Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with TDL4@MBR Rookit


  • This topic is locked This topic is locked
9 replies to this topic

#1 Tallgeese3

Tallgeese3

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 08 January 2012 - 03:37 PM

Original post-

http://www.bleepingcomputer.com/forums/topic436940.html/page__gopid__2544103#entry2544103

Problem: One Svchost.exe process goes haywire and eats up tons of memory and cpu causing my computer to lockup.

DDS Report-

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Ray at 11:47:36 on 2012-01-08
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Ray\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.att.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Road Runner Toolbar: {e4878b45-e2c0-4307-b6e8-734922f92f5b} - c:\program files\road_runner\prxtbRoa0.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Shareaza Web Download Hook: {0eedb912-c5fa-486f-8334-57288578c627} - c:\program files\shareaza\RazaWebHook32.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\norton 360\engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Road Runner Toolbar: {e4878b45-e2c0-4307-b6e8-734922f92f5b} - c:\program files\road_runner\prxtbRoa0.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime\YontooIEClient.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll
TB: Road Runner Toolbar: {e4878b45-e2c0-4307-b6e8-734922f92f5b} - c:\program files\road_runner\prxtbRoa0.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\norton 360\engine\5.1.0.29\coIEPlg.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [Power2GoExpress] NA
uRun: [OpenDNS Updater] "c:\program files\opendns updater\OpenDNSUpdater.exe" /autostart
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [TFncKy] TFncKy.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [TPSMain] TPSMain.exe
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\7.0"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LXCFCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCFtime.dll,_RunDLLEntry@16
mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
IE: Download with &Shareaza - c:\program files\shareaza\RazaWebHook32.dll/3000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: r2games.com\cs
Trusted Zone: r2games.com\platform
Trusted Zone: rr.com\www
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3FD7B931-4F1C-454E-8866-DA4DDB7AB55E} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{3FD7B931-4F1C-454E-8866-DA4DDB7AB55E} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{E3155360-C534-4C96-8752-09C54973E8AA} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{E3155360-C534-4C96-8752-09C54973E8AA} : DhcpNameServer = 192.168.1.254
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ray\application data\mozilla\firefox\profiles\699umw53.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856416&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Radio TV 1 Customized Web Search
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856416&q=
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 8118
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 8118
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\ray\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extentions.y2layers.installId, 97f7ecf8-8d4a-4308-980d-5195ce0472ca
FF - user.js: extentions.y2layers.defaultEnableAppsList - PageRage,PageRageGlobal,Buzzdock,BuzzdockTease,PageRage,PageRageGlobal,
.
============= SERVICES / DRIVERS ===============
.
R? A5AGU;D-Link USB Wireless Network Adapter Service
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? MEMSWEEP2;MEMSWEEP2
R? PROCEXP151;PROCEXP151
R? TomTomHOMEService;TomTomHOMEService
R? WinRM;Windows Remote Management (WS-Management)
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? BHDrvx86;BHDrvx86
S? EraserUtilRebootDrv;EraserUtilRebootDrv
S? IDSxpx86;IDSxpx86
S? N360;Norton 360
S? NAUpdate;@c:\program files\nero\update\NASvc.exe,-200
S? NAVENG;NAVENG
S? NAVEX15;NAVEX15
S? pavboot;pavboot
S? SymDS;Symantec Data Store
S? SymEFA;Symantec Extended File Attributes
S? SymIRON;Symantec Iron Driver
.
=============== Created Last 30 ================
.
2012-01-07 20:07:12 -------- d-----w- c:\documents and settings\ray\application data\Malwarebytes
2012-01-07 20:06:41 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-01-06 08:47:58 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2012-01-06 08:45:39 -------- d-----w- c:\program files\Panda Security
2011-12-30 08:41:00 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2011-12-30 08:40:59 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2011-12-30 08:40:59 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2011-12-30 08:40:59 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2011-12-22 10:32:56 -------- d-----w- c:\documents and settings\ray\local settings\application data\Nikon
2011-12-22 10:18:19 57344 ----a-r- c:\documents and settings\ray\application data\microsoft\installer\{87441a59-5e64-4096-a170-14efe67200c3}\ARPPRODUCTICON.exe
2011-12-22 10:04:48 -------- d-----w- c:\program files\common files\Nikon
2011-12-22 10:04:01 -------- d-----w- c:\program files\Nikon
.
==================== Find3M ====================
.
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 10:19:10 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-14 03:45:57 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-11-14 03:45:57 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-11-12 03:13:26 186880 -c----w- c:\windows\system32\searchprotocolhost.exe
2011-11-09 16:03:10 114688 ----a-w- c:\windows\system32\DVDRAMSV.exe
2011-11-09 16:02:35 36864 ----a-w- c:\windows\system32\acs.exe
2011-11-09 16:02:12 380928 ----a-w- c:\windows\system32\ati2evxx.exe
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33:08 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:03 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-20 23:26:22 94208 -c--a-w- c:\windows\system32\dpl100.dll
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: TOSHIBA_MK8032GSX rev.AS111G -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x849B049F]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x849b7738]; MOV EAX, [0x849b78ac]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x84F37030]
3 CLASSPNP[0xF77F0FD7] -> nt!IofCallDriver[0x804E37D5] -> [0x84BAA540]
\Driver\atapi[0x84A23BC0] -> IRP_MJ_CREATE -> 0x849B049F
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x849B02C6
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 11:53:01.37 ===============

GMER Report-

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-08 13:11:34
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 TOSHIBA_MK8032GSX rev.AS111G
Running: zlugbbh6.exe; Driver: C:\DOCUME~1\Ray\LOCALS~1\Temp\pwrdyfog.sys


---- System - GMER 1.0.15 ----

SSDT 84A5B110 ZwAlertResumeThread
SSDT 84A5AD50 ZwAlertThread
SSDT 84C5E768 ZwAllocateVirtualMemory
SSDT 84A5E368 ZwAssignProcessToJobObject
SSDT 83F05FB0 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xEFAD9710]
SSDT 84AB5968 ZwCreateMutant
SSDT 84ACACA0 ZwCreateSymbolicLinkObject
SSDT 84EC18B8 ZwCreateThread
SSDT 84A5D530 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xEFAD9990]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xEFAD9EF0]
SSDT 83EE1B68 ZwDuplicateObject
SSDT 84A87430 ZwFreeVirtualMemory
SSDT 84A5B4E0 ZwImpersonateAnonymousToken
SSDT 84A5B2A8 ZwImpersonateThread
SSDT 83F69AE0 ZwLoadDriver
SSDT 84C06C00 ZwMapViewOfSection
SSDT 84A5B718 ZwOpenEvent
SSDT 84A5C228 ZwOpenProcess
SSDT 84A56F30 ZwOpenProcessToken
SSDT 84A5CC18 ZwOpenSection
SSDT 84A742A8 ZwOpenThread
SSDT 84AC9F50 ZwProtectVirtualMemory
SSDT 84A5AB50 ZwResumeThread
SSDT 84A58AC8 ZwSetContextThread
SSDT 84A99C50 ZwSetInformationProcess
SSDT 84A5CF30 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xEFADA140]
SSDT 84A5B8B0 ZwSuspendProcess
SSDT 84A5A9B8 ZwSuspendThread
SSDT 84A56870 ZwTerminateProcess
SSDT 84A5A758 ZwTerminateThread
SSDT 84A578B0 ZwUnmapViewOfSection
SSDT 84C67080 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
? C:\DOCUME~1\Ray\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!WriteFile 7C810E27 5 Bytes JMP 0090000C
.text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 017F000A
.text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 0218000A
.text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 02F2000A
.text C:\WINDOWS\System32\svchost.exe[1080] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 0094000A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3096] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 106C3A89 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3096] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 106C3A1B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3096] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 1046C909 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3096] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1046CEBD C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3756] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 016EB750 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Udfs \UdfsCdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\meiudf \MeiUDF_Disk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\meiudf \MeiUDF_CdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Udfs \UdfsDisk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 849B02C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 849B02C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 849B02C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 849B02C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 849B02C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP3T0L0-10 849B02C6

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x02 0xAE 0x99 0x2F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4B 0x90 0xF3 0xD8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x42 0xE7 0x14 0xEB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBF 0x0D 0xB3 0xDF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x02 0xAE 0x99 0x2F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4B 0x90 0xF3 0xD8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x42 0xE7 0x14 0xEB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBF 0x0D 0xB3 0xDF ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AcroRd32.exe@ C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AcroRd32.exe@Path C:\Program Files\Adobe\Reader 10.0\Reader\
Reg HKLM\SOFTWARE\Classes\CLSID\{0ae45833-e763-4b6d-b070-b1c4bae96637}@Model 255
Reg HKLM\SOFTWARE\Classes\CLSID\{0ae45833-e763-4b6d-b070-b1c4bae96637}@Therad 1
Reg HKLM\SOFTWARE\Classes\CLSID\{0ae45833-e763-4b6d-b070-b1c4bae96637}@MData 0x73 0xD5 0xCF 0xB8 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0xF8 0x93 0x46 0xAF ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Files - GMER 1.0.15 ----

File C:\System Volume Information\EfaData\SYMEFA.DB-journal 512 bytes

---- EOF - GMER 1.0.15 ----

Attached Files


Edited by Tallgeese3, 08 January 2012 - 04:24 PM.


BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:01 AM

Posted 09 January 2012 - 10:49 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________


Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Running OTL

We need to create a FULL OTL Report
  • Please download OTL from here:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 Tallgeese3

Tallgeese3
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 09 January 2012 - 02:20 PM

Thanks for the response. To begin with I actually jumped the gun yesterday and googled the rootkit after I found out what it was and was led to a few post on this forum. I read through all of them and ended up downloading TDSSKiller and using it. I didn't change the parameters and when the scan was finished the only problem it found was the tdl4 rootkit. I used cure and then rebooted. That's all I've done so far. Since I've done this my computer has been running pretty smooth and svchost.exe is no longer going haywire.


First TDSSKILLER SCAN-

16:06:31.0187 2748 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
16:06:33.0328 2748 ============================================================
16:06:33.0328 2748 Current date / time: 2012/01/08 16:06:33.0328
16:06:33.0328 2748 SystemInfo:
16:06:33.0328 2748
16:06:33.0328 2748 OS Version: 5.1.2600 ServicePack: 3.0
16:06:33.0359 2748 Product type: Workstation
16:06:33.0359 2748 ComputerName: TOSHIBA-USER
16:06:33.0390 2748 UserName: Ray
16:06:33.0390 2748 Windows directory: C:\WINDOWS
16:06:33.0421 2748 System windows directory: C:\WINDOWS
16:06:33.0421 2748 Processor architecture: Intel x86
16:06:33.0421 2748 Number of processors: 1
16:06:33.0421 2748 Page size: 0x1000
16:06:33.0421 2748 Boot type: Normal boot
16:06:33.0421 2748 ============================================================
16:06:50.0218 2748 Initialize success
16:06:54.0046 1628 ============================================================
16:06:54.0046 1628 Scan started
16:06:54.0046 1628 Mode: Manual;
16:06:54.0046 1628 ============================================================
16:06:59.0078 1628 A5AGU (304d8a51672c760f5d92d73652e8fbfc) C:\WINDOWS\system32\DRIVERS\A5AGU.sys
16:06:59.0125 1628 A5AGU - ok
16:06:59.0140 1628 Abiosdsk - ok
16:06:59.0171 1628 abp480n5 - ok
16:06:59.0265 1628 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:06:59.0281 1628 ACPI - ok
16:06:59.0375 1628 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
16:06:59.0390 1628 ACPIEC - ok
16:06:59.0484 1628 adpu160m - ok
16:06:59.0562 1628 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:06:59.0562 1628 aec - ok
16:06:59.0640 1628 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
16:06:59.0671 1628 AegisP - ok
16:06:59.0734 1628 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:06:59.0781 1628 AFD - ok
16:06:59.0953 1628 AgereSoftModem (b3192376c7a3814b5341efc2202022f8) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
16:07:00.0000 1628 AgereSoftModem - ok
16:07:00.0078 1628 Aha154x - ok
16:07:00.0156 1628 aic78u2 - ok
16:07:00.0187 1628 aic78xx - ok
16:07:00.0203 1628 AliIde - ok
16:07:00.0218 1628 amsint - ok
16:07:00.0312 1628 AR5211 (f0a8370d570428e83d78593e9dfb2e5a) C:\WINDOWS\system32\DRIVERS\ar5211.sys
16:07:00.0343 1628 AR5211 - ok
16:07:00.0515 1628 AR5416 (c413e2e549488a5f1969decb5b03187a) C:\WINDOWS\system32\DRIVERS\athw.sys
16:07:00.0593 1628 AR5416 - ok
16:07:00.0765 1628 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:07:00.0765 1628 Arp1394 - ok
16:07:00.0796 1628 asc - ok
16:07:00.0812 1628 asc3350p - ok
16:07:00.0843 1628 asc3550 - ok
16:07:00.0890 1628 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:07:00.0906 1628 AsyncMac - ok
16:07:01.0046 1628 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:07:01.0046 1628 atapi - ok
16:07:01.0062 1628 Atdisk - ok
16:07:01.0218 1628 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:07:01.0296 1628 ati2mtag - ok
16:07:01.0406 1628 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:07:01.0406 1628 Atmarpc - ok
16:07:01.0515 1628 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:07:01.0515 1628 audstub - ok
16:07:01.0656 1628 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:07:01.0656 1628 Beep - ok
16:07:01.0984 1628 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111223.001\BHDrvx86.sys
16:07:02.0031 1628 BHDrvx86 - ok
16:07:02.0171 1628 catchme - ok
16:07:02.0406 1628 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:07:02.0406 1628 cbidf2k - ok
16:07:02.0437 1628 cd20xrnt - ok
16:07:02.0484 1628 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:07:02.0484 1628 Cdaudio - ok
16:07:02.0562 1628 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:07:02.0562 1628 Cdfs - ok
16:07:02.0703 1628 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:07:02.0703 1628 Cdrom - ok
16:07:02.0734 1628 Changer - ok
16:07:02.0812 1628 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:07:02.0812 1628 CmBatt - ok
16:07:03.0000 1628 CmdIde - ok
16:07:03.0031 1628 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:07:03.0031 1628 Compbatt - ok
16:07:03.0078 1628 Cpqarray - ok
16:07:03.0109 1628 dac2w2k - ok
16:07:03.0140 1628 dac960nt - ok
16:07:03.0234 1628 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:07:03.0234 1628 Disk - ok
16:07:03.0312 1628 DLABOIOM (efae981c8ba3dad4103a76bcb5955b07) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
16:07:03.0375 1628 DLABOIOM - ok
16:07:03.0437 1628 DLACDBHM (8d45ac148fd8c1a25204aeca1397fa7e) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
16:07:03.0437 1628 DLACDBHM - ok
16:07:03.0578 1628 DLADResN (3e34a0991efdaf8cfa97441c3a51fc81) C:\WINDOWS\system32\DLA\DLADResN.SYS
16:07:03.0578 1628 DLADResN - ok
16:07:03.0609 1628 DLAIFS_M (2aef49904bde7398d0f09b6a603738ef) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
16:07:03.0609 1628 DLAIFS_M - ok
16:07:03.0671 1628 DLAOPIOM (46fa268a829384256179f4ccb6eb308f) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
16:07:03.0671 1628 DLAOPIOM - ok
16:07:03.0890 1628 DLAPoolM (26e89839af248625a4e7c4cf5873375d) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
16:07:03.0890 1628 DLAPoolM - ok
16:07:03.0984 1628 DLARTL_N (94accf8f7b87fbeaa27266927319e6ba) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
16:07:04.0000 1628 DLARTL_N - ok
16:07:04.0187 1628 DLAUDFAM (5e914bd7f68dde3fb4bffe005162c1e6) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
16:07:04.0187 1628 DLAUDFAM - ok
16:07:04.0218 1628 DLAUDF_M (8c3cfb22a7fb3be67e0c321fa10b8b50) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
16:07:04.0218 1628 DLAUDF_M - ok
16:07:04.0296 1628 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:07:04.0312 1628 dmboot - ok
16:07:04.0359 1628 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:07:04.0359 1628 dmio - ok
16:07:04.0406 1628 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:07:04.0406 1628 dmload - ok
16:07:04.0500 1628 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:07:04.0500 1628 DMusic - ok
16:07:04.0531 1628 dpti2o - ok
16:07:04.0593 1628 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:07:04.0593 1628 drmkaud - ok
16:07:04.0812 1628 DRVMCDB (ab6c5c26fff9b3c456aeaf7e0093c2fe) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
16:07:04.0812 1628 DRVMCDB - ok
16:07:04.0843 1628 DRVNDDM (4a307ade1638d9358b6eb90076481cc6) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
16:07:04.0843 1628 DRVNDDM - ok
16:07:05.0156 1628 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
16:07:05.0187 1628 eeCtrl - ok
16:07:05.0281 1628 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:07:05.0281 1628 EraserUtilRebootDrv - ok
16:07:05.0562 1628 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:07:05.0562 1628 Fastfat - ok
16:07:05.0640 1628 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
16:07:05.0640 1628 Fdc - ok
16:07:05.0671 1628 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:07:05.0671 1628 Fips - ok
16:07:05.0703 1628 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:07:05.0703 1628 Flpydisk - ok
16:07:05.0750 1628 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:07:05.0781 1628 FltMgr - ok
16:07:05.0843 1628 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:07:05.0875 1628 Fs_Rec - ok
16:07:06.0156 1628 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:07:06.0156 1628 Ftdisk - ok
16:07:06.0265 1628 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
16:07:06.0281 1628 GEARAspiWDM - ok
16:07:06.0343 1628 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:07:06.0343 1628 Gpc - ok
16:07:06.0437 1628 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:07:06.0453 1628 HDAudBus - ok
16:07:06.0687 1628 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:07:06.0687 1628 HidUsb - ok
16:07:06.0765 1628 hpn - ok
16:07:06.0843 1628 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:07:06.0859 1628 HTTP - ok
16:07:06.0890 1628 i2omgmt - ok
16:07:06.0921 1628 i2omp - ok
16:07:07.0031 1628 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:07:07.0062 1628 i8042prt - ok
16:07:07.0328 1628 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120106.002\IDSxpx86.sys
16:07:07.0343 1628 IDSxpx86 - ok
16:07:07.0609 1628 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:07:07.0609 1628 Imapi - ok
16:07:07.0640 1628 ini910u - ok
16:07:07.0953 1628 IntcAzAudAddService (1a5b97b5bffde5742f4209f734c4faf0) C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:07:08.0093 1628 IntcAzAudAddService - ok
16:07:08.0281 1628 IntelIde - ok
16:07:08.0437 1628 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:07:08.0500 1628 intelppm - ok
16:07:08.0546 1628 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:07:08.0546 1628 Ip6Fw - ok
16:07:08.0593 1628 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:07:08.0593 1628 IpFilterDriver - ok
16:07:08.0640 1628 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:07:08.0640 1628 IpInIp - ok
16:07:08.0687 1628 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:07:08.0687 1628 IpNat - ok
16:07:09.0046 1628 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:07:09.0046 1628 IPSec - ok
16:07:09.0109 1628 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:07:09.0109 1628 IRENUM - ok
16:07:09.0187 1628 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:07:09.0187 1628 isapnp - ok
16:07:09.0265 1628 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:07:09.0265 1628 Kbdclass - ok
16:07:09.0437 1628 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:07:09.0437 1628 kmixer - ok
16:07:09.0484 1628 KR10N (00c1ea8decf810b8eccb5c5a8186a96e) C:\WINDOWS\system32\drivers\KR10N.sys
16:07:09.0531 1628 KR10N - ok
16:07:09.0656 1628 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:07:09.0687 1628 KSecDD - ok
16:07:09.0796 1628 lbrtfdc - ok
16:07:10.0062 1628 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys
16:07:10.0078 1628 meiudf - ok
16:07:10.0125 1628 MEMSWEEP2 - ok
16:07:10.0171 1628 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:07:10.0171 1628 mnmdd - ok
16:07:10.0265 1628 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:07:10.0265 1628 Modem - ok
16:07:10.0343 1628 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:07:10.0359 1628 Mouclass - ok
16:07:10.0718 1628 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:07:10.0734 1628 mouhid - ok
16:07:10.0812 1628 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:07:10.0812 1628 MountMgr - ok
16:07:10.0859 1628 mraid35x - ok
16:07:10.0953 1628 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:07:10.0968 1628 MRxDAV - ok
16:07:11.0156 1628 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:07:11.0203 1628 MRxSmb - ok
16:07:11.0265 1628 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:07:11.0265 1628 Msfs - ok
16:07:11.0296 1628 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:07:11.0312 1628 MSKSSRV - ok
16:07:11.0343 1628 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:07:11.0343 1628 MSPCLOCK - ok
16:07:11.0390 1628 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:07:11.0390 1628 MSPQM - ok
16:07:11.0437 1628 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:07:11.0437 1628 mssmbios - ok
16:07:11.0671 1628 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:07:11.0703 1628 Mup - ok
16:07:12.0093 1628 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120106.032\NAVENG.SYS
16:07:12.0093 1628 NAVENG - ok
16:07:12.0187 1628 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120106.032\NAVEX15.SYS
16:07:12.0250 1628 NAVEX15 - ok
16:07:12.0468 1628 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:07:12.0484 1628 NDIS - ok
16:07:12.0546 1628 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:07:12.0578 1628 NdisTapi - ok
16:07:12.0625 1628 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:07:12.0625 1628 Ndisuio - ok
16:07:12.0656 1628 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:07:12.0656 1628 NdisWan - ok
16:07:12.0734 1628 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:07:12.0734 1628 NDProxy - ok
16:07:12.0765 1628 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:07:12.0781 1628 NetBIOS - ok
16:07:13.0093 1628 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\drivers\NetBT.sys
16:07:13.0109 1628 NetBT - ok
16:07:13.0156 1628 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
16:07:13.0156 1628 Netdevio - ok
16:07:13.0218 1628 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:07:13.0218 1628 NIC1394 - ok
16:07:13.0281 1628 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:07:13.0281 1628 Npfs - ok
16:07:13.0343 1628 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:07:13.0359 1628 Ntfs - ok
16:07:13.0609 1628 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:07:13.0609 1628 Null - ok
16:07:13.0640 1628 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:07:13.0656 1628 NwlnkFlt - ok
16:07:13.0687 1628 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:07:13.0687 1628 NwlnkFwd - ok
16:07:13.0718 1628 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:07:13.0750 1628 ohci1394 - ok
16:07:13.0828 1628 PalmUSBD (dc450992eba6f914080c1f7fbeeed72c) C:\WINDOWS\system32\drivers\PalmUSBD.sys
16:07:13.0828 1628 PalmUSBD - ok
16:07:13.0875 1628 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
16:07:13.0890 1628 Parport - ok
16:07:13.0921 1628 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:07:13.0921 1628 PartMgr - ok
16:07:14.0187 1628 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:07:14.0203 1628 ParVdm - ok
16:07:14.0343 1628 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
16:07:14.0375 1628 pavboot - ok
16:07:14.0468 1628 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:07:14.0468 1628 PCI - ok
16:07:14.0578 1628 PCIDump - ok
16:07:14.0671 1628 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:07:14.0671 1628 PCIIde - ok
16:07:14.0734 1628 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
16:07:14.0750 1628 Pcmcia - ok
16:07:14.0765 1628 Pcouffin - ok
16:07:14.0796 1628 PDCOMP - ok
16:07:14.0812 1628 PDFRAME - ok
16:07:14.0843 1628 PDRELI - ok
16:07:14.0859 1628 PDRFRAME - ok
16:07:14.0890 1628 perc2 - ok
16:07:14.0906 1628 perc2hib - ok
16:07:15.0015 1628 pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys
16:07:15.0031 1628 pfc - ok
16:07:15.0093 1628 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:07:15.0093 1628 PptpMiniport - ok
16:07:15.0140 1628 PROCEXP151 - ok
16:07:15.0171 1628 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:07:15.0171 1628 PSched - ok
16:07:15.0218 1628 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:07:15.0218 1628 Ptilink - ok
16:07:15.0265 1628 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:07:15.0281 1628 PxHelp20 - ok
16:07:15.0468 1628 ql1080 - ok
16:07:15.0500 1628 Ql10wnt - ok
16:07:15.0515 1628 ql12160 - ok
16:07:15.0546 1628 ql1240 - ok
16:07:15.0562 1628 ql1280 - ok
16:07:15.0640 1628 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:07:15.0640 1628 RasAcd - ok
16:07:15.0703 1628 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:07:15.0703 1628 Rasl2tp - ok
16:07:15.0734 1628 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:07:15.0750 1628 RasPppoe - ok
16:07:15.0781 1628 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:07:15.0781 1628 Raspti - ok
16:07:15.0828 1628 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:07:15.0828 1628 Rdbss - ok
16:07:15.0859 1628 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:07:15.0875 1628 RDPCDD - ok
16:07:15.0937 1628 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
16:07:15.0953 1628 RDPWD - ok
16:07:16.0234 1628 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:07:16.0234 1628 redbook - ok
16:07:16.0343 1628 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
16:07:16.0359 1628 RTL8023xp - ok
16:07:16.0406 1628 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
16:07:16.0406 1628 rtl8139 - ok
16:07:16.0484 1628 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:07:16.0484 1628 Secdrv - ok
16:07:16.0562 1628 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
16:07:16.0562 1628 Serial - ok
16:07:16.0843 1628 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:07:16.0843 1628 Sfloppy - ok
16:07:16.0890 1628 Simbad - ok
16:07:16.0921 1628 Sparrow - ok
16:07:16.0984 1628 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:07:16.0984 1628 splitter - ok
16:07:17.0125 1628 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\System32\Drivers\sptd.sys
16:07:17.0156 1628 sptd - ok
16:07:17.0406 1628 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:07:17.0421 1628 sr - ok
16:07:17.0609 1628 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSP.SYS
16:07:17.0625 1628 SRTSP - ok
16:07:17.0656 1628 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS
16:07:17.0687 1628 SRTSPX - ok
16:07:17.0765 1628 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:07:17.0781 1628 Srv - ok
16:07:17.0968 1628 StarOpen - ok
16:07:18.0234 1628 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:07:18.0250 1628 swenum - ok
16:07:18.0375 1628 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:07:18.0390 1628 swmidi - ok
16:07:18.0625 1628 symc810 - ok
16:07:18.0671 1628 symc8xx - ok
16:07:18.0953 1628 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS
16:07:18.0968 1628 SymDS - ok
16:07:19.0296 1628 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS
16:07:19.0343 1628 SymEFA - ok
16:07:19.0437 1628 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
16:07:19.0437 1628 SymEvent - ok
16:07:19.0718 1628 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS
16:07:19.0734 1628 SymIRON - ok
16:07:19.0812 1628 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMTDI.SYS
16:07:19.0843 1628 SYMTDI - ok
16:07:19.0875 1628 sym_hi - ok
16:07:19.0906 1628 sym_u3 - ok
16:07:19.0968 1628 SynTP (cfb41bf11ae95c26133bae3ec2e334bd) C:\WINDOWS\system32\DRIVERS\SynTP.sys
16:07:20.0000 1628 SynTP - ok
16:07:20.0171 1628 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:07:20.0187 1628 sysaudio - ok
16:07:20.0390 1628 tbiosdrv (7147b0575bcc93a6ab7d5c90f47c0b9f) C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys
16:07:20.0390 1628 tbiosdrv - ok
16:07:20.0484 1628 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:07:20.0484 1628 Tcpip - ok
16:07:20.0546 1628 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:07:20.0546 1628 TDPIPE - ok
16:07:20.0671 1628 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:07:20.0671 1628 TDTCP - ok
16:07:20.0734 1628 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:07:20.0734 1628 TermDD - ok
16:07:20.0890 1628 TosIde - ok
16:07:20.0937 1628 TVALD (676db15ddf2e0ff6ec03068dea428b8b) C:\WINDOWS\system32\DRIVERS\NBSMI.sys
16:07:20.0937 1628 TVALD - ok
16:07:21.0031 1628 Tvs (12c836c7fe526d7b3239af82e4083be2) C:\WINDOWS\system32\DRIVERS\Tvs.sys
16:07:21.0046 1628 Tvs - ok
16:07:21.0078 1628 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:07:21.0093 1628 Udfs - ok
16:07:21.0125 1628 ultra - ok
16:07:21.0390 1628 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:07:21.0500 1628 Update - ok
16:07:21.0828 1628 usbbus - ok
16:07:22.0125 1628 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:07:22.0125 1628 usbccgp - ok
16:07:22.0375 1628 UsbDiag - ok
16:07:22.0500 1628 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:07:22.0515 1628 usbehci - ok
16:07:22.0609 1628 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:07:22.0609 1628 usbhub - ok
16:07:22.0625 1628 USBModem - ok
16:07:22.0656 1628 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
16:07:22.0656 1628 usbohci - ok
16:07:22.0718 1628 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:07:22.0718 1628 usbprint - ok
16:07:22.0828 1628 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:07:22.0843 1628 usbscan - ok
16:07:22.0953 1628 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:07:22.0953 1628 USBSTOR - ok
16:07:23.0015 1628 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:07:23.0015 1628 VgaSave - ok
16:07:23.0078 1628 ViaIde - ok
16:07:23.0140 1628 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:07:23.0140 1628 VolSnap - ok
16:07:23.0203 1628 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:07:23.0203 1628 Wanarp - ok
16:07:23.0328 1628 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
16:07:23.0343 1628 wanatw - ok
16:07:23.0375 1628 WDICA - ok
16:07:23.0453 1628 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:07:23.0484 1628 wdmaud - ok
16:07:23.0671 1628 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:07:23.0671 1628 WS2IFSL - ok
16:07:23.0765 1628 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:07:23.0781 1628 WudfPf - ok
16:07:23.0812 1628 MBR (0x1B8) (97b4ed14b2045edaea29463a79412b77) \Device\Harddisk0\DR0
16:07:23.0828 1628 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
16:07:23.0828 1628 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
16:07:23.0859 1628 Boot (0x1200) (f4974ca8055ba8a1f543aae154dad46c) \Device\Harddisk0\DR0\Partition0
16:07:23.0875 1628 \Device\Harddisk0\DR0\Partition0 - ok
16:07:23.0890 1628 ============================================================
16:07:23.0890 1628 Scan finished
16:07:23.0890 1628 ============================================================
16:07:23.0906 3712 Detected object count: 1
16:07:23.0906 3712 Actual detected object count: 1
16:07:51.0859 3712 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
16:07:51.0859 3712 \Device\Harddisk0\DR0 - ok
16:07:51.0859 3712 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
16:08:20.0156 3800 Deinitialize success


Second TDSSKILLER scan -

10:57:49.0578 3736 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
10:57:50.0500 3736 ============================================================
10:57:50.0500 3736 Current date / time: 2012/01/09 10:57:50.0500
10:57:50.0500 3736 SystemInfo:
10:57:50.0500 3736
10:57:50.0500 3736 OS Version: 5.1.2600 ServicePack: 3.0
10:57:50.0500 3736 Product type: Workstation
10:57:50.0500 3736 ComputerName: TOSHIBA-USER
10:57:50.0500 3736 UserName: Ray
10:57:50.0500 3736 Windows directory: C:\WINDOWS
10:57:50.0500 3736 System windows directory: C:\WINDOWS
10:57:50.0500 3736 Processor architecture: Intel x86
10:57:50.0500 3736 Number of processors: 1
10:57:50.0500 3736 Page size: 0x1000
10:57:50.0500 3736 Boot type: Normal boot
10:57:50.0500 3736 ============================================================
10:57:54.0187 3736 Initialize success
10:58:01.0843 3584 ============================================================
10:58:01.0843 3584 Scan started
10:58:01.0843 3584 Mode: Manual; SigCheck; TDLFS;
10:58:01.0843 3584 ============================================================
10:58:04.0265 3584 A5AGU (304d8a51672c760f5d92d73652e8fbfc) C:\WINDOWS\system32\DRIVERS\A5AGU.sys
10:58:08.0484 3584 A5AGU - ok
10:58:08.0859 3584 Abiosdsk - ok
10:58:08.0984 3584 abp480n5 - ok
10:58:09.0250 3584 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:58:13.0046 3584 ACPI - ok
10:58:13.0562 3584 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
10:58:14.0156 3584 ACPIEC - ok
10:58:14.0484 3584 adpu160m - ok
10:58:14.0796 3584 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:58:15.0250 3584 aec - ok
10:58:15.0984 3584 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
10:58:16.0078 3584 AegisP ( UnsignedFile.Multi.Generic ) - warning
10:58:16.0078 3584 AegisP - detected UnsignedFile.Multi.Generic (1)
10:58:16.0359 3584 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:58:16.0843 3584 AFD - ok
10:58:17.0500 3584 AgereSoftModem (b3192376c7a3814b5341efc2202022f8) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
10:58:18.0203 3584 AgereSoftModem - ok
10:58:18.0843 3584 Aha154x - ok
10:58:19.0500 3584 aic78u2 - ok
10:58:19.0828 3584 aic78xx - ok
10:58:20.0093 3584 AliIde - ok
10:58:20.0406 3584 amsint - ok
10:58:21.0500 3584 AR5211 (f0a8370d570428e83d78593e9dfb2e5a) C:\WINDOWS\system32\DRIVERS\ar5211.sys
10:58:22.0140 3584 AR5211 - ok
10:58:22.0703 3584 AR5416 (c413e2e549488a5f1969decb5b03187a) C:\WINDOWS\system32\DRIVERS\athw.sys
10:58:23.0203 3584 AR5416 - ok
10:58:23.0812 3584 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:58:24.0281 3584 Arp1394 - ok
10:58:24.0312 3584 asc - ok
10:58:24.0328 3584 asc3350p - ok
10:58:24.0359 3584 asc3550 - ok
10:58:24.0406 3584 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:58:24.0578 3584 AsyncMac - ok
10:58:24.0718 3584 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:58:24.0921 3584 atapi - ok
10:58:25.0031 3584 Atdisk - ok
10:58:25.0125 3584 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
10:58:25.0296 3584 ati2mtag - ok
10:58:25.0421 3584 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:58:25.0609 3584 Atmarpc - ok
10:58:25.0718 3584 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:58:25.0890 3584 audstub - ok
10:58:25.0937 3584 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:58:26.0187 3584 Beep - ok
10:58:26.0484 3584 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111223.001\BHDrvx86.sys
10:58:26.0765 3584 BHDrvx86 - ok
10:58:26.0984 3584 catchme - ok
10:58:27.0203 3584 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:58:27.0546 3584 cbidf2k - ok
10:58:27.0578 3584 cd20xrnt - ok
10:58:27.0609 3584 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:58:27.0843 3584 Cdaudio - ok
10:58:28.0218 3584 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:58:28.0468 3584 Cdfs - ok
10:58:28.0734 3584 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:58:28.0968 3584 Cdrom - ok
10:58:28.0984 3584 Changer - ok
10:58:29.0078 3584 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
10:58:29.0234 3584 CmBatt - ok
10:58:29.0265 3584 CmdIde - ok
10:58:29.0296 3584 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:58:29.0468 3584 Compbatt - ok
10:58:29.0671 3584 Cpqarray - ok
10:58:29.0687 3584 dac2w2k - ok
10:58:29.0718 3584 dac960nt - ok
10:58:29.0828 3584 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:58:29.0984 3584 Disk - ok
10:58:30.0062 3584 DLABOIOM (efae981c8ba3dad4103a76bcb5955b07) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
10:58:30.0109 3584 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
10:58:30.0109 3584 DLABOIOM - detected UnsignedFile.Multi.Generic (1)
10:58:30.0156 3584 DLACDBHM (8d45ac148fd8c1a25204aeca1397fa7e) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
10:58:30.0203 3584 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
10:58:30.0203 3584 DLACDBHM - detected UnsignedFile.Multi.Generic (1)
10:58:30.0359 3584 DLADResN (3e34a0991efdaf8cfa97441c3a51fc81) C:\WINDOWS\system32\DLA\DLADResN.SYS
10:58:30.0375 3584 DLADResN ( UnsignedFile.Multi.Generic ) - warning
10:58:30.0375 3584 DLADResN - detected UnsignedFile.Multi.Generic (1)
10:58:30.0406 3584 DLAIFS_M (2aef49904bde7398d0f09b6a603738ef) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
10:58:30.0437 3584 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
10:58:30.0437 3584 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
10:58:30.0593 3584 DLAOPIOM (46fa268a829384256179f4ccb6eb308f) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
10:58:30.0656 3584 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
10:58:30.0656 3584 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
10:58:30.0843 3584 DLAPoolM (26e89839af248625a4e7c4cf5873375d) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
10:58:30.0875 3584 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
10:58:30.0875 3584 DLAPoolM - detected UnsignedFile.Multi.Generic (1)
10:58:31.0078 3584 DLARTL_N (94accf8f7b87fbeaa27266927319e6ba) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
10:58:31.0109 3584 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
10:58:31.0109 3584 DLARTL_N - detected UnsignedFile.Multi.Generic (1)
10:58:31.0250 3584 DLAUDFAM (5e914bd7f68dde3fb4bffe005162c1e6) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
10:58:31.0359 3584 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
10:58:31.0359 3584 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
10:58:31.0578 3584 DLAUDF_M (8c3cfb22a7fb3be67e0c321fa10b8b50) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
10:58:31.0609 3584 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
10:58:31.0609 3584 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
10:58:31.0750 3584 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:58:32.0062 3584 dmboot - ok
10:58:32.0578 3584 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:58:32.0953 3584 dmio - ok
10:58:33.0218 3584 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:58:33.0406 3584 dmload - ok
10:58:33.0546 3584 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:58:33.0718 3584 DMusic - ok
10:58:34.0093 3584 dpti2o - ok
10:58:34.0375 3584 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:58:34.0546 3584 drmkaud - ok
10:58:35.0187 3584 DRVMCDB (ab6c5c26fff9b3c456aeaf7e0093c2fe) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
10:58:35.0250 3584 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
10:58:35.0250 3584 DRVMCDB - detected UnsignedFile.Multi.Generic (1)
10:58:35.0703 3584 DRVNDDM (4a307ade1638d9358b6eb90076481cc6) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
10:58:35.0734 3584 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
10:58:35.0734 3584 DRVNDDM - detected UnsignedFile.Multi.Generic (1)
10:58:36.0265 3584 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
10:58:36.0531 3584 eeCtrl - ok
10:58:37.0000 3584 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:58:37.0062 3584 EraserUtilRebootDrv - ok
10:58:37.0640 3584 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:58:38.0000 3584 Fastfat - ok
10:58:38.0406 3584 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
10:58:38.0609 3584 Fdc - ok
10:58:39.0015 3584 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:58:39.0484 3584 Fips - ok
10:58:40.0062 3584 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
10:58:40.0328 3584 Flpydisk - ok
10:58:41.0125 3584 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:58:41.0500 3584 FltMgr - ok
10:58:41.0953 3584 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:58:42.0234 3584 Fs_Rec - ok
10:58:42.0718 3584 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:58:43.0062 3584 Ftdisk - ok
10:58:43.0515 3584 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
10:58:43.0562 3584 GEARAspiWDM - ok
10:58:44.0078 3584 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:58:44.0453 3584 Gpc - ok
10:58:45.0312 3584 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:58:45.0703 3584 HDAudBus - ok
10:58:46.0156 3584 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:58:46.0359 3584 HidUsb - ok
10:58:46.0750 3584 hpn - ok
10:58:46.0828 3584 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:58:46.0984 3584 HTTP - ok
10:58:47.0171 3584 i2omgmt - ok
10:58:47.0250 3584 i2omp - ok
10:58:47.0312 3584 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:58:47.0531 3584 i8042prt - ok
10:58:47.0890 3584 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120106.002\IDSxpx86.sys
10:58:47.0937 3584 IDSxpx86 - ok
10:58:48.0187 3584 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:58:48.0359 3584 Imapi - ok
10:58:48.0390 3584 ini910u - ok
10:58:48.0921 3584 IntcAzAudAddService (1a5b97b5bffde5742f4209f734c4faf0) C:\WINDOWS\system32\drivers\RtkHDAud.sys
10:58:50.0734 3584 IntcAzAudAddService - ok
10:58:51.0031 3584 IntelIde - ok
10:58:51.0500 3584 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:58:51.0703 3584 intelppm - ok
10:58:52.0328 3584 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:58:52.0546 3584 Ip6Fw - ok
10:58:53.0015 3584 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:58:53.0250 3584 IpFilterDriver - ok
10:58:53.0578 3584 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:58:53.0843 3584 IpInIp - ok
10:58:54.0281 3584 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:58:54.0515 3584 IpNat - ok
10:58:55.0046 3584 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:58:55.0296 3584 IPSec - ok
10:58:55.0812 3584 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:58:56.0046 3584 IRENUM - ok
10:58:56.0500 3584 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:58:56.0718 3584 isapnp - ok
10:58:57.0218 3584 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:58:57.0437 3584 Kbdclass - ok
10:58:57.0828 3584 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:58:58.0000 3584 kmixer - ok
10:58:58.0062 3584 KR10N (00c1ea8decf810b8eccb5c5a8186a96e) C:\WINDOWS\system32\drivers\KR10N.sys
10:58:58.0265 3584 KR10N - ok
10:58:58.0562 3584 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:58:58.0750 3584 KSecDD - ok
10:58:58.0968 3584 lbrtfdc - ok
10:58:59.0078 3584 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys
10:58:59.0125 3584 meiudf ( UnsignedFile.Multi.Generic ) - warning
10:58:59.0125 3584 meiudf - detected UnsignedFile.Multi.Generic (1)
10:58:59.0187 3584 MEMSWEEP2 - ok
10:58:59.0281 3584 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:58:59.0484 3584 mnmdd - ok
10:58:59.0953 3584 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:59:00.0156 3584 Modem - ok
10:59:00.0671 3584 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:59:00.0875 3584 Mouclass - ok
10:59:01.0031 3584 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:59:01.0234 3584 mouhid - ok
10:59:01.0421 3584 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:59:01.0593 3584 MountMgr - ok
10:59:01.0625 3584 mraid35x - ok
10:59:01.0859 3584 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:59:02.0125 3584 MRxDAV - ok
10:59:02.0453 3584 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:59:02.0750 3584 MRxSmb - ok
10:59:03.0046 3584 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:59:03.0187 3584 Msfs - ok
10:59:03.0234 3584 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:59:03.0406 3584 MSKSSRV - ok
10:59:03.0453 3584 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:59:03.0609 3584 MSPCLOCK - ok
10:59:03.0640 3584 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:59:03.0859 3584 MSPQM - ok
10:59:04.0140 3584 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:59:04.0265 3584 mssmbios - ok
10:59:04.0375 3584 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:59:04.0437 3584 Mup - ok
10:59:04.0734 3584 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120109.002\NAVENG.SYS
10:59:04.0750 3584 NAVENG - ok
10:59:04.0921 3584 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120109.002\NAVEX15.SYS
10:59:05.0046 3584 NAVEX15 - ok
10:59:05.0328 3584 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:59:05.0500 3584 NDIS - ok
10:59:05.0562 3584 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:59:05.0609 3584 NdisTapi - ok
10:59:05.0671 3584 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:59:05.0843 3584 Ndisuio - ok
10:59:06.0046 3584 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:59:06.0218 3584 NdisWan - ok
10:59:06.0281 3584 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:59:06.0359 3584 NDProxy - ok
10:59:06.0406 3584 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:59:06.0578 3584 NetBIOS - ok
10:59:06.0843 3584 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\drivers\NetBT.sys
10:59:07.0031 3584 NetBT - ok
10:59:07.0093 3584 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
10:59:07.0125 3584 Netdevio ( UnsignedFile.Multi.Generic ) - warning
10:59:07.0125 3584 Netdevio - detected UnsignedFile.Multi.Generic (1)
10:59:07.0187 3584 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:59:07.0343 3584 NIC1394 - ok
10:59:07.0468 3584 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:59:07.0625 3584 Npfs - ok
10:59:07.0828 3584 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:59:08.0031 3584 Ntfs - ok
10:59:08.0109 3584 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:59:08.0281 3584 Null - ok
10:59:08.0390 3584 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:59:08.0578 3584 NwlnkFlt - ok
10:59:08.0687 3584 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:59:08.0906 3584 NwlnkFwd - ok
10:59:08.0984 3584 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:59:09.0156 3584 ohci1394 - ok
10:59:09.0250 3584 PalmUSBD (dc450992eba6f914080c1f7fbeeed72c) C:\WINDOWS\system32\drivers\PalmUSBD.sys
10:59:09.0328 3584 PalmUSBD - ok
10:59:09.0562 3584 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
10:59:09.0734 3584 Parport - ok
10:59:09.0796 3584 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:59:09.0937 3584 PartMgr - ok
10:59:09.0984 3584 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:59:10.0187 3584 ParVdm - ok
10:59:10.0453 3584 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
10:59:10.0468 3584 pavboot - ok
10:59:10.0546 3584 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:59:10.0703 3584 PCI - ok
10:59:10.0734 3584 PCIDump - ok
10:59:10.0765 3584 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:59:10.0968 3584 PCIIde - ok
10:59:11.0109 3584 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
10:59:11.0234 3584 Pcmcia - ok
10:59:11.0437 3584 Pcouffin - ok
10:59:11.0453 3584 PDCOMP - ok
10:59:11.0468 3584 PDFRAME - ok
10:59:11.0500 3584 PDRELI - ok
10:59:11.0515 3584 PDRFRAME - ok
10:59:11.0531 3584 perc2 - ok
10:59:11.0546 3584 perc2hib - ok
10:59:11.0609 3584 pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys
10:59:11.0640 3584 pfc ( UnsignedFile.Multi.Generic ) - warning
10:59:11.0640 3584 pfc - detected UnsignedFile.Multi.Generic (1)
10:59:11.0734 3584 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:59:11.0906 3584 PptpMiniport - ok
10:59:11.0953 3584 PROCEXP151 - ok
10:59:11.0984 3584 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:59:12.0140 3584 PSched - ok
10:59:12.0359 3584 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:59:12.0546 3584 Ptilink - ok
10:59:12.0625 3584 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:59:12.0640 3584 PxHelp20 - ok
10:59:12.0656 3584 ql1080 - ok
10:59:12.0687 3584 Ql10wnt - ok
10:59:12.0703 3584 ql12160 - ok
10:59:12.0718 3584 ql1240 - ok
10:59:12.0750 3584 ql1280 - ok
10:59:12.0781 3584 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:59:13.0000 3584 RasAcd - ok
10:59:13.0062 3584 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:59:13.0187 3584 Rasl2tp - ok
10:59:13.0218 3584 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:59:13.0390 3584 RasPppoe - ok
10:59:13.0671 3584 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:59:13.0890 3584 Raspti - ok
10:59:13.0953 3584 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:59:14.0109 3584 Rdbss - ok
10:59:14.0156 3584 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:59:14.0359 3584 RDPCDD - ok
10:59:14.0421 3584 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
10:59:14.0515 3584 RDPWD - ok
10:59:14.0718 3584 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:59:14.0984 3584 redbook - ok
10:59:15.0078 3584 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
10:59:15.0187 3584 RTL8023xp - ok
10:59:15.0406 3584 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
10:59:15.0546 3584 rtl8139 - ok
10:59:15.0656 3584 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:59:15.0843 3584 Secdrv - ok
10:59:15.0953 3584 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
10:59:16.0125 3584 Serial - ok
10:59:16.0265 3584 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:59:16.0421 3584 Sfloppy - ok
10:59:16.0453 3584 Simbad - ok
10:59:16.0484 3584 Sparrow - ok
10:59:16.0562 3584 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:59:16.0718 3584 splitter - ok
10:59:16.0843 3584 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\System32\Drivers\sptd.sys
10:59:16.0921 3584 sptd - ok
10:59:17.0109 3584 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:59:17.0281 3584 sr - ok
10:59:17.0421 3584 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSP.SYS
10:59:17.0484 3584 SRTSP - ok
10:59:17.0562 3584 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS
10:59:17.0578 3584 SRTSPX - ok
10:59:17.0859 3584 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:59:17.0953 3584 Srv - ok
10:59:17.0984 3584 StarOpen - ok
10:59:18.0078 3584 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:59:18.0265 3584 swenum - ok
10:59:18.0312 3584 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:59:18.0484 3584 swmidi - ok
10:59:18.0531 3584 symc810 - ok
10:59:18.0546 3584 symc8xx - ok
10:59:18.0750 3584 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS
10:59:18.0984 3584 SymDS - ok
10:59:19.0500 3584 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS
10:59:19.0546 3584 SymEFA - ok
10:59:19.0750 3584 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
10:59:19.0781 3584 SymEvent - ok
10:59:19.0968 3584 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS
10:59:20.0031 3584 SymIRON - ok
10:59:20.0078 3584 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMTDI.SYS
10:59:20.0109 3584 SYMTDI - ok
10:59:20.0281 3584 sym_hi - ok
10:59:20.0312 3584 sym_u3 - ok
10:59:20.0375 3584 SynTP (cfb41bf11ae95c26133bae3ec2e334bd) C:\WINDOWS\system32\DRIVERS\SynTP.sys
10:59:20.0546 3584 SynTP - ok
10:59:20.0656 3584 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:59:20.0812 3584 sysaudio - ok
10:59:21.0015 3584 tbiosdrv (7147b0575bcc93a6ab7d5c90f47c0b9f) C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys
10:59:21.0093 3584 tbiosdrv - ok
10:59:21.0171 3584 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:59:21.0281 3584 Tcpip - ok
10:59:21.0328 3584 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:59:21.0500 3584 TDPIPE - ok
10:59:21.0718 3584 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:59:21.0906 3584 TDTCP - ok
10:59:21.0953 3584 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:59:22.0140 3584 TermDD - ok
10:59:22.0187 3584 TosIde - ok
10:59:22.0234 3584 TVALD (676db15ddf2e0ff6ec03068dea428b8b) C:\WINDOWS\system32\DRIVERS\NBSMI.sys
10:59:22.0250 3584 TVALD ( UnsignedFile.Multi.Generic ) - warning
10:59:22.0250 3584 TVALD - detected UnsignedFile.Multi.Generic (1)
10:59:22.0296 3584 Tvs (12c836c7fe526d7b3239af82e4083be2) C:\WINDOWS\system32\DRIVERS\Tvs.sys
10:59:22.0328 3584 Tvs ( UnsignedFile.Multi.Generic ) - warning
10:59:22.0328 3584 Tvs - detected UnsignedFile.Multi.Generic (1)
10:59:22.0406 3584 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:59:22.0531 3584 Udfs - ok
10:59:22.0734 3584 ultra - ok
10:59:22.0843 3584 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:59:23.0093 3584 Update - ok
10:59:23.0125 3584 usbbus - ok
10:59:23.0375 3584 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:59:23.0531 3584 usbccgp - ok
10:59:23.0781 3584 UsbDiag - ok
10:59:24.0250 3584 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:59:24.0421 3584 usbehci - ok
10:59:24.0546 3584 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:59:24.0718 3584 usbhub - ok
10:59:24.0921 3584 USBModem - ok
10:59:24.0968 3584 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
10:59:25.0125 3584 usbohci - ok
10:59:25.0171 3584 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:59:25.0312 3584 usbprint - ok
10:59:25.0421 3584 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:59:25.0578 3584 usbscan - ok
10:59:25.0640 3584 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:59:25.0796 3584 USBSTOR - ok
10:59:25.0921 3584 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:59:26.0078 3584 VgaSave - ok
10:59:26.0093 3584 ViaIde - ok
10:59:26.0125 3584 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:59:26.0281 3584 VolSnap - ok
10:59:26.0375 3584 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:59:26.0531 3584 Wanarp - ok
10:59:26.0609 3584 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
10:59:26.0671 3584 wanatw - ok
10:59:26.0890 3584 WDICA - ok
10:59:27.0125 3584 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:59:27.0265 3584 wdmaud - ok
10:59:27.0500 3584 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:59:27.0718 3584 WS2IFSL - ok
10:59:27.0859 3584 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:59:27.0937 3584 WudfPf - ok
10:59:27.0968 3584 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk0\DR0
10:59:28.0234 3584 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
10:59:28.0234 3584 \Device\Harddisk0\DR0 - detected TDSS File System (1)
10:59:28.0234 3584 Boot (0x1200) (f4974ca8055ba8a1f543aae154dad46c) \Device\Harddisk0\DR0\Partition0
10:59:28.0250 3584 \Device\Harddisk0\DR0\Partition0 - ok
10:59:28.0250 3584 ============================================================
10:59:28.0250 3584 Scan finished
10:59:28.0250 3584 ============================================================
10:59:28.0406 1564 Detected object count: 18
10:59:28.0406 1564 Actual detected object count: 18
11:12:59.0296 1564 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
11:12:59.0375 1564 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:12:59.0375 1564 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
11:12:59.0375 1564 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:12:59.0390 1564 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
11:12:59.0390 1564 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:12:59.0390 1564 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
11:12:59.0390 1564 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:12:59.0390 1564 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
11:12:59.0390 1564 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:12:59.0406 1564 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
11:12:59.0406 1564 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:12:59.0406 1564 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
11:12:59.0406 1564 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:12:59.0406 1564 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
11:12:59.0406 1564 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:12:59.0421 1564 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
11:12:59.0421 1564 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:12:59.0421 1564 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
11:12:59.0421 1564 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:12:59.0421 1564 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
11:12:59.0421 1564 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:12:59.0421 1564 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
11:12:59.0421 1564 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:12:59.0437 1564 meiudf ( UnsignedFile.Multi.Generic ) - skipped by user
11:12:59.0437 1564 meiudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:12:59.0437 1564 Netdevio ( UnsignedFile.Multi.Generic ) - skipped by user
11:12:59.0437 1564 Netdevio ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:12:59.0437 1564 pfc ( UnsignedFile.Multi.Generic ) - skipped by user
11:12:59.0437 1564 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:12:59.0453 1564 TVALD ( UnsignedFile.Multi.Generic ) - skipped by user
11:12:59.0453 1564 TVALD ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:12:59.0453 1564 Tvs ( UnsignedFile.Multi.Generic ) - skipped by user
11:12:59.0453 1564 Tvs ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:12:59.0468 1564 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
11:12:59.0484 1564 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
11:17:00.0562 2472 Deinitialize success

OTL

OTL logfile created on: 1/9/2012 11:23:38 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Ray\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.17 Mb Total Physical Memory | 46.81 Mb Available Physical Memory | 10.49% Memory free
1.03 Gb Paging File | 0.31 Gb Available in Paging File | 30.53% Paging File free
Paging file location(s): C:\pagefile.sys 669 669 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.29 Gb Total Space | 18.73 Gb Free Space | 25.22% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-USER | User Name: Ray | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/09 10:56:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ray\My Documents\Downloads\OTL.exe
PRC - [2011/12/30 00:40:54 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/11/09 08:03:36 | 000,045,056 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2011/11/09 08:03:30 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2011/11/09 08:03:10 | 000,114,688 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2011/11/09 08:03:03 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2011/11/09 08:02:35 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2011/04/16 16:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
PRC - [2010/08/20 08:57:06 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2010/06/16 13:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
PRC - [2008/08/14 10:14:20 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/11/25 13:07:16 | 000,352,256 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
PRC - [2005/08/10 10:15:50 | 000,035,328 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
PRC - [2005/08/01 04:10:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/07/15 10:52:42 | 001,077,322 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
PRC - [2005/05/31 21:00:12 | 000,282,624 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2005/05/31 20:59:58 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2004/12/30 00:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/10/25 15:23:10 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/30 00:40:46 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/21 02:19:09 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/09 08:03:36 | 000,045,056 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
MOD - [2011/11/09 08:02:35 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
MOD - [2010/08/20 08:57:06 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2010/08/20 08:57:00 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2010/06/16 13:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
MOD - [2010/02/05 10:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2005/11/23 14:55:38 | 000,118,784 | ---- | M] () -- C:\WINDOWS\system32\TCtrlIO.dll
MOD - [2005/11/09 13:22:22 | 000,049,152 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TouchPad_ONOFF.dll
MOD - [2002/07/04 08:38:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Share\PIHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/11/09 08:03:48 | 000,092,592 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/11/09 08:03:36 | 000,045,056 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2011/11/09 08:03:30 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/11/09 08:03:10 | 000,114,688 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2011/11/09 08:03:03 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2011/11/09 08:02:35 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2011/04/16 16:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2009/10/02 15:44:03 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/29 15:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2005/08/10 10:15:50 | 000,035,328 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/07/25 11:25:18 | 000,491,520 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxcfcoms.exe -- (lxcf_device)


========== Driver Services (SafeList) ==========

DRV - [2012/01/03 20:21:51 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120109.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/01/03 20:21:51 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120109.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/12/05 03:45:08 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/12/05 03:45:08 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/11/30 18:25:03 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111223.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/13 19:45:57 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/11/11 16:47:24 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120106.002\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/04/13 12:42:10 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2011/04/13 12:39:45 | 001,606,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2011/03/30 19:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 19:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 16:39:49 | 000,369,784 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/14 18:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/26 22:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/26 21:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2009/10/02 15:56:26 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/06/13 07:50:26 | 000,386,784 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\A5AGU.sys -- (A5AGU)
DRV - [2007/12/04 17:10:30 | 000,016,640 | R--- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2005/11/15 16:40:24 | 000,043,264 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005/11/15 09:00:22 | 001,122,656 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/11/10 16:44:12 | 004,064,256 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/10/20 14:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/09/12 18:08:30 | 000,468,736 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2005/08/24 15:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
DRV - [2005/08/03 22:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/08/01 04:10:00 | 000,092,700 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/08/01 04:10:00 | 000,087,004 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/08/01 04:10:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/08/01 04:10:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/08/01 04:10:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/08/01 04:10:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/08/01 04:10:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/07/07 08:03:34 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/07/07 08:02:56 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/06/02 03:33:00 | 000,102,384 | ---- | M] (Matsubleepa Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/01/12 00:05:46 | 000,204,160 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\KR10N.sys -- (KR10N)
DRV - [2004/08/03 14:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/09/19 14:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/01/29 14:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 12:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-21-651098575-289067284-1953961353-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-651098575-289067284-1953961353-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-651098575-289067284-1953961353-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-651098575-289067284-1953961353-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
IE - HKU\S-1-5-21-651098575-289067284-1953961353-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-651098575-289067284-1953961353-1006\..\URLSearchHook: {e4878b45-e2c0-4307-b6e8-734922f92f5b} - C:\Program Files\Road_Runner\prxtbRoa0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-651098575-289067284-1953961353-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-651098575-289067284-1953961353-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Crawler Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Radio TV 1 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2856416&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: "Radio TV 1 Customized Web Search"
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.0.19
FF - prefs.js..extensions.enabledItems: {f29557fd-78aa-40e6-aba8-9fa219764018}:3.3.0.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: toolbar@alot.com:2.4.6000
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2856416&q="
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 8118
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Ray\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2011/11/15 04:36:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_4_3 [2012/01/09 07:03:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/11/20 04:25:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/30 00:41:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/17 19:39:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Documents and Settings\Ray\Application Data\IDM\idmmzcc5

[2011/03/17 13:07:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ray\Application Data\Mozilla\Extensions
[2011/03/17 13:07:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ray\Application Data\Mozilla\Extensions\home2@tomtom.com
[2012/01/08 05:10:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ray\Application Data\Mozilla\Firefox\Profiles\699umw53.default\extensions
[2011/02/06 15:44:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ray\Application Data\Mozilla\Firefox\Profiles\699umw53.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/08 05:10:39 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Documents and Settings\Ray\Application Data\Mozilla\Firefox\Profiles\699umw53.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
[2011/11/27 07:45:17 | 000,000,000 | ---D | M] ("ImageHost Grabber") -- C:\Documents and Settings\Ray\Application Data\Mozilla\Firefox\Profiles\699umw53.default\extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8}
[2011/03/25 21:18:36 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Ray\Application Data\Mozilla\Firefox\Profiles\699umw53.default\extensions\engine@conduit.com
[2010/12/30 17:21:42 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\Ray\Application Data\Mozilla\Firefox\Profiles\699umw53.default\searchplugins\conduit.xml
[2009/11/26 13:46:00 | 000,002,168 | ---- | M] () -- C:\Documents and Settings\Ray\Application Data\Mozilla\Firefox\Profiles\699umw53.default\searchplugins\inbox-search.xml
[2009/09/25 12:36:04 | 000,009,952 | ---- | M] () -- C:\Documents and Settings\Ray\Application Data\Mozilla\Firefox\Profiles\699umw53.default\searchplugins\mywebsearch.xml
[2011/07/19 09:28:00 | 000,002,365 | ---- | M] () -- C:\Documents and Settings\Ray\Application Data\Mozilla\Firefox\Profiles\699umw53.default\searchplugins\s-amazon.xml
[2011/11/08 18:57:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RAY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\699UMW53.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RAY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\699UMW53.DEFAULT\EXTENSIONS\{C36177C0-224A-11DA-8CD6-0800200C9A91}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RAY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\699UMW53.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RAY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\699UMW53.DEFAULT\EXTENSIONS\MYHOMEPAGE_MANISHJAIN9@GMAIL.COM.XPI
[2011/11/20 04:25:31 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2011/12/30 00:40:57 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/03/31 21:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/30 11:30:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/08 18:57:12 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/06 15:42:18 | 000,439,213 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15128 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll File not found
O2 - BHO: (Road Runner Toolbar) - {e4878b45-e2c0-4307-b6e8-734922f92f5b} - C:\Program Files\Road_Runner\prxtbRoa0.dll (Conduit Ltd.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll File not found
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Road Runner Toolbar) - {e4878b45-e2c0-4307-b6e8-734922f92f5b} - C:\Program Files\Road_Runner\prxtbRoa0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-651098575-289067284-1953961353-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-651098575-289067284-1953961353-1006\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-651098575-289067284-1953961353-1006\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-651098575-289067284-1953961353-1006\..\Toolbar\WebBrowser: (Road Runner Toolbar) - {E4878B45-E2C0-4307-B6E8-734922F92F5B} - C:\Program Files\Road_Runner\prxtbRoa0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [LXCFCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.DLL ()
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-651098575-289067284-1953961353-1006..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKU\S-1-5-21-651098575-289067284-1953961353-1006..\Run: [Power2GoExpress] NA File not found
O4 - HKU\S-1-5-21-651098575-289067284-1953961353-1006..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-651098575-289067284-1953961353-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-651098575-289067284-1953961353-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-651098575-289067284-1953961353-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-651098575-289067284-1953961353-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download with &Shareaza - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-651098575-289067284-1953961353-1006\..Trusted Domains: r2games.com ([cs] https in Trusted sites)
O15 - HKU\S-1-5-21-651098575-289067284-1953961353-1006\..Trusted Domains: r2games.com ([platform] https in Trusted sites)
O15 - HKU\S-1-5-21-651098575-289067284-1953961353-1006\..Trusted Domains: rr.com ([www] http in Trusted sites)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3FD7B931-4F1C-454E-8866-DA4DDB7AB55E}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3FD7B931-4F1C-454E-8866-DA4DDB7AB55E}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3155360-C534-4C96-8752-09C54973E8AA}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3155360-C534-4C96-8752-09C54973E8AA}: NameServer = 208.67.222.222,208.67.220.220
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Ray\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ray\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/09 05:56:40 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/09 05:54:50 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2012/01/07 12:07:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Application Data\Malwarebytes
[2012/01/07 12:06:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/06 00:47:58 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2012/01/06 00:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2012/01/05 03:12:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/01/04 12:16:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/22 18:30:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2011/12/22 02:32:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Local Settings\Application Data\Nikon
[2011/12/22 02:28:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Application Data\Nikon
[2011/12/22 02:19:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nikon Message Center 2
[2011/12/22 02:04:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ViewNX 2
[2011/12/22 02:04:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nikon
[2011/12/22 02:04:01 | 000,000,000 | ---D | C] -- C:\Program Files\Nikon
[2011/12/22 02:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2011/12/22 02:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2011/12/22 01:54:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Link to Nikon
[2005/11/04 18:59:49 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[2005/07/25 11:31:30 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfserv.dll
[2005/07/25 11:27:22 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcflmpm.dll
[2005/07/25 11:26:58 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfcomm.dll
[2005/07/25 11:25:40 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfih.exe
[2005/07/25 11:25:26 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfpplc.dll
[2005/07/25 11:25:18 | 000,491,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfcoms.exe
[2005/07/25 11:24:46 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfcomc.dll
[2005/07/25 11:24:14 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfprox.dll
[2005/07/25 11:19:36 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfusb1.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Ray\My Documents\*.tmp files -> C:\Documents and Settings\Ray\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/09 07:08:08 | 000,000,438 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2012/01/09 07:02:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/09 07:02:42 | 467,914,752 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/08 16:15:38 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/08 11:23:13 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Ray\defogger_reenable
[2012/01/08 10:52:40 | 000,031,720 | ---- | M] () -- C:\{FE3270DE-B088-4163-B53D-419E2CD082BE}
[2012/01/07 11:43:14 | 005,981,248 | ---- | M] () -- C:\{BBF9CDC0-A16D-4CC6-BB84-6D89A8C5C8DC}
[2012/01/07 06:55:52 | 000,000,928 | ---- | M] () -- C:\{AF41EB97-17A0-463B-ABCE-2478E4BBEADF}
[2012/01/07 01:12:44 | 000,002,016 | ---- | M] () -- C:\{6D0E6346-0187-4A40-AFFF-BC77C08D5EE4}
[2012/01/06 15:42:18 | 000,439,213 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/05 22:49:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120106-154218.backup
[2012/01/05 02:55:50 | 000,064,000 | ---- | M] () -- C:\Documents and Settings\Ray\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/05 00:32:20 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Ray\PUTTY.RND
[2011/12/31 04:51:21 | 000,031,544 | ---- | M] () -- C:\{8731DC03-3996-4EF6-BCCC-1DB6018EFE84}
[2011/12/30 14:34:56 | 000,009,160 | ---- | M] () -- C:\{6FE57F48-A873-43FB-A28E-B5E57FE82AC6}
[2011/12/30 10:28:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/25 20:46:40 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
[2011/12/25 20:42:08 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
[2011/12/25 07:14:10 | 000,031,840 | ---- | M] () -- C:\{44A254BA-79A6-4D74-B2D9-68D0D8146CD9}
[2011/12/24 00:06:50 | 000,000,440 | ---- | M] () -- C:\{AD02447D-D76B-4678-95B1-A83028D53A5E}
[2011/12/22 12:02:49 | 000,000,592 | ---- | M] () -- C:\{22C3FCBC-64C7-402F-B552-34ACB8BC2BA3}
[2011/12/22 02:44:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ViewNX2.INI
[2011/12/22 02:12:27 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\All Users\Application Data\Pedal Hard
[2011/12/22 02:12:27 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\Ray\Application Data\Overdrive
[2011/12/22 02:12:27 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT
[2011/12/22 02:12:27 | 000,000,012 | RH-- | M] () -- C:\Documents and Settings\All Users\Application Data\Plug-Ins
[2011/12/22 02:05:10 | 000,001,805 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ViewNX 2.lnk
[2011/12/22 02:02:52 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\All Users\Application Data\People
[2011/12/22 02:02:52 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\Ray\Application Data\PDEs
[2011/12/22 02:02:49 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\Ray\Application Data\Organs
[2011/12/22 02:02:49 | 000,000,012 | RH-- | M] () -- C:\Documents and Settings\All Users\Application Data\Plants
[2011/12/21 15:46:05 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/17 18:44:30 | 000,000,440 | ---- | M] () -- C:\{CCFE0CB7-38CD-4E1F-9DCA-B875273EF1D2}
[2011/12/17 13:45:59 | 000,000,280 | ---- | M] () -- C:\{ADA533DC-3779-4432-B517-4FCCBD5A36FC}
[2011/12/17 13:45:58 | 000,001,704 | ---- | M] () -- C:\{08E76D4B-8209-4CEA-B97B-F96238DFCB1E}
[2011/12/15 05:31:10 | 000,002,328 | ---- | M] () -- C:\{9128D5A4-67B9-4AB2-82C6-FA0B24FC265B}
[2011/12/13 16:19:48 | 000,185,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/13 15:02:06 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Ray\My Documents\*.tmp files -> C:\Documents and Settings\Ray\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/08 11:22:45 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Ray\defogger_reenable
[2012/01/08 10:52:40 | 000,031,720 | ---- | C] () -- C:\{FE3270DE-B088-4163-B53D-419E2CD082BE}
[2012/01/07 11:43:12 | 005,981,248 | ---- | C] () -- C:\{BBF9CDC0-A16D-4CC6-BB84-6D89A8C5C8DC}
[2012/01/07 06:55:52 | 000,000,928 | ---- | C] () -- C:\{AF41EB97-17A0-463B-ABCE-2478E4BBEADF}
[2012/01/07 01:12:44 | 000,002,016 | ---- | C] () -- C:\{6D0E6346-0187-4A40-AFFF-BC77C08D5EE4}
[2012/01/05 00:16:43 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Ray\PUTTY.RND
[2011/12/31 04:51:19 | 000,031,544 | ---- | C] () -- C:\{8731DC03-3996-4EF6-BCCC-1DB6018EFE84}
[2011/12/30 14:34:56 | 000,009,160 | ---- | C] () -- C:\{6FE57F48-A873-43FB-A28E-B5E57FE82AC6}
[2011/12/25 07:14:09 | 000,031,840 | ---- | C] () -- C:\{44A254BA-79A6-4D74-B2D9-68D0D8146CD9}
[2011/12/24 00:06:50 | 000,000,440 | ---- | C] () -- C:\{AD02447D-D76B-4678-95B1-A83028D53A5E}
[2011/12/22 12:02:48 | 000,000,592 | ---- | C] () -- C:\{22C3FCBC-64C7-402F-B552-34ACB8BC2BA3}
[2011/12/22 02:44:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX2.INI
[2011/12/22 02:12:27 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Pedal Hard
[2011/12/22 02:12:27 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Ray\Application Data\Overdrive
[2011/12/22 02:12:27 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Plug-Ins
[2011/12/22 02:12:25 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT
[2011/12/22 02:05:09 | 000,001,805 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ViewNX 2.lnk
[2011/12/22 02:02:52 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\People
[2011/12/22 02:02:52 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Ray\Application Data\PDEs
[2011/12/22 02:02:51 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
[2011/12/22 02:02:49 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Ray\Application Data\Organs
[2011/12/22 02:02:49 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Plants
[2011/12/22 02:02:48 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
[2011/12/17 18:44:30 | 000,000,440 | ---- | C] () -- C:\{CCFE0CB7-38CD-4E1F-9DCA-B875273EF1D2}
[2011/12/17 13:45:59 | 000,000,280 | ---- | C] () -- C:\{ADA533DC-3779-4432-B517-4FCCBD5A36FC}
[2011/12/17 13:45:57 | 000,001,704 | ---- | C] () -- C:\{08E76D4B-8209-4CEA-B97B-F96238DFCB1E}
[2011/12/15 05:31:09 | 000,002,328 | ---- | C] () -- C:\{9128D5A4-67B9-4AB2-82C6-FA0B24FC265B}
[2011/11/12 06:03:03 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/12 06:03:03 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/12 06:03:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/12 06:03:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/12 06:03:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/11 21:21:38 | 000,004,202 | ---- | C] () -- C:\Documents and Settings\Ray\Application Data\SMRResults210.dat
[2011/11/09 09:27:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/31 06:36:44 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2011/05/18 13:08:25 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Ray\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/18 13:01:47 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/04/26 22:29:58 | 000,000,221 | ---- | C] () -- C:\Documents and Settings\Ray\Application Data\hdl_dump.conf
[2011/04/16 09:39:34 | 000,155,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\ar5523.bin
[2011/04/08 21:06:20 | 000,064,000 | ---- | C] () -- C:\Documents and Settings\Ray\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/07 19:16:14 | 000,000,094 | ---- | C] () -- C:\WINDOWS\family.ini
[2011/02/18 12:28:20 | 000,002,427 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2009/12/12 12:08:07 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/03 14:57:07 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/03/18 01:16:00 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/07/21 15:14:10 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/06/30 20:05:50 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Ray\Local Settings\Application Data\fusioncache.dat
[2008/06/30 20:05:26 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\ControlWZCS.exe
[2008/06/30 20:05:23 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\acs.exe
[2008/06/30 20:05:19 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2008/06/30 20:05:05 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\PlugPlayPCIDevice.exe
[2008/06/30 20:05:05 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\MFCFirstRemove.exe
[2008/06/30 19:28:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/11/30 15:16:05 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/11/30 15:16:05 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/11/30 15:16:05 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/11/30 15:16:05 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/11/29 14:52:15 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/11/29 14:22:11 | 000,000,140 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ1.dat
[2005/11/29 14:22:11 | 000,000,140 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2005/11/29 14:22:08 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/11/29 14:22:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/11/29 14:16:48 | 000,004,528 | R--- | C] () -- C:\WINDOWS\System32\SETBROWS.EXE
[2005/11/11 14:12:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/11/07 09:00:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/07 08:27:47 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2005/11/04 20:09:15 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/11/04 20:07:42 | 000,000,272 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/04 19:31:32 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2005/11/04 19:27:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/11/04 18:59:49 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2005/11/04 18:31:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/11/04 18:28:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/11/04 18:26:52 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/11/04 16:56:25 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/04 16:53:16 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/11/04 16:53:10 | 000,504,636 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/11/04 16:53:10 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/11/04 16:53:10 | 000,087,884 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/11/04 16:53:10 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/11/04 16:53:08 | 000,004,688 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/11/04 16:53:06 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/11/04 16:53:02 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/11/04 16:52:54 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/11/04 16:52:54 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/11/04 16:52:40 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/11/04 16:52:29 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/11/04 10:23:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/11/04 10:22:17 | 000,185,016 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/24 15:20:28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/07/07 01:12:28 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcfvs.dll
[2005/06/10 15:59:16 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Ray\My Documents\Shareaza Downloads:Shareaza.GUID

< End of report >

OTL Extra

OTL Extras logfile created on: 1/9/2012 11:23:38 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Ray\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.17 Mb Total Physical Memory | 46.81 Mb Available Physical Memory | 10.49% Memory free
1.03 Gb Paging File | 0.31 Gb Available in Paging File | 30.53% Paging File free
Paging file location(s): C:\pagefile.sys 669 669 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.29 Gb Total Space | 18.73 Gb Free Space | 25.22% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-USER | User Name: Ray | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre1.5.0_04\bin\javaw.exe" = C:\Program Files\Java\jre1.5.0_04\bin\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Shareaza\Shareaza.exe" = C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza -- (Shareaza Development Team)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI card Driver
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 26
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}" = Atheros Client Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B061AE9B-35BC-4D89-A93D-C8972ABAF4F9}" = HostileSpaceRevived
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{BE3F89C0-42D5-11D5-A40A-00105AC8331A}" = Metamail (Toshiba Registration Utility)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2A0B573-BDC0-4F5B-9202-A8D9B7781664}" = GEAR driver installer for x86 and x64
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E64C137C-D0B7-467A-B47F-460AAB30F0A3}" = ViewNX 2
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"1489-3350-5074-6281" = JDownloader 0.9
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"CD/DVD-ROM Generator" = CD/DVD-ROM Generator 2.00
"conduitEngine" = Conduit Engine
"DivX Setup" = DivX Setup
"FLV Player2.0.25" = FLV Player
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"IrfanView" = IrfanView (remove only)
"Lexmark 730 Series" = Lexmark 730 Series
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"N360" = Norton 360
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenDNS Updater" = OpenDNS Updater 2.2.1
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"Power Saver" = TOSHIBA Power Saver
"Road_Runner Toolbar" = Road Runner Toolbar
"Shareaza_is1" = Shareaza 2.5.5.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.8.1.2218
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"UltraFXP" = UltraFXP (remove only)
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.11
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-651098575-289067284-1953961353-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.0.0.320
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/5/2012 5:55:28 PM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 9.0.1.4371, faulting module
msvcr80.dll, version 8.0.50727.6195, fault address 0x00048b76.

Error - 1/5/2012 5:55:28 PM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 9.0.1.4371, faulting module
msvcr80.dll, version 8.0.50727.6195, fault address 0x00048b76.

Error - 1/5/2012 6:09:11 PM | Computer Name = TOSHIBA-USER | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

Error - 1/6/2012 9:45:14 AM | Computer Name = TOSHIBA-USER | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800700E7 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/6/2012 9:45:15 AM | Computer Name = TOSHIBA-USER | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 1/7/2012 2:57:44 AM | Computer Name = TOSHIBA-USER | Source = VSS | ID = 12292
Description = Volume Shadow Copy Service error: Error creating the Shadow Copy Provider
COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x8007000e].

Error - 1/7/2012 9:36:37 AM | Computer Name = TOSHIBA-USER | Source = VSS | ID = 12292
Description = Volume Shadow Copy Service error: Error creating the Shadow Copy Provider
COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x8007000e].

Error - 1/7/2012 3:55:54 PM | Computer Name = TOSHIBA-USER | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\events\evregistrar.cpp(404),
hr = 800706ba: Failed to remove transient subscription due to EventSystem erro

Error - 1/7/2012 3:55:58 PM | Computer Name = TOSHIBA-USER | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\events\evregistrar.cpp(503),
hr = 800706ba: Failed to delete subscription

Error - 1/8/2012 8:49:23 AM | Computer Name = TOSHIBA-USER | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

[ OSession Events ]
Error - 5/23/2010 5:46:05 PM | Computer Name = TOSHIBA-USER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 21208
seconds with 4920 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 1/9/2012 11:00:40 AM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service lxcf_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E44106F}

Error - 1/9/2012 11:00:40 AM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxcf_device service to
connect.

Error - 1/9/2012 11:00:40 AM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The lxcf_device service failed to start due to the following error:
%%1053

Error - 1/9/2012 11:01:11 AM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service lxcf_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E44106F}

Error - 1/9/2012 11:01:11 AM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxcf_device service to
connect.

Error - 1/9/2012 11:01:11 AM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The lxcf_device service failed to start due to the following error:
%%1053

Error - 1/9/2012 11:05:40 AM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the N360 service.

Error - 1/9/2012 11:07:13 AM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the SSDP Discovery Service
service to connect.

Error - 1/9/2012 11:07:15 AM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The SSDP Discovery Service service failed to start due to the following
error: %%1053

Error - 1/9/2012 2:01:26 PM | Computer Name = TOSHIBA-USER | Source = SRTSP | ID = 524292
Description = Error loading virus definitions.


< End of report >

Edited by Tallgeese3, 09 January 2012 - 03:18 PM.


#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:01 AM

Posted 10 January 2012 - 08:51 AM

Hi!

Thanks for letting me know that.

I see you ran ComboFix. I'd like to see the log file from it.

Locating ComboFix Log
  • Right click on START on the left end of your Windows toolbar (lower left corner of your screen)
  • Click on Explore
  • Click on Local Disk (C:) in the left-hand window pane
  • Look for ComboFix.txt in the right-hand window pane and right click on it
  • Put your cursor (arrow) on Open With
  • Move your cursor to the new menu that opens and click on Choose Program...
  • Click on Notepad

When file opens, Copy/Paste text here.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 Tallgeese3

Tallgeese3
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 10 January 2012 - 11:07 AM

ComboFix Scan -

ComboFix 12-01-05.04 - Ray 01/09/2012 6:05.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.154 [GMT -8:00]
Running from: c:\documents and settings\Ray\My Documents\Downloads\ComboFix.exe
AV: *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-09 to 2012-01-09 )))))))))))))))))))))))))))))))
.
.
2012-01-09 13:54 . 2012-01-09 13:56 -------- d-----w- C:\32788R22FWJFW
2012-01-07 20:07 . 2012-01-07 20:07 -------- d-----w- c:\documents and settings\Ray\Application Data\Malwarebytes
2012-01-07 20:06 . 2012-01-07 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-06 08:47 . 2009-06-30 18:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2012-01-06 08:45 . 2012-01-06 08:45 -------- d-----w- c:\program files\Panda Security
2011-12-30 08:41 . 2011-12-30 08:41 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2011-12-30 08:40 . 2011-12-30 08:41 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2011-12-30 08:40 . 2011-12-30 08:40 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2011-12-30 08:40 . 2011-12-30 08:40 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2011-12-23 02:30 . 2011-12-23 02:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Nikon
2011-12-22 10:32 . 2011-12-22 10:32 -------- d-----w- c:\documents and settings\Ray\Local Settings\Application Data\Nikon
2011-12-22 10:28 . 2011-12-22 10:33 -------- d-----w- c:\documents and settings\Ray\Application Data\Nikon
2011-12-22 10:18 . 2011-12-22 10:18 57344 ----a-r- c:\documents and settings\Ray\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2011-12-22 10:04 . 2011-12-22 10:17 -------- d-----w- c:\program files\Common Files\Nikon
2011-12-22 10:04 . 2011-12-22 10:19 -------- d-----w- c:\program files\Nikon
2011-12-22 10:02 . 2011-12-22 10:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Ultima_T15
2011-12-22 10:02 . 2011-12-22 10:12 -------- d-----w- c:\documents and settings\All Users\Application Data\EnterNHelp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 13:25 . 2005-11-05 00:53 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 10:19 . 2011-05-20 06:46 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-14 03:45 . 2011-11-14 03:45 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-11-14 03:45 . 2011-11-14 03:45 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-11-12 03:13 . 2008-05-27 05:18 186880 -c----w- c:\windows\system32\searchprotocolhost.exe
2011-11-09 16:03 . 2005-11-05 03:20 114688 ----a-w- c:\windows\system32\DVDRAMSV.exe
2011-11-09 16:02 . 2008-07-01 04:05 36864 ----a-w- c:\windows\system32\acs.exe
2011-11-09 16:02 . 2005-08-04 06:02 380928 ----a-w- c:\windows\system32\ati2evxx.exe
2011-11-04 19:20 . 2005-11-05 00:53 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2005-11-05 00:52 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2005-11-05 00:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2005-11-05 00:52 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2005-11-05 00:53 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2005-11-05 00:52 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2005-11-05 00:53 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-20 23:26 . 2011-10-20 23:26 94208 -c--a-w- c:\windows\system32\dpl100.dll
2011-10-18 11:13 . 2005-11-05 00:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-12-30 08:40 . 2011-03-24 01:05 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-04-01 05:47 . 2008-08-12 07:12 324976 -c--a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-01-06_06.50.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-09 12:50 . 2012-01-09 12:50 16384 c:\windows\Temp\Perflib_Perfdata_594.dat
+ 2012-01-09 12:52 . 2012-01-09 12:52 16384 c:\windows\Temp\Perflib_Perfdata_1a0.dat
+ 2009-08-04 22:06 . 2009-08-04 22:06 132352 c:\windows\Downloaded Program Files\as2stubie.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e4878b45-e2c0-4307-b6e8-734922f92f5b}"= "c:\program files\Road_Runner\prxtbRoa0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{e4878b45-e2c0-4307-b6e8-734922f92f5b}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-27 18:28 3908192 -c--a-w- c:\program files\ConduitEngine\ConduitEngin0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e4878b45-e2c0-4307-b6e8-734922f92f5b}]
2011-05-09 09:49 176936 -c--a-w- c:\program files\Road_Runner\prxtbRoa0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
c:\program files\Yontoo Layers Runtime\YontooIEClient.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2010-10-27 3908192]
"{e4878b45-e2c0-4307-b6e8-734922f92f5b}"= "c:\program files\Road_Runner\prxtbRoa0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{e4878b45-e2c0-4307-b6e8-734922f92f5b}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E4878B45-E2C0-4307-B6E8-734922F92F5B}"= "c:\program files\Road_Runner\prxtbRoa0.dll" [2011-05-09 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2010-10-27 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{e4878b45-e2c0-4307-b6e8-734922f92f5b}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"OpenDNS Updater"="c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-10 15473664]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"TFncKy"="TFncKy.exe" [BU]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2005-11-25 352256]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-07-15 1077322]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-20 107816]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1343488]
"LXCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 73728]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-26 619008]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-03-09 12:30 247728 -c--a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TomTomHOMEService"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [1/6/2012 12:47 AM 28552]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SymDS.sys [11/13/2011 7:44 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SymEFA.sys [11/13/2011 7:44 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111223.001\BHDrvx86.sys [11/30/2011 6:25 PM 820344]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.sys [11/13/2011 7:43 PM 136312]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/17/2011 1:37 PM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120106.002\IDSXpx86.sys [1/6/2012 9:04 PM 356280]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [4/16/2011 9:39 AM 386784]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\41.tmp --> c:\windows\system32\41.tmp [?]
S3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\Drivers\Pcouffin.sys --> c:\windows\system32\Drivers\Pcouffin.sys [?]
S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\Drivers\PROCEXP151.SYS --> c:\windows\system32\Drivers\PROCEXP151.SYS [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/17/2009 9:41 PM 721904]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 49028141
*Deregistered* - 49028141
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download with &Shareaza - c:\program files\Shareaza\RazaWebHook32.dll/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
Trusted Zone: r2games.com\cs
Trusted Zone: r2games.com\platform
Trusted Zone: rr.com\www
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3FD7B931-4F1C-454E-8866-DA4DDB7AB55E}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{E3155360-C534-4C96-8752-09C54973E8AA}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\Ray\Application Data\Mozilla\Firefox\Profiles\699umw53.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856416&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Radio TV 1 Customized Web Search
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856416&q=
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 8118
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 8118
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extentions.y2layers.installId, 97f7ecf8-8d4a-4308-980d-5195ce0472ca
FF - user.js: extentions.y2layers.defaultEnableAppsList - PageRage,PageRageGlobal,Buzzdock,BuzzdockTease,PageRage,PageRageGlobal,
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-09 06:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\41.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0ae45833-e763-4b6d-b070-b1c4bae96637}]
@Denied: (Full) (Everyone)
"Model"=dword:000000ff
"Therad"=dword:00000001
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):f8,93,46,af,5e,ad,be,4a,77,5a,da,47,32,dd,69,61,73,2d,23,33,c1,
89,c3,50,94,26,26,fb,48,89,22,4e,bd,45,2e,60,00,34,5e,33,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3060)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-01-09 06:54:29
ComboFix-quarantined-files.txt 2012-01-09 14:54
ComboFix2.txt 2012-01-06 07:03
ComboFix3.txt 2011-11-15 09:16
ComboFix4.txt 2011-11-12 14:43
ComboFix5.txt 2012-01-09 13:57
.
Pre-Run: 19,604,639,744 bytes free
Post-Run: 20,070,711,296 bytes free
.
- - End Of File - - BFA5A9D016AF53AFC3B5529F72738E69

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:01 AM

Posted 11 January 2012 - 02:14 AM

Hi!

Did you set these proxies in Firefox?

FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 8118

Back-Up Registry
First, we need to backup your registry:
Please go to Start > Run
Paste in the following line:

regedit /e c:\registrybackup.reg

Click OK.
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.


NEXT:



Remove Program
We need to remove a program. To do this please do the following:
  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if present):
  • J2SE Runtime Environment 5.0 Update 4
  • Viewpoint Media Player<== If you don't use it, then I suggest removing it.


NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Java\jre1.5.0_04\bin\javaw.exe"=-
    :Files
    dir /s /a "C:\{FE3270DE-B088-4163-B53D-419E2CD082BE}" /c
    dir /s /a "C:\{BBF9CDC0-A16D-4CC6-BB84-6D89A8C5C8DC}" /c
    dir /s /a "C:\{AF41EB97-17A0-463B-ABCE-2478E4BBEADF}" /c
    dir /s /a "C:\{6D0E6346-0187-4A40-AFFF-BC77C08D5EE4}" /c
    dir /s /a "C:\{8731DC03-3996-4EF6-BCCC-1DB6018EFE84}" /c
    dir /s /a "C:\{6FE57F48-A873-43FB-A28E-B5E57FE82AC6}" /c
    dir /s /a "C:\{44A254BA-79A6-4D74-B2D9-68D0D8146CD9}" /c
    dir /s /a "C:\{AD02447D-D76B-4678-95B1-A83028D53A5E}" /c
    dir /s /a "C:\{22C3FCBC-64C7-402F-B552-34ACB8BC2BA3}" /c
    dir /s /a "C:\Documents and Settings\All Users\Application Data\Plug-Ins" /c
    dir /s /a "C:\Documents and Settings\All Users\Application Data\People" /c
    dir /s /a "C:\{CCFE0CB7-38CD-4E1F-9DCA-B875273EF1D2}" /c
    dir /s /a "C:\Documents and Settings\All Users\Application Data\Pedal Hard" /c
    dir /s /a "C:\Documents and Settings\Ray\Application Data\Overdrive" /c
    dir /s /a "C:\Documents and Settings\Ray\Application Data\PDEs" /c
    dir /s /a "C:\Documents and Settings\Ray\Application Data\Organs" /c
    dir /s /a "C:\Documents and Settings\All Users\Application Data\Plants" /c
    dir /s /a "C:\{ADA533DC-3779-4432-B517-4FCCBD5A36FC}" /c
    dir /s /a "C:\{08E76D4B-8209-4CEA-B97B-F96238DFCB1E}" /c
    dir /s /a "C:\{9128D5A4-67B9-4AB2-82C6-FA0B24FC265B}" /c
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Scanning with MalwareBytes' Anti-Malware

Please download Malwarebytes' Anti-Malware (v1.51.0.1200) and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 Tallgeese3

Tallgeese3
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 12 January 2012 - 04:44 AM

Thanks for all the help so far. I remember when I was on page 3, now I'm page 12! So many request for help I don't know how yall manage >.> .


Yes I'm sure I set those FireFox proxies but I can't really recall for what. Most likely for a game or program though.


Did the backup registry step.

Got rid of the two programs.


OTL fix -

All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Java\jre1.5.0_04\bin\javaw.exe not found.
========== FILES ==========
< dir /s /a "C:\{FE3270DE-B088-4163-B53D-419E2CD082BE}" /c >
Volume in drive C is SQ003982P01
Volume Serial Number is 141E-885D
Directory of C:\
01/08/2012 10:52 AM 31,720 {FE3270DE-B088-4163-B53D-419E2CD082BE}
1 File(s) 31,720 bytes
Total Files Listed:
1 File(s) 31,720 bytes
0 Dir(s) 10,163,441,664 bytes free
C:\Documents and Settings\Ray\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Ray\My Documents\Downloads\cmd.txt deleted successfully.
< dir /s /a "C:\{BBF9CDC0-A16D-4CC6-BB84-6D89A8C5C8DC}" /c >
Volume in drive C is SQ003982P01
Volume Serial Number is 141E-885D
Directory of C:\
01/07/2012 11:43 AM 5,981,248 {BBF9CDC0-A16D-4CC6-BB84-6D89A8C5C8DC}
1 File(s) 5,981,248 bytes
Total Files Listed:
1 File(s) 5,981,248 bytes
0 Dir(s) 10,163,392,512 bytes free
C:\Documents and Settings\Ray\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Ray\My Documents\Downloads\cmd.txt deleted successfully.
< dir /s /a "C:\{AF41EB97-17A0-463B-ABCE-2478E4BBEADF}" /c >
Volume in drive C is SQ003982P01
Volume Serial Number is 141E-885D
Directory of C:\
01/07/2012 06:55 AM 928 {AF41EB97-17A0-463B-ABCE-2478E4BBEADF}
1 File(s) 928 bytes
Total Files Listed:
1 File(s) 928 bytes
0 Dir(s) 10,163,363,840 bytes free
C:\Documents and Settings\Ray\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Ray\My Documents\Downloads\cmd.txt deleted successfully.
< dir /s /a "C:\{6D0E6346-0187-4A40-AFFF-BC77C08D5EE4}" /c >
Volume in drive C is SQ003982P01
Volume Serial Number is 141E-885D
Directory of C:\
01/07/2012 01:12 AM 2,016 {6D0E6346-0187-4A40-AFFF-BC77C08D5EE4}
1 File(s) 2,016 bytes
Total Files Listed:
1 File(s) 2,016 bytes
0 Dir(s) 10,163,359,744 bytes free
C:\Documents and Settings\Ray\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Ray\My Documents\Downloads\cmd.txt deleted successfully.
< dir /s /a "C:\{8731DC03-3996-4EF6-BCCC-1DB6018EFE84}" /c >
Volume in drive C is SQ003982P01
Volume Serial Number is 141E-885D
Directory of C:\
12/31/2011 04:51 AM 31,544 {8731DC03-3996-4EF6-BCCC-1DB6018EFE84}
1 File(s) 31,544 bytes
Total Files Listed:
1 File(s) 31,544 bytes
0 Dir(s) 10,163,359,744 bytes free
C:\Documents and Settings\Ray\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Ray\My Documents\Downloads\cmd.txt deleted successfully.
< dir /s /a "C:\{6FE57F48-A873-43FB-A28E-B5E57FE82AC6}" /c >
Volume in drive C is SQ003982P01
Volume Serial Number is 141E-885D
Directory of C:\
12/30/2011 02:34 PM 9,160 {6FE57F48-A873-43FB-A28E-B5E57FE82AC6}
1 File(s) 9,160 bytes
Total Files Listed:
1 File(s) 9,160 bytes
0 Dir(s) 10,163,359,744 bytes free
C:\Documents and Settings\Ray\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Ray\My Documents\Downloads\cmd.txt deleted successfully.
< dir /s /a "C:\{44A254BA-79A6-4D74-B2D9-68D0D8146CD9}" /c >
Volume in drive C is SQ003982P01
Volume Serial Number is 141E-885D
Directory of C:\
12/25/2011 07:14 AM 31,840 {44A254BA-79A6-4D74-B2D9-68D0D8146CD9}
1 File(s) 31,840 bytes
Total Files Listed:
1 File(s) 31,840 bytes
0 Dir(s) 10,163,359,744 bytes free
C:\Documents and Settings\Ray\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Ray\My Documents\Downloads\cmd.txt deleted successfully.
< dir /s /a "C:\{AD02447D-D76B-4678-95B1-A83028D53A5E}" /c >
Volume in drive C is SQ003982P01
Volume Serial Number is 141E-885D
Directory of C:\
12/24/2011 12:06 AM 440 {AD02447D-D76B-4678-95B1-A83028D53A5E}
1 File(s) 440 bytes
Total Files Listed:
1 File(s) 440 bytes
0 Dir(s) 10,163,359,744 bytes free
C:\Documents and Settings\Ray\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Ray\My Documents\Downloads\cmd.txt deleted successfully.
< dir /s /a "C:\{22C3FCBC-64C7-402F-B552-34ACB8BC2BA3}" /c >
Volume in drive C is SQ003982P01
Volume Serial Number is 141E-885D
Directory of C:\
12/22/2011 12:02 PM 592 {22C3FCBC-64C7-402F-B552-34ACB8BC2BA3}
1 File(s) 592 bytes
Total Files Listed:
1 File(s) 592 bytes
0 Dir(s) 10,163,331,072 bytes free
C:\Documents and Settings\Ray\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Ray\My Documents\Downloads\cmd.txt deleted successfully.
< dir /s /a "C:\Documents and Settings\All Users\Application Data\Plug-Ins" /c >
Volume in drive C is SQ003982P01
Volume Serial Number is 141E-885D
Directory of C:\Documents and Settings\All Users\Application Data
12/22/2011 02:12 AM 12 Plug-Ins
1 File(s) 12 bytes
Total Files Listed:
1 File(s) 12 bytes
0 Dir(s) 10,163,335,168 bytes free
C:\Documents and Settings\Ray\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Ray\My Documents\Downloads\cmd.txt deleted successfully.
< dir /s /a "C:\Documents and Settings\All Users\Application Data\People" /c >
Volume in drive C is SQ003982P01
Volume Serial Number is 141E-885D
Directory of C:\Documents and Settings\All Users\Application Data
12/22/2011 02:02 AM 268 People
1 File(s) 268 bytes
Total Files Listed:
1 File(s) 268 bytes
0 Dir(s) 10,163,359,744 bytes free
C:\Documents and Settings\Ray\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Ray\My Documents\Downloads\cmd.txt deleted successfully.
< dir /s /a "C:\{CCFE0CB7-38CD-4E1F-9DCA-B875273EF1D2}" /c >
Volume in drive C is SQ003982P01
Volume Serial Number is 141E-885D
Directory of C:\
12/17/2011 06:44 PM 440 {CCFE0CB7-38CD-4E1F-9DCA-B875273EF1D2}
1 File(s) 440 bytes
Total Files Listed:
1 File(s) 440 bytes
0 Dir(s) 10,163,359,744 bytes free
C:\Documents and Settings\Ray\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Ray\My Documents\Downloads\cmd.txt deleted successfully.
< dir /s /a "C:\Documents and Settings\All Users\Application Data\Pedal Hard" /c >
Volume in drive C is SQ003982P01
Volume Serial Number is 141E-885D
Directory of C:\Documents and Settings\All Users\Application Data
12/22/2011 02:12 AM 268 Pedal Hard
1 File(s) 268 bytes
Total Files Listed:
1 File(s) 268 bytes
0 Dir(s) 10,163,359,744 bytes free
C:\Documents and Settings\Ray\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Ray\My Documents\Downloads\cmd.txt deleted successfully.
< dir /s /a "C:\Documents and Settings\Ray\Application Data\Overdrive" /c >
Volume in drive C is SQ003982P01
Volume Serial Number is 141E-885D
Directory of C:\Documents and Settings\Ray\Application Data
12/22/2011 02:12 AM 268 Overdrive
1 File(s) 268 bytes
Total Files Listed:
1 File(s) 268 bytes
0 Dir(s) 10,163,359,744 bytes free
C:\Documents and Settings\Ray\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Ray\My Documents\Downloads\cmd.txt deleted successfully.
< dir /s /a "C:\Documents and Settings\Ray\Application Data\PDEs" /c >
Volume in drive C is SQ003982P01
Volume Serial Number is 141E-885D
Directory of C:\Documents and Settings\Ray\Application Data
12/22/2011 02:02 AM 268 PDEs
1 File(s) 268 bytes
Total Files Listed:
1 File(s) 268 bytes
0 Dir(s) 10,163,359,744 bytes free
C:\Documents and Settings\Ray\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Ray\My Documents\Downloads\cmd.txt deleted successfully.
< dir /s /a "C:\Documents and Settings\Ray\Application Data\Organs" /c >
Volume in drive C is SQ003982P01
Volume Serial Number is 141E-885D
Directory of C:\Documents and Settings\Ray\Application Data
12/22/2011 02:02 AM 268 Organs
1 File(s) 268 bytes
Total Files Listed:
1 File(s) 268 bytes
0 Dir(s) 10,163,359,744 bytes free
C:\Documents and Settings\Ray\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Ray\My Documents\Downloads\cmd.txt deleted successfully.
< dir /s /a "C:\Documents and Settings\All Users\Application Data\Plants" /c >
Volume in drive C is SQ003982P01
Volume Serial Number is 141E-885D
Directory of C:\Documents and Settings\All Users\Application Data
12/22/2011 02:02 AM 12 Plants
1 File(s) 12 bytes
Total Files Listed:
1 File(s) 12 bytes
0 Dir(s) 10,163,359,744 bytes free
C:\Documents and Settings\Ray\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Ray\My Documents\Downloads\cmd.txt deleted successfully.
< dir /s /a "C:\{ADA533DC-3779-4432-B517-4FCCBD5A36FC}" /c >
Volume in drive C is SQ003982P01
Volume Serial Number is 141E-885D
Directory of C:\
12/17/2011 01:45 PM 280 {ADA533DC-3779-4432-B517-4FCCBD5A36FC}
1 File(s) 280 bytes
Total Files Listed:
1 File(s) 280 bytes
0 Dir(s) 10,163,359,744 bytes free
C:\Documents and Settings\Ray\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Ray\My Documents\Downloads\cmd.txt deleted successfully.
< dir /s /a "C:\{08E76D4B-8209-4CEA-B97B-F96238DFCB1E}" /c >
Volume in drive C is SQ003982P01
Volume Serial Number is 141E-885D
Directory of C:\
12/17/2011 01:45 PM 1,704 {08E76D4B-8209-4CEA-B97B-F96238DFCB1E}
1 File(s) 1,704 bytes
Total Files Listed:
1 File(s) 1,704 bytes
0 Dir(s) 10,163,359,744 bytes free
C:\Documents and Settings\Ray\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Ray\My Documents\Downloads\cmd.txt deleted successfully.
< dir /s /a "C:\{9128D5A4-67B9-4AB2-82C6-FA0B24FC265B}" /c >
Volume in drive C is SQ003982P01
Volume Serial Number is 141E-885D
Directory of C:\
12/15/2011 05:31 AM 2,328 {9128D5A4-67B9-4AB2-82C6-FA0B24FC265B}
1 File(s) 2,328 bytes
Total Files Listed:
1 File(s) 2,328 bytes
0 Dir(s) 10,163,359,744 bytes free
C:\Documents and Settings\Ray\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Ray\My Documents\Downloads\cmd.txt deleted successfully.
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\WINDOWS\system32\drivers\etc\hosts
C:\Documents and Settings\Ray\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Ray\My Documents\Downloads\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Ray\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Ray\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56516 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5505158 bytes
->Flash cache emptied: 10483 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 2825 bytes
->Flash cache emptied: 11978 bytes

User: Ray
->Temp folder emptied: 12960235 bytes
->Temporary Internet Files folder emptied: 44696443 bytes
->Java cache emptied: 24463190 bytes
->FireFox cache emptied: 28208480 bytes
->Flash cache emptied: 1222 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3842494 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 31492074 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 57988 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 144.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Ray
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default User

User: LocalService

User: NetworkService
->Java cache emptied: 0 bytes

User: Ray
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01122012_144851

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\Perflib_Perfdata_1b4.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...




Malwarebytes scan-

www.malwarebytes.org

Database version: v2012.01.12.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Ray :: TOSHIBA-USER [administrator]

Protection: Disabled

1/12/2012 12:28:23 AM
mbam-log-2012-01-12 (00-28-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 1978
Time elapsed: 23 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Edited by Tallgeese3, 12 January 2012 - 07:11 PM.


#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:01 AM

Posted 13 January 2012 - 01:13 AM

Hi!

Thanks for all the help so far. I remember when I was on page 3, now I'm page 12! So many request for help I don't know how yall manage >.> .

You're more than welcome! I'm glad to be able to provide assistance to yu.


Yes I'm sure I set those FireFox proxies but I can't really recall for what. Most likely for a game or program though.

Okay, that's fine, I just wanted to make sure that you set them yourself. Many times malware will set a malicious proxy.

Did the backup registry step.

Got rid of the two programs.

Okay. :)

I need to have you help me out with something.

I would like for you to browse to each of these folders and see if anything is in any of them.

You can do this by going to Start > My Computer > Clicking on C:\ drive.

Locate the first file named: {FE3270DE-B088-4163-B53D-419E2CD082BE}

Double click on the folder and it should open for you.

If you see anything in there, please let me know.

C:\{FE3270DE-B088-4163-B53D-419E2CD082BE}
C:\{BBF9CDC0-A16D-4CC6-BB84-6D89A8C5C8DC}
C:\{AF41EB97-17A0-463B-ABCE-2478E4BBEADF}
C:\{6D0E6346-0187-4A40-AFFF-BC77C08D5EE4}
C:\{8731DC03-3996-4EF6-BCCC-1DB6018EFE84}
C:\{6FE57F48-A873-43FB-A28E-B5E57FE82AC6}
C:\{44A254BA-79A6-4D74-B2D9-68D0D8146CD9}
C:\{AD02447D-D76B-4678-95B1-A83028D53A5E}
C:\{22C3FCBC-64C7-402F-B552-34ACB8BC2BA3}
C:\{ADA533DC-3779-4432-B517-4FCCBD5A36FC}
C:\{08E76D4B-8209-4CEA-B97B-F96238DFCB1E}
C:\{9128D5A4-67B9-4AB2-82C6-FA0B24FC265B}
C:\{CCFE0CB7-38CD-4E1F-9DCA-B875273EF1D2}

Do you recognize these folders below? Can you please browse into them and see if anything is in them?

You'll probably need to enable hidden folders to view the Application Data folder, so we'll enable that now.

Please Set Your System to Show Hidden Files
  • Go to Start -> My Computer (Or click the My Computer icon on your desktop)
  • Go to the Tools Menu -> Folder Options.
  • Select the "View" tab.
  • Where you see Posted Image, click the Posted Image radio button.
  • Uncheck "Hide extensions for known file types"
  • Uncheck "Hide protected operating system files"
  • Click Ok.
  • Exit/Close My Computer.

C:\Documents and Settings\All Users\Application Data\Plug-Ins
C:\Documents and Settings\All Users\Application Data\People
C:\Documents and Settings\All Users\Application Data\Pedal Hard
C:\Documents and Settings\Ray\Application Data\Overdrive
C:\Documents and Settings\Ray\Application Data\PDEs
C:\Documents and Settings\Ray\Application Data\Organs
C:\Documents and Settings\All Users\Application Data\Plants


---------

We will also be running an Online Virus Scanner to search for any remedies of files that may need to be removed.


ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:


Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:01 AM

Posted 16 January 2012 - 05:16 AM

Do you still require assistance in getting your computer clean?

Edited by SweetTech, 16 January 2012 - 05:17 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:01 AM

Posted 25 January 2012 - 09:15 AM

Due to lack of feedback this thread will now be closed. If you still require assistance, and would like to have your thread re-opened, please feel free to send me a Private Message (PM) being sure to include a link to your topic, and I'd be happy to re-open it.


Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users