mp3 
C:\Program Files\StepMania\Songs\new2\Empty Walls\Serj Tankian - Empty walls(2).mp3 
C:\Program Files\StepMania\Songs\new2\Holy Mountains\08 Holy Mountains.mp3 
C:\Program Files\StepMania\Songs\new2\Jesus of Suburbia\Jesus of Suburbia.mp3 
C:\Program Files\StepMania\Songs\new2\Lie Lie Lie\09 Lie Lie Lie.mp3 
C:\Program Files\StepMania\Songs\new2\Revenga\03 Revenga.mp3 
C:\Program Files\StepMania\Songs\new2\Science\10 Science.mp3 
C:\Program Files\StepMania\Songs\new2\Stealing Society\05 Stealing Society.mp3 
C:\themusic\`a\Dave Matthews Band - Crush (live 12-7-98).WMA 
C:\themusic\`a\Earshot - Get Away.wma 
C:\thevideos\celebrityjeopardies\snl01a[1].wmv 
C:\thevideos\celebrityjeopardies\snl02a[1].wmv 
C:\thevideos\celebrityjeopardies\snl03a[1].wmv 
C:\thevideos\celebrityjeopardies\snl04a[1].wmv 
C:\thevideos\celebrityjeopardies\snl05a[1].wmv 
C:\thevideos\celebrityjeopardies\snl06a[1].wmv 
C:\thevideos\celebrityjeopardies\snl07a[1].wmv 
C:\thevideos\celebrityjeopardies\snl08a[1].wmv 
C:\thevideos\celebrityjeopardies\snl09a[1].wmv 
C:\thevideos\celebrityjeopardies\snl10a[1].wmv 
C:\thevideos\celebrityjeopardies\snl11a[1].wmv 
C:\thevideos\celebrityjeopardies\snl12a[1].wmv 
C:\thevideos\celebrityjeopardies\snl13b[1].wmv 
C:\various files from the desktop\gg's\pmb07.wmv 
C:\various files from the desktop\gg's\pmb07a.wmv 
C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Video\COPYCD.WMV 
C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Video\MDLIB.WMV 
C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Video\RTUNER.WMV 
C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Video\VIZ.WMV 
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\My Documents\My Music\Canyon__Mansion_On_The_Mountain.mp3 
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\My Documents\My Music\Chuck_Prophet__What_Makes_the_Monkey_Dance.mp3 
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\My Documents\My Music\Cordero__Vamos_Nenas.mp3 
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\My Documents\My Music\Drive_by_Truckers__My_Sweet_Annette.mp3 
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\My Documents\My Music\Get More with Jukebox Plus.mp3 
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\My Documents\My Music\Imperial_Teen__Sugar.mp3 
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\My Documents\My Music\Jon_Dee_Graham__One_Moment.mp3 
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\My Documents\My Music\Secondhand_Jive__San_Francisco96.mp3 
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\My Documents\My Music\Slobberbone__Sister_Beams.mp3 
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\My Documents\My Music\The_Flatlanders__Julia.mp3 
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\My Documents\My Music\Vic_Chestnut__Im_Through.mp3 
C:\WINDOWS\SYSTEM32\OOBE\IMAGES\TITLE.WMA 
F:\MoveOvers\videos\100706_nyadet_clinch_350.wmv 
F:\MoveOvers\videos\101406_oakdet_clinch_350.wmv 
F:\MoveOvers\videos\muse_kroq07_0001.wmv 
F:\MoveOvers\videos\therally.wmv 
F:\MoveOvers\videos\unholyvid_high.asf 
F:\MoveOvers\videos\kroq2006\+44 - Live From Almost Acoustic Christmas.asf 
F:\MoveOvers\videos\kroq2006\30STM_2006.12.09.asf 
F:\MoveOvers\videos\kroq2006\foo.asf 
F:\MoveOvers\videos\kroq2006\Incubus_2006.12.09.asf 
F:\MoveOvers\videos\kroq2006\kroq_live_hi_live_+44_slimer5.asf 
F:\MoveOvers\videos\kroq2006\kroq_live_hi_live_foofighters_slimer5.asf 
F:\MoveOvers\videos\kroq2006\kroq_live_raconteurs.asf 
F:\MoveOvers\videos\kroq2006\MCR_2006.12.09.asf 
F:\MoveOvers\videos\kroq2006\PanicAtTheDisco_2006.12.10.asf 
F:\MoveOvers\videos\kroq2006\paparoach.wmv 
F:\MoveOvers\videos\kroq2006\PAPAROACH30secsFOB.asf 
F:\MoveOvers\videos\kroq2006\Saosin + Wolf Mother.asf 
F:\MoveOvers\videos\kroq2006\Saosin.wmv 
F:\MoveOvers\videos\kroq2006\SheWantsRevenge_2006.12.10.asf 
F:\MoveOvers\videos\kroq2006\WMKROQXIII.asf 
F:\MoveOvers\videos\kroq2006\Wolfmother.wmv 
F:\MoveOvers\videos\kroq2006\xAFI_2006.12.09.asf 
F:\MoveOvers\videos\kroq2006\xAngelsAndAirwaves_2006.12.10.asf 
F:\MoveOvers\videos\kroq2006\xBeck_2006.12.10.asf 
F:\MoveOvers\videos\kroq2006\xFallOutBoy_2006.12.09.asf 
F:\MoveOvers\videos\kroq2006\xGnarlsBarkley_2006.12.10.asf 
F:\MoveOvers\videos\kroq2006\xKillers_2006.12.10.asf 
F:\MoveOvers\videos\kroq2006\xkroq_live_evanescence.asf 
F:\MoveOvers\videos\kroq2006\xkroq_live_foo2.asf 
F:\MoveOvers\videos\kroq2006\snowpatrol\kroq_live_hi[11].asf 
F:\MoveOvers\videos\kroq2006\snowpatrol\kroq_live_hi[16].asf 
F:\MoveOvers\videos\kroq2006\snowpatrol\kroq_live_hi[9].asf 
F:\MoveOvers\videos\muse_kroq07\[U-8994][T-28556][P-937685]feeling good.wmv 
F:\MoveOvers\videos\muse_kroq07\[U-8994][T-28556][P-937685]hysteria.wmv 
F:\MoveOvers\videos\muse_kroq07\[U-8994][T-28556][P-937685]knights of cydonia.wmv 
F:\MoveOvers\videos\muse_kroq07\[U-8994][T-28556][P-937685]map of the problematique.wmv 
F:\MoveOvers\videos\muse_kroq07\[U-8994][T-28556][P-937685]new born.wmv 
F:\MoveOvers\videos\muse_kroq07\[U-8994][T-28556][P-937685]plug in baby.wmv 
F:\MoveOvers\videos\muse_kroq07\[U-8994][T-28556][P-937685]ruled by secrecy.wmv 
F:\MoveOvers\videos\muse_kroq07\[U-8994][T-28556][P-937685]starlight.wmv 
F:\MoveOvers\videos\muse_kroq07\[U-8994][T-28556][P-937685]stockholm syndrome + dead star + hyper music riffs.wmv 
F:\MoveOvers\videos\muse_kroq07\[U-8994][T-28556][P-937685]supermassive black hole.wmv 
F:\MoveOvers\videos\muse_kroq07\[U-8994][T-28556][P-937685]take a bow.wmv 
F:\MoveOvers\videos\muse_kroq07\[U-8994][T-28556][P-937685]time is running out.wmv 

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 theowner6

theowner6
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 11 December 2011 - 10:26 PM

ComboFix 11-12-11.02 - Steve 12/11/2011 21:41:42.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3326.2510 [GMT -5:00]
Running from: c:\documents and settings\Steve\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Steve\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norton AntiVirus *Disabled/Outdated* {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: Norton Internet Security *Disabled* {825036E0-9F94-4752-8789-8B92454AF49B}
.
FILE ::
"c:\documents and settings\Default User\My Documents\My Music\Canyon__Mansion_On_The_Mountain.mp3"
"c:\documents and settings\Default User\My Documents\My Music\Chuck_Prophet__What_Makes_the_Monkey_Dance.mp3"
"c:\documents and settings\Default User\My Documents\My Music\Cordero__Vamos_Nenas.mp3"
"c:\documents and settings\Default User\My Documents\My Music\Drive_by_Truckers__My_Sweet_Annette.mp3"
"c:\documents and settings\Default User\My Documents\My Music\Imperial_Teen__Sugar.mp3"
"c:\documents and settings\Default User\My Documents\My Music\Jon_Dee_Graham__One_Moment.mp3"
"c:\documents and settings\Default User\My Documents\My Music\Secondhand_Jive__San_Francisco96.mp3"
"c:\documents and settings\Default User\My Documents\My Music\Slobberbone__Sister_Beams.mp3"
"c:\documents and settings\Default User\My Documents\My Music\The_Flatlanders__Julia.mp3"
"c:\documents and settings\Default User\My Documents\My Music\Vic_Chestnut__Im_Through.mp3"
"c:\documents and settings\Steve\My Documents\My Music\downloads\09D588C5\Protected_03_09_2006_13_56_47.asf"
"c:\documents and settings\Steve\My Documents\My Music\downloads\1B887CF6\Protected_03_13_2006_00_25_47.asf"
"c:\forthedvds\copy's\5thSCresults[1].wmv"
"c:\forthedvds\copy's\5thSCs[1].wmv"
"c:\forthedvds\copy's\booboo[1].wmv"
"c:\forthedvds\copy's\bullseye1[1].wmv"
"c:\forthedvds\copy's\CBSsunday[1].wmv"
"c:\forthedvds\copy's\GGexacta[1].wmv"
"c:\forthedvds\copy's\OneAway-goof[1].wmv"
"c:\forthedvds\copy's\PABgoof[1].wmv"
"c:\forthedvds\copy's\PaPgoof[1].wmv"
"c:\from the 4500\ashlee_snl.wmv"
"c:\from the 4500\moSMB3.wmv"
"c:\from the 4500\VS2001.wmv"
"c:\from the 4500\vsshow2001abc.wmv"
"c:\fromthe2000\cd2\DMB mp3's\54--The Dreaming Tree 07-24-98.wma"
"c:\i386\MDLIB.WMV"
"c:\i386\RTUNER.WMV"
"c:\program files\Jasc Software Inc\Paint Shop Photo Album\Music\Ambiance.mp3"
"c:\program files\Jasc Software Inc\Paint Shop Photo Album\Music\Classical Interlude 2.mp3"
"c:\program files\Jasc Software Inc\Paint Shop Photo Album\Music\Jazz Groove.mp3"
"c:\program files\Jasc Software Inc\Paint Shop Photo Album\Music\Light Piano.mp3"
"c:\program files\Jasc Software Inc\Paint Shop Photo Album\Music\Piano Blues 1.mp3"
"c:\program files\Jasc Software Inc\Paint Shop Photo Album\Music\Piano Blues 2.mp3"
"c:\program files\Jasc Software Inc\Paint Shop Photo Album\Music\Pop Groove.mp3"
"c:\program files\Jasc Software Inc\Paint Shop Photo Album\Music\Prelude.mp3"
"c:\program files\Jasc Software Inc\Paint Shop Photo Album\Music\Rock Groove.mp3"
"c:\program files\Jasc Software Inc\Paint Shop Photo Album\Music\Sports Night.mp3"
"c:\program files\Sonic\MyDVD\Styles\NTSC\DefaultMotionStyles_Lite\DefaultMotionStyles_Lite\Generic1Motion.mp3"
"c:\program files\Sonic\MyDVD\Styles\PAL\DefaultMotionStyles_Lite\DefaultMotionStyles_Lite\CorporateMotion.mp3"
"c:\program files\Sonic\MyDVD\Styles\PAL\DefaultMotionStyles_Lite\DefaultMotionStyles_Lite\Generic1Motion.mp3"
"c:\program files\Sonic\MyDVD\Styles\PAL\DefaultMotionStyles_Lite\DefaultMotionStyles_Lite\Generic1MotionPAL.wmv"
"c:\program files\StepMania\Songs\attack\attack\Attack.mp3"
"c:\program files\StepMania\Songs\new\- Miss Murder\- Miss Murder.mp3"
"c:\program files\StepMania\Songs\new\,Bounce\Bounce.mp3"
"c:\program files\StepMania\Songs\new\,Bubbles\03 Bubbles.mp3"
"c:\program files\StepMania\Songs\new\1,2 STEP (JOHNNY BUDZ RADIO EDIT)\1,2 STEP (JOHNNY BUDZ RADIO EDIT).mp3"
"c:\program files\StepMania\Songs\new\1,2,3,4,007 (SPEED POP MIX)\1,2,3,4,007 (SPEED POP MIX).mp3"
"c:\program files\StepMania\Songs\new\1mswgo\My Spirit Will Go On.mp3"
"c:\program files\StepMania\Songs\new\A THOUSAND MILES (Speedo Mix)\A THOUSAND MILES (Speedo Mix).mp3"
"c:\program files\StepMania\Songs\new\A.D.D\A.D.D.mp3"
"c:\program files\StepMania\Songs\new\A7 Unholy Confessions\Avenged Sevenfold - Unholy Confessions.mp3"
"c:\program files\StepMania\Songs\new\Aerials\System Of A Down - Aerials.mp3"
"c:\program files\StepMania\Songs\new\Aeris Theme\Aeris Theme.mp3"
"c:\program files\StepMania\Songs\new\All Things Will End\All Things Will End.mp3"
"c:\program files\StepMania\Songs\new\Attack\01-system_of_a_down-attack.mp3"
"c:\program files\StepMania\Songs\new\Atwa\Atwa.mp3"
"c:\program files\StepMania\Songs\new\B.Y.O.B\Byob.mp3"
"c:\program files\StepMania\Songs\new\Bat Country\Bat Country.mp3"
"c:\program files\StepMania\Songs\new\BECAUSE OF YOU (The Factory Eurotrance Mix)\BECAUSE OF YOU (The Factory Eurotrance Mix).mp3"
"c:\program files\StepMania\Songs\new\BEER!\BEER!.mp3"
"c:\program files\StepMania\Songs\new\Behind These Hazel Eyes (Speedbreaker Remix)\hazel_eyes_speed.mp3"
"c:\program files\StepMania\Songs\new\Better if you do\09 But It's Better If You Do.mp3"
"c:\program files\StepMania\Songs\new\Bleeding Mascara [Flam's Mix]\02. Bleeding Mascara.mp3"
"c:\program files\StepMania\Songs\new\Blinded in Chains\Blinded in Chains.mp3"
"c:\program files\StepMania\Songs\new\BOB\BOB.mp3"
"c:\program files\StepMania\Songs\new\BOOM!\BOOM!.mp3"
"c:\program files\StepMania\Songs\new\Boss\Boss.mp3"
"c:\program files\StepMania\Songs\new\Breaking The Habit\Breaking The Habit.mp3"
"c:\program files\StepMania\Songs\new\BulletRide\In Flames - Bullet Ride.mp3"
"c:\program files\StepMania\Songs\new\Burn it Down\Burn it Down.mp3"
"c:\program files\StepMania\Songs\new\By the Way\Red Hot Chili Peppers - By the Way.mp3"
"c:\program files\StepMania\Songs\new\China Town\China Town.mp3"
"c:\program files\StepMania\Songs\new\Copy of Mad World\gary_jules_-_mad_world.mp3"
"c:\program files\StepMania\Songs\new\Critical Acclaim\Critical Acclaim.mp3"
"c:\program files\StepMania\Songs\new\Darude Vs Robert Miles - Children Of The Sandstorm (DJ Extacy Remix)\Darude Vs Robert Miles - Children Of The Sandstorm (DJ Extacy Remix).mp3"
"c:\program files\StepMania\Songs\new\Day of the Baphomets\Day of the Baphomets.mp3"
"c:\program files\StepMania\Songs\new\Disturbed - Land Of Confusion\Disturbed - Land Of Confusion.mp3"
"c:\program files\StepMania\Songs\new\DO YOU WANT TO (Dance Version)\DO YOU WANT TO (Dance Version).mp3"
"c:\program files\StepMania\Songs\new\Enter The Sandman\22-Metallica - Enter Sandman.mp3"
"c:\program files\StepMania\Songs\new\Epic of Time Wasted\Epic of Time Wasted.mp3"
"c:\program files\StepMania\Songs\new\EVERYBODY 2 THE SUN (Scorccio Radio Mix)\EVERYBODY 2 THE SUN (Scorccio Radio Mix).mp3"
"c:\program files\StepMania\Songs\new\Haunted\Haunted.mp3"
"c:\program files\StepMania\Songs\new\HUNGRY LIKE THE WOLF\HUNGRY LIKE THE WOLF.mp3"
"c:\program files\StepMania\Songs\new\I'll Fly With You\Gigi D'Agostino - L'amour Toujours - I'll Fly With You (Short Trance ReMix).mp3"
"c:\program files\StepMania\Songs\new\I HOPE YOU DIE\I HOPE YOU DIE.mp3"
"c:\program files\StepMania\Songs\new\I Write Sins Not Tradgedies\I Write Sins, Not Tradgedies.mp3"
"c:\program files\StepMania\Songs\new\in the end\In the End.mp3"
"c:\program files\StepMania\Songs\new\Jenova\NG11852.mp3"
"c:\program files\StepMania\Songs\new\KISS KISS\KISS KISS.mp3"
"c:\program files\StepMania\Songs\new\Knights Of Cydonia\ Muse - Knights Of Cydonia.mp3"
"c:\program files\StepMania\Songs\new\LAYLA (Speedo Remix)\LAYLA (Speedo Remix).mp3"
"c:\program files\StepMania\Songs\new\Life's Gonna Suck\Life's Gonna Suck.MP3"
"c:\program files\StepMania\Songs\new\Little Too Late\Little Too Late.mp3"
"c:\program files\StepMania\Songs\new\Lonely Day\11 - Lonely Day.mp3"
"c:\program files\StepMania\Songs\new\mindfeilds\06 - MindfieldsMIXED.mp3"
"c:\program files\StepMania\Songs\new\Mr. Brightside\Mr. Brightside.mp3"
"c:\program files\StepMania\Songs\new\Mr. Jack\System_of_a_down - mr_jack.mp3"
"c:\program files\StepMania\Songs\new\Muse Super Massive Black Hole\Muse Super Massive Black Hole.mp3"
"c:\program files\StepMania\Songs\new\NEVER ENDING STORY\NEVER ENDING STORY.mp3"
"c:\program files\StepMania\Songs\new\NEW CANCER\NEW CANCER.mp3"
"c:\program files\StepMania\Songs\new\Numb\sm_numb.mp3"
"c:\program files\StepMania\Songs\new\Papa Roach - Last Resort\Papa Roach - Last Resort.mp3"
"c:\program files\StepMania\Songs\new\Serenade No. 13 in G major, K. 525, EINE KLEINE NACHATMUSIK - 1st Movement\Serenade No. 13 in G major, K. 525, EINE KLEINE NACHATMUSIK - 1st Movement.mp3"
"c:\program files\StepMania\Songs\new\SHE WILL BE LOVED (Factory Speedo Mix)\SHE WILL BE LOVED (Factory Speedo Mix).mp3"
"c:\program files\StepMania\Songs\new\Sky Is Over\06 Sky Is Over.mp3"
"c:\program files\StepMania\Songs\new\Spiders\05 Spiders.mp3"
"c:\program files\StepMania\Songs\new\Summer Shudder\Summer Shudder.mp3"
"c:\program files\StepMania\Songs\new\SYMPHONY No.9\SYMPHONY No.9.mp3"
"c:\program files\StepMania\Songs\new\Thank you for the Venom\09-my_chemical_romance-thank_you_for_the_venom-rtb.mp3"
"c:\program files\StepMania\Songs\new\The Kill\02 The Kill.mp3"
"c:\program files\StepMania\Songs\new\The Only Difference\The Only Difference Between Martyrdom and Suicide Is Press Coverage.mp3"
"c:\program files\StepMania\Songs\new\THE PROMISE YOU MADE\THE PROMISE YOU MADE - KATE RYAN.mp3"
"c:\program files\StepMania\Songs\new\The Used - Take it Away\The Used - Take it Away.mp3"
"c:\program files\StepMania\Songs\new\Time is Running Out\Time is Running Out.mp3"
"c:\program files\StepMania\Songs\new\TOXIC (The Trance-Speedo Mix)\TOXIC (The Trance-Speedo Mix).mp3"
"c:\program files\StepMania\Songs\new\U-Fig\System of a Down - Hypnotize - 07 - U-Fig.mp3"
"c:\program files\StepMania\Songs\new\Viva La Vida\01 Viva la Vida.mp3"
"c:\program files\StepMania\Songs\new\Wait and Bleed\Wait and Bleed.mp3"
"c:\program files\StepMania\Songs\new\WHAT IS LOVE\WHAT IS LOVE.mp3"
"c:\program files\StepMania\Songs\new\WORD UP\WORD UP.mp3"
"c:\program files\StepMania\Songs\new2\Ace of Spades\Ace of Spades.mp3"
"c:\program files\StepMania\Songs\new2\Empty Walls\Serj Tankian - Empty walls(2).mp3"
"c:\program files\StepMania\Songs\new2\Holy Mountains\08 Holy Mountains.mp3"
"c:\program files\StepMania\Songs\new2\Jesus of Suburbia\Jesus of Suburbia.mp3"
"c:\program files\StepMania\Songs\new2\Lie Lie Lie\09 Lie Lie Lie.mp3"
"c:\program files\StepMania\Songs\new2\Revenga\03 Revenga.mp3"
"c:\program files\StepMania\Songs\new2\Science\10 Science.mp3"
"c:\program files\StepMania\Songs\new2\Stealing Society\05 Stealing Society.mp3"
"c:\themusic\`a\Dave Matthews Band - Crush (live 12-7-98).WMA"
"c:\themusic\`a\Earshot - Get Away.wma"
"c:\thevideos\celebrityjeopardies\snl01a[1].wmv"
"c:\thevideos\celebrityjeopardies\snl02a[1].wmv"
"c:\thevideos\celebrityjeopardies\snl03a[1].wmv"
"c:\thevideos\celebrityjeopardies\snl04a[1].wmv"
"c:\thevideos\celebrityjeopardies\snl05a[1].wmv"
"c:\thevideos\celebrityjeopardies\snl06a[1].wmv"
"c:\thevideos\celebrityjeopardies\snl07a[1].wmv"
"c:\thevideos\celebrityjeopardies\snl08a[1].wmv"
"c:\thevideos\celebrityjeopardies\snl09a[1].wmv"
"c:\thevideos\celebrityjeopardies\snl10a[1].wmv"
"c:\thevideos\celebrityjeopardies\snl11a[1].wmv"
"c:\thevideos\celebrityjeopardies\snl12a[1].wmv"
"c:\thevideos\celebrityjeopardies\snl13b[1].wmv"
"c:\various files from the desktop\gg's\pmb07.wmv"
"c:\various files from the desktop\gg's\pmb07a.wmv"
"c:\windows\Help\Tours\WindowsMediaPlayer\Video\COPYCD.WMV"
"c:\windows\Help\Tours\WindowsMediaPlayer\Video\MDLIB.WMV"
"c:\windows\Help\Tours\WindowsMediaPlayer\Video\RTUNER.WMV"
"c:\windows\Help\Tours\WindowsMediaPlayer\Video\VIZ.WMV"
"c:\windows\SYSTEM32\CONFIG\systemprofile\My Documents\My Music\Canyon__Mansion_On_The_Mountain.mp3"
"c:\windows\SYSTEM32\CONFIG\systemprofile\My Documents\My Music\Chuck_Prophet__What_Makes_the_Monkey_Dance.mp3"
"c:\windows\SYSTEM32\CONFIG\systemprofile\My Documents\My Music\Cordero__Vamos_Nenas.mp3"
"c:\windows\SYSTEM32\CONFIG\systemprofile\My Documents\My Music\Drive_by_Truckers__My_Sweet_Annette.mp3"
"c:\windows\SYSTEM32\CONFIG\systemprofile\My Documents\My Music\Get More with Jukebox Plus.mp3"
"c:\windows\SYSTEM32\CONFIG\systemprofile\My Documents\My Music\Imperial_Teen__Sugar.mp3"
"c:\windows\SYSTEM32\CONFIG\systemprofile\My Documents\My Music\Jon_Dee_Graham__One_Moment.mp3"
"c:\windows\SYSTEM32\CONFIG\systemprofile\My Documents\My Music\Secondhand_Jive__San_Francisco96.mp3"
"c:\windows\SYSTEM32\CONFIG\systemprofile\My Documents\My Music\Slobberbone__Sister_Beams.mp3"
"c:\windows\SYSTEM32\CONFIG\systemprofile\My Documents\My Music\The_Flatlanders__Julia.mp3"
"c:\windows\SYSTEM32\CONFIG\systemprofile\My Documents\My Music\Vic_Chestnut__Im_Through.mp3"
"c:\windows\SYSTEM32\OOBE\IMAGES\TITLE.WMA"
"f:\moveovers\videos\100706_nyadet_clinch_350.wmv"
"f:\moveovers\videos\101406_oakdet_clinch_350.wmv"
"f:\moveovers\videos\kroq2006\+44 - Live From Almost Acoustic Christmas.asf"
"f:\moveovers\videos\kroq2006\30STM_2006.12.09.asf"
"f:\moveovers\videos\kroq2006\foo.asf"
"f:\moveovers\videos\kroq2006\Incubus_2006.12.09.asf"
"f:\moveovers\videos\kroq2006\kroq_live_hi_live_+44_slimer5.asf"
"f:\moveovers\videos\kroq2006\kroq_live_hi_live_foofighters_slimer5.asf"
"f:\moveovers\videos\kroq2006\kroq_live_raconteurs.asf"
"f:\moveovers\videos\kroq2006\MCR_2006.12.09.asf"
"f:\moveovers\videos\kroq2006\PanicAtTheDisco_2006.12.10.asf"
"f:\moveovers\videos\kroq2006\paparoach.wmv"
"f:\moveovers\videos\kroq2006\PAPAROACH30secsFOB.asf"
"f:\moveovers\videos\kroq2006\Saosin + Wolf Mother.asf"
"f:\moveovers\videos\kroq2006\Saosin.wmv"
"f:\moveovers\videos\kroq2006\SheWantsRevenge_2006.12.10.asf"
"f:\moveovers\videos\kroq2006\snowpatrol\kroq_live_hi[11].asf"
"f:\moveovers\videos\kroq2006\snowpatrol\kroq_live_hi[16].asf"
"f:\moveovers\videos\kroq2006\snowpatrol\kroq_live_hi[9].asf"
"f:\moveovers\videos\kroq2006\WMKROQXIII.asf"
"f:\moveovers\videos\kroq2006\Wolfmother.wmv"
"f:\moveovers\videos\kroq2006\xAFI_2006.12.09.asf"
"f:\moveovers\videos\kroq2006\xAngelsAndAirwaves_2006.12.10.asf"
"f:\moveovers\videos\kroq2006\xBeck_2006.12.10.asf"
"f:\moveovers\videos\kroq2006\xFallOutBoy_2006.12.09.asf"
"f:\moveovers\videos\kroq2006\xGnarlsBarkley_2006.12.10.asf"
"f:\moveovers\videos\kroq2006\xKillers_2006.12.10.asf"
"f:\moveovers\videos\kroq2006\xkroq_live_evanescence.asf"
"f:\moveovers\videos\kroq2006\xkroq_live_foo2.asf"
"f:\moveovers\videos\muse_kroq07\[U-8994][T-28556][P-937685]feeling good.wmv"
"f:\moveovers\videos\muse_kroq07\[U-8994][T-28556][P-937685]hysteria.wmv"
"f:\moveovers\videos\muse_kroq07\[U-8994][T-28556][P-937685]knights of cydonia.wmv"
"f:\moveovers\videos\muse_kroq07\[U-8994][T-28556][P-937685]map of the problematique.wmv"
"f:\moveovers\videos\muse_kroq07\[U-8994][T-28556][P-937685]new born.wmv"
"f:\moveovers\videos\muse_kroq07\[U-8994][T-28556][P-937685]plug in baby.wmv"
"f:\moveovers\videos\muse_kroq07\[U-8994][T-28556][P-937685]ruled by secrecy.wmv"
"f:\moveovers\videos\muse_kroq07\[U-8994][T-28556][P-937685]starlight.wmv"
"f:\moveovers\videos\muse_kroq07\[U-8994][T-28556][P-937685]stockholm syndrome + dead star + hyper music riffs.wmv"
"f:\moveovers\videos\muse_kroq07\[U-8994][T-28556][P-937685]supermassive black hole.wmv"
"f:\moveovers\videos\muse_kroq07\[U-8994][T-28556][P-937685]take a bow.wmv"
"f:\moveovers\videos\muse_kroq07\[U-8994][T-28556][P-937685]time is running out.wmv"
"f:\moveovers\videos\muse_kroq07_0001.wmv"
"f:\moveovers\videos\therally.wmv"
"f:\moveovers\videos\unholyvid_high.asf"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Steve\LOCALS~1\Temp\1.tmp\F_IN_BOX.dll
c:\documents and settings\Steve\Local Settings\Temp\1.tmp\F_IN_BOX.dll
c:\windows\Downloaded Installations\BMP
c:\windows\Downloaded Installations\BMP\{EA2E6144-0834-4704-915A-AF9FDB0D73CA}\0x0409.ini
c:\windows\Downloaded Installations\BMP\{EA2E6144-0834-4704-915A-AF9FDB0D73CA}\1033.MST
c:\windows\Downloaded Installations\BMP\{EA2E6144-0834-4704-915A-AF9FDB0D73CA}\BACS.msi
F:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-11-12 to 2011-12-12 )))))))))))))))))))))))))))))))
.
.
2011-12-11 05:21 . 2011-12-11 05:21 -------- d-----w- c:\program files\ESET
2011-12-03 23:25 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-12-03 23:25 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-12-03 23:25 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-03 23:25 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-12-03 23:25 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-12-03 23:25 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-12-03 23:25 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-12-03 23:25 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-12-03 23:25 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2011-12-03 23:25 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-12-03 23:24 . 2011-12-03 23:24 -------- d-----w- c:\program files\AVAST Software
2011-12-03 23:24 . 2011-12-03 23:24 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
3427-09-26 03:40 . 2005-12-08 06:32 418 ----a-w- c:\windows\Fonts\_ReadMe.txt
2011-11-22 01:29 . 2011-06-25 18:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-23 16:31 . 2011-10-23 16:31 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-10-03 09:06 . 2011-10-23 21:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 06:37 . 2009-01-24 23:14 73728 ----a-w- c:\windows\system32\javacpl.cpl
2000-08-30 19:46 . 2000-08-30 19:46 1807072 ------w- c:\program files\vcredist.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-11_00.29.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-12 03:11 . 2011-12-12 03:11 16384 c:\windows\Temp\Perflib_Perfdata_b78.dat
+ 2005-06-17 13:05 . 2011-12-11 04:29 71640 c:\windows\SYSTEM32\PERFC009.DAT
- 2005-06-17 13:05 . 2011-12-10 16:47 71640 c:\windows\SYSTEM32\PERFC009.DAT
+ 2005-06-17 13:05 . 2011-12-11 04:29 440606 c:\windows\SYSTEM32\PERFH009.DAT
- 2005-06-17 13:05 . 2011-12-10 16:47 440606 c:\windows\SYSTEM32\PERFH009.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-12-24 395640]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 135168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-26 335872]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-07-01 71280]
"URLLSTCK.exe"="c:\program files\Norton Internet Security\UrlLstCk.exe" [2003-12-11 70800]
"2wSysTray"="c:\program files\2Wire\Gateway\2PortalMon.exe" [2002-11-14 446464]
"wltray.exe"="c:\windows\system32\wltray.exe" [2005-03-10 778348]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2005-10-26 100056]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-12-18 197928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-03-17 1141144]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-07-28 273544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-04 1955208]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - f:\program files\Logitech\SetPoint\SetPoint.exe [2011-5-2 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 16:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2009-05-19 05:23 49968 ----a-w- c:\program files\AIM6\aim6.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
2006-02-23 20:54 704512 ----a-w- c:\program files\dvd43\DVD43_Tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-04-11 16:43 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2004-04-19 19:45 53248 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2005-09-19 04:02 7083056 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\SYSTEM32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 05:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-12-24 21:28 395640 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2002-08-27 15:55 1421312 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YPager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"f:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"f:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"f:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"f:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"f:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
.
R1 aswSnx;aswSnx;c:\windows\SYSTEM32\DRIVERS\aswSnx.sys [12/3/2011 6:25 PM 435032]
R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [12/3/2011 6:25 PM 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [12/3/2011 6:25 PM 20568]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [12/18/2009 10:25 AM 189736]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [8/4/2011 2:34 PM 1361288]
R2 LBeepKE;LBeepKE;c:\windows\SYSTEM32\DRIVERS\LBeepKE.sys [5/2/2011 11:19 AM 10384]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/14/2008 12:13 AM 24652]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\SYSTEM32\DRIVERS\LEqdUsb.sys [6/17/2009 11:55 AM 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\SYSTEM32\DRIVERS\LHidEqd.sys [6/17/2009 11:55 AM 10384]
S2 COM+ Event System (EventSystem);COM+ Event System (EventSystem);c:\program files\Common Files\\System\\smss.exe --> c:\program files\Common Files\\System\\smss.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/15/2011 4:30 PM 136176]
S3 33d9464c-a926-47c9-bb08-64fe92de773a;33d9464c-a926-47c9-bb08-64fe92de773a;\??\d:\cds300\cds300.dll --> d:\cds300\cds300.dll [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/15/2011 4:30 PM 136176]
S3 usbu2a;UsbU2A;c:\windows\SYSTEM32\DRIVERS\usbu2a.sys [8/30/2001 4:14 PM 5108]
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\SYSTEM32\DRIVERS\xbreader.sys [1/2/2001 10:53 PM 19677]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [3/6/2010 11:53 PM 85504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-15 10:36]
.
2011-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-15 10:36]
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1733856361-3488808524-2105740647-1007Core.job
- c:\documents and settings\Steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 07:48]
.
2011-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1733856361-3488808524-2105740647-1007UA.job
- c:\documents and settings\Steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 07:48]
.
2011-12-10 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2003-11-21 22:22]
.
2011-12-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1733856361-3488808524-2105740647-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-12-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1733856361-3488808524-2105740647-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-12-12 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-06-17 23:38]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = 58.241.86.19:8080
uInternet Settings,ProxyOverride = *.local
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1 72.240.13.7 72.240.13.6 156.154.70.43
FF - ProfilePath - c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\yt0e8zcc.Default User\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: AOL Messaging Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - %profile%\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Steve\Application Data\Move Networks
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.sessionstore.resume_from_crash - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-11 22:12
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(964)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(4656)
c:\progra~1\COMMON~1\SYMANT~1\ANTISPAM\asOEHook.dll
f:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
c:\program files\Belkin\Router Setup and Monitor\ndis_events.exe
.
**************************************************************************
.
Completion time: 2011-12-11 22:18:33 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-12 03:18
ComboFix2.txt 2011-12-11 04:32
ComboFix3.txt 2011-12-11 00:37
.
Pre-Run: 36,466,384,896 bytes free
Post-Run: 36,449,112,064 bytes free
.
- - End Of File - - 48601B5FDDD72D8945547790FFB9B14D

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:04 AM

Posted 11 December 2011 - 10:47 PM

Hi,

Please do the following:

Visit ADOBE and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 and Save it to your Desktop.
  • Scroll down to where it says Java SE 6 Update 29
  • Click the Download button under JRE to the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u29-windows-i586.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


NEXT


Please post a fresh DDS Log and advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 theowner6

theowner6
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 14 December 2011 - 02:00 AM

Not being redirected anymore, browsers haven't been getting stuck from what I've noticed, and overall performance is much more smooth--I think it's about as smooth as a nine year old computer could get. Here's my new DDS...

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_30
Run by Steve at 22:53:50 on 2011-12-13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3326.2208 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norton AntiVirus *Disabled/Outdated* {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: Norton Internet Security *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\2Wire\Gateway\2PortalMon.exe
C:\WINDOWS\system32\wltray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
F:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\Program Files\Belkin\Router Setup and Monitor\ndis_events.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\program files\real\realplayer\update\realsched.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyServer = 58.241.86.19:8080
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Yahoo! Companion BHO: {13f537f0-af09-11d6-9029-0002b31f9e59} - c:\program files\yahoo!\common\ycomp5,0,8,0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Web assistant: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\common\ycomp5,0,8,0.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [URLLSTCK.exe] c:\program files\norton internet security\UrlLstCk.exe
mRun: [2wSysTray] c:\program files\2wire\gateway\2PortalMon.exe
mRun: [wltray.exe] c:\windows\system32\wltray.exe
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer
mRun: [OneTouch Monitor] c:\progra~1\vision~1\ONETOU~2.EXE
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - f:\program files\logitech\setpoint\SetPoint.exe
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {2499216C-4BA5-11D5-BD9C-000103C116D5} - {2499216C-4BA5-11D5-BD9C-000103C116D5} - c:\program files\yahoo!\common\ylogin.dll
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} - hxxp://www.worldwinner.com/games/v54/zengems/zengems.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {2E062718-4B2D-4926-9E31-36ECB6F4F273} - hxxp://www.worldwinner.com/games/v46/nhltrivia/nhltrivia.cab
DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - hxxp://www.worldwinner.com/games/v63/bjattack/bja.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v51/bejeweled/bejeweled.cab
DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - hxxp://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.21.01.0/iewwload.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} - hxxp://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab
DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} - hxxp://www.worldwinner.com/games/v68/clue/clue.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} - hxxp://www.worldwinner.com/games/v49/luxor/luxor.cab
DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} - hxxp://www.worldwinner.com/games/v46/monopoly/monopoly.cab
DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} - hxxp://www.worldwinner.com/games/v43/paint/paint.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} - hxxp://www.worldwinner.com/games/v49/familyfeud/familyfeud.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1 72.240.13.7 72.240.13.6 156.154.70.43
TCP: Interfaces\{45265EA1-93CA-4D06-AE8A-AA0A6AB6C7CA} : DhcpNameServer = 192.168.2.1 192.168.2.1 72.240.13.7 72.240.13.6 156.154.70.43
TCP: Interfaces\{91666777-968D-44C5-8ECD-24FFF2601D47} : DhcpNameServer = 192.168.2.1 192.168.2.1 72.240.13.7 72.240.13.6 156.154.70.43
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\steve\application data\mozilla\firefox\profiles\yt0e8zcc.default user\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\documents and settings\steve\application data\mozilla\firefox\profiles\yt0e8zcc.default user\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\documents and settings\steve\application data\mozilla\firefox\profiles\yt0e8zcc.default user\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}\components\MailUtil.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\steve\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\steve\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\steve\application data\move networks\plugins\npqmp071705000014.dll
FF - plugin: c:\documents and settings\steve\local settings\application data\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\worldwinner.com, inc\worldwinner games\npwwload.dll
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: AOL Messaging Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - %profile%\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\steve\application data\Move Networks
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.sessionstore.resume_from_crash - false
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-12-3 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-12-3 314456]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\SAVRTPEL.SYS [2003-11-21 37056]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-12-3 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-12-3 44768]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2003-11-21 255600]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2003-11-21 218736]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2003-11-21 235120]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-12-18 189736]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-8-4 1361288]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2011-5-2 10384]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-1-14 24652]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2009-6-17 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2009-6-17 10384]
S2 COM+ Event System (EventSystem);COM+ Event System (EventSystem);c:\program files\common files\\system\\smss.exe --> c:\program files\common files\\system\\smss.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-15 136176]
S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2003-6-24 66784]
S3 33d9464c-a926-47c9-bb08-64fe92de773a;33d9464c-a926-47c9-bb08-64fe92de773a;\??\d:\cds300\cds300.dll --> d:\cds300\cds300.dll [?]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2003-11-21 87664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-15 136176]
S3 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton internet security\norton antivirus\NAVAPSVC.EXE [2003-11-21 158664]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20051007.016\NAVENG.Sys [2005-10-10 77816]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20051007.016\NavEx15.Sys [2005-10-10 665816]
S3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\SAVRT.SYS [2003-11-21 308416]
S3 SAVScan;SAVScan;c:\program files\norton internet security\norton antivirus\SAVSCAN.EXE [2003-11-21 193816]
S3 usbu2a;UsbU2A;c:\windows\system32\drivers\usbu2a.sys [2001-8-30 5108]
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [2001-1-2 19677]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2010-3-6 85504]
.
=============== Created Last 30 ================
.
2011-12-13 16:35:48 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-11 05:21:13 -------- d-----w- c:\program files\ESET
2011-12-10 23:45:17 -------- d-sha-r- C:\cmdcons
2011-12-10 23:42:16 98816 ----a-w- c:\windows\sed.exe
2011-12-10 23:42:16 518144 ----a-w- c:\windows\SWREG.exe
2011-12-10 23:42:16 256000 ----a-w- c:\windows\PEV.exe
2011-12-10 23:42:16 208896 ----a-w- c:\windows\MBR.exe
2011-12-03 23:25:37 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-03 23:25:07 41184 ----a-w- c:\windows\avastSS.scr
2011-12-03 23:24:54 -------- d-----w- c:\program files\AVAST Software
2011-12-03 23:24:54 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
.
==================== Find3M ====================
.
2011-12-13 16:35:31 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-22 01:29:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-23 16:31:19 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2000-08-30 19:46:18 1807072 ------w- c:\program files\vcredist.exe
.
============= FINISH: 22:55:29.82 ===============

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:04 AM

Posted 14 December 2011 - 06:33 AM

You logs indicate two antivirus products installed:

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norton AntiVirus *Disabled/Outdated* {B5510F6F-87E1-47F7-A411-360BC453007C}

you should only have one, more than one will cause system slow downs, conflicts and crashes.

To remove all traces of the AV, uninstall the one you don't want to keep from Add/Remove programs, then use the removal tool to get rid of leftovers:

Norton has a tool that will remove all of its products from failed uninstalls or installs
  • Download the appropriate Norton Removal Tool from HERE and save it to your desktop.
  • Next Double click on Norton_Removal_Tool.exe to run the tool.
  • Follow the on-screen instructions.
  • Your computer may be restarted more than once, and you may be asked to repeat some steps after the computer restarts.



Avast removal tool:

http://www.avast.com/eng/avast-uninstall-utility.html
How to uninstall our software using aswClear.exe:
  • Download aswClear.exe on to your desktop
  • Open (execute) it
  • If you installed avast! in a different folder than the default, browse for it. (Note: Be careful! The content of any folder you choose will be deleted!)
  • Click REMOVE
  • Restart your computer


The rest of the log appears to be clean, we just need to clean up our tools, please do the following:


You can delete the TDSSKiller, DDS and GMER logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 theowner6

theowner6
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 14 December 2011 - 04:21 PM

Thank you for your assistance and for replying much more quickly than the amount of time I was led to believe this would take. :).

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:04 AM

Posted 14 December 2011 - 05:43 PM

you are welcome

stay safe :hello:

~CB

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:04 AM

Posted 14 December 2011 - 05:43 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users