Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problem after Backdoor. Tidserv Removal


  • This topic is locked This topic is locked
28 replies to this topic

#1 kimballa

kimballa

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 18 January 2012 - 01:35 AM

Hi,

My OS is Windows XP. About 3 weeks ago I switched the virus protection software to Norton 360 5.1. After installing Norton, it detected Backdoor.Tidserv. I downloaded the removal tool (FixTDSS.exe) from Symantec and followed the instructions including turning off System Restore. In the process of rebooting the PC, the blue screen of death appeared with message more than twice: STOP: 0X0000007E (0SC0000005, 0XB334AA85, 0XBA4C74A8). I had to start up with SAFE mode. I also downloaded the Windows Recovery Console, but I did not do anything with it. After several attempts, the PC started with normal screen. I finally executed the FixTDSSS file, but it did not find anything. Since then the PC has been running extremely slow, and some of the programs don't work including Outlook Express, MS Office 2003. I disabled some startup programs. Often the system usage is close to 100 percent. I need help.

Kimballa

BC AdBot (Login to Remove)

 


#2 kimballa

kimballa
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 19 January 2012 - 08:42 PM

I now can submit my DDS file and GMER file. Since my PC is so slow, It took a long long time to create these files. I downloaded the dixmlsetup file, but have not backuped my PC yet. Am working on it.

Thank you.

DDS file----------------------------------------------------

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_24
Run by Kim at 12:22:38 on 2012-01-19
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2469 [GMT -8:00]
.
AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ping.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Kim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1061216
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\StylerTB.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: mswsock.dll
DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=67633
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} - hxxp://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203727848468
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} - hxxp://www.linksysfix.com/netcheck/67/install/gtdownls.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E7D2588A-7FB5-47DC-8830-832605661009} - hxxp://livenj02.custhelp.com/7520-b289h/rnl/java/RntX.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6A098755-65E0-4E79-B2C2-A4EA58BB5397} : DhcpNameServer = 192.168.1.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2010-4-6 20104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20111223.001\BHDrvx86.sys [2011-11-30 820344]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2007-1-4 70016]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-12-29 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120118.003\IDSXpx86.sys [2012-1-18 356280]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120119.002\NAVENG.SYS [2012-1-19 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120119.002\NAVEX15.SYS [2012-1-19 1576312]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2007-10-1 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2007-10-1 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2007-10-1 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2007-10-1 10368]
S3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\drivers\btcomport.sys --> c:\windows\system32\drivers\btcomport.sys [?]
S3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\drivers\btcombus.sys --> c:\windows\system32\drivers\btcombus.sys [?]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2010-4-6 25864]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [2006-3-10 39424]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2010-4-6 23048]
S3 NmPar;PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [2011-5-29 81920]
.
=============== Created Last 30 ================
.
2012-01-04 18:04:12 -------- d-----w- c:\documents and settings\kim\application data\Tific
2012-01-04 18:04:05 -------- d-----w- c:\documents and settings\kim\local settings\application data\Symantec
2011-12-29 23:36:43 -------- d-sh--r- C:\cmdcons
2011-12-29 23:36:41 -------- d-----w- c:\windows\setup.pss
2011-12-29 23:32:18 -------- d-----w- c:\windows\setupupd
2011-12-29 22:05:39 369784 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symtdi.sys
2011-12-29 22:05:39 331384 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys
2011-12-29 22:05:39 296568 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symnets.sys
2011-12-29 22:05:38 744568 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symefa.sys
2011-12-29 22:05:38 516216 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\srtsp.sys
2011-12-29 22:05:38 50168 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\srtspx.sys
2011-12-29 22:05:38 340088 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symds.sys
2011-12-29 22:05:38 136312 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\ironx86.sys
2011-12-29 22:05:10 -------- d-----w- c:\windows\system32\drivers\n360\0501000.01D
2011-12-29 19:48:36 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-12-29 19:48:36 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-12-29 19:48:36 -------- d-----w- c:\program files\Symantec
2011-12-29 19:47:51 -------- d-----w- c:\windows\system32\drivers\N360
2011-12-29 19:47:45 -------- d-----w- c:\program files\Norton 360
2011-12-29 19:47:45 -------- d-----w- c:\documents and settings\all users\application data\Norton
2011-12-29 19:40:49 -------- d-----w- c:\program files\NortonInstaller
2011-12-29 19:40:49 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
2011-12-29 19:40:04 148385712 ----a-w- c:\program files\N360_5.0.0.125_SYMTB_CNET_LOEM_MRFTT_233_5628_1C.exe
2011-12-27 07:23:47 -------- d-----w- c:\documents and settings\kim\application data\Malwarebytes
2011-12-27 07:23:22 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-27 07:23:18 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-27 07:23:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-12-29 17:30:27 22032 ----a-w- c:\windows\DCEBoot.exe
2011-06-27 22:08:54 2516992 ----a-w- c:\program files\Dse104e.exe
2008-09-20 04:07:23 4548042 ----a-w- c:\program files\PDRSETUP.EXE
2008-07-15 01:14:00 20308376 ----a-w- c:\program files\iTunesSetup.exe
2008-02-04 01:36:15 1305088 -c--a-w- c:\program files\NF_Movie_Player_211.msi
.
============= FINISH: 12:31:49.31 ===============

Attached Files



#3 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:24 PM

Posted 20 January 2012 - 02:56 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log.
3. Farbar Service Scanner log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
Agent ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#4 kimballa

kimballa
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 20 January 2012 - 12:58 PM

Hi Agent ST,

Thank you so much for taking time to analyze our situation.
After reading your post, I am scared about the situation, and I would like to ask you if it is worth going through the processes to remove rootkit and backdoor trojan. I have not yet followed your instructions at this point.

*It is Dell Dimension 9200 desktop and is more than 5 years old.
*It is connected to the router by USB, not wireless.
*It used be shared by 3 family members, so it has three Windows accounts.
*I have been using this PC for personal use, but my wife used to use it for banking, Quicken, and other money transactions.
*Besides this infected PC, one laptop with Windows XP and two laptops with Windows 7 are sharing Time-Warner cable internet through a Netgear router wirelessly.
*At this point, we have no indication that any of our financial accounts have been compromised, but nor have we contacted them yet.
*Is there any chance that the other three laptops are affected by these rootkit and backdoor somehow?
*The first sign of infection was late November, 2011, and we could not block third party cookies. At the time we had TrendMicro Internet Security. Also, the Windows Automatic Updates could not be turned on.

Thank you again for your time and assistance.

Kimballa

P.S. Are you really in Antarctica?

#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:24 PM

Posted 21 January 2012 - 01:56 AM

Hi kimballa!

After reading your post, I am scared about the situation, and I would like to ask you if it is worth going through the processes to remove rootkit and backdoor trojan. I have not yet followed your instructions at this point.

Okay, not a problem, I know how you are feeling. I've been in your shoes before.

*It is Dell Dimension 9200 desktop and is more than 5 years old.
*It is connected to the router by USB, not wireless.
*It used be shared by 3 family members, so it has three Windows accounts.

Okay, thanks for that information.

*I have been using this PC for personal use, but my wife used to use it for banking, Quicken, and other money transactions.

*At this point, we have no indication that any of our financial accounts have been compromised, but nor have we contacted them yet.

Okay. I would contact them as soon as you can, and make sure they are aware that you're computer has been infected by a backdoor trojan, and your account maybe comprimised.

*Besides this infected PC, one laptop with Windows XP and two laptops with Windows 7 are sharing Time-Warner cable internet through a Netgear router wirelessly.
*Is there any chance that the other three laptops are affected by these rootkit and backdoor somehow?

This is one of those questions that really depends. If you were trasnferring files between this computer and one of the others, then it's possible the other computers were comprimised.

Are you experiencing any issues on the other computer.

*The first sign of infection was late November, 2011, and we could not block third party cookies. At the time we had TrendMicro Internet Security. Also, the Windows Automatic Updates could not be turned on.

Okay. This means that this infection could/has been active on your system since November 2011.

If this were my computer, I'd reformat and re-install the operating system.

If you have the Windows XP discs, I'd suggest you reformat and re-install the operating system, as you can't really be sure what damage this infection has done since November.

I can do my best to clean this infection up if you wish to proceed with that, but there isn't anyway that you'll know this computer is 100% secure. The only way to gurantee that is to perform a full reformat and re-install.

Please let me know what you're thinking.

If you have any other questions, please feel free to ask them.

Let me know,
Agent ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#6 kimballa

kimballa
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 21 January 2012 - 03:56 PM

Hi Agent ST,

Thank you for replying to my questions and concerns.
Although we may end up with reformatting and re-installing Windows XP, I would like to fix the current problems to the point where the PC can operate with decent speed.
With that in mind, I proceeded with your original instructions: Kaspersky TDSSkiller, Farbar Service Scanner, and Running OTL.

Let me point out one thing. When I ran TDSSkiller and the all the threats were listed, I did not look at each one of them. The ones appeared on the box were checked all "skip", but there may have been one or more which may have been checked "cure". At this point I cannot know. Sorry about that.

The PC is still running very very slow.

The following is the reports from all three procedures:

--------------------------------------------------------------------------------

10:27:56.0515 0412 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
10:27:58.0062 0412 ============================================================
10:27:58.0062 0412 Current date / time: 2012/01/21 10:27:58.0062
10:27:58.0062 0412 SystemInfo:
10:27:58.0062 0412
10:27:58.0062 0412 OS Version: 5.1.2600 ServicePack: 3.0
10:27:58.0062 0412 Product type: Workstation
10:27:58.0062 0412 ComputerName: MAINOFFICE
10:27:58.0062 0412 UserName: Kim
10:27:58.0078 0412 Windows directory: C:\WINDOWS
10:27:58.0078 0412 System windows directory: C:\WINDOWS
10:27:58.0078 0412 Processor architecture: Intel x86
10:27:58.0078 0412 Number of processors: 2
10:27:58.0078 0412 Page size: 0x1000
10:27:58.0078 0412 Boot type: Normal boot
10:27:58.0078 0412 ============================================================
10:27:58.0765 0412 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:27:58.0843 0412 Initialize success
10:28:34.0156 2604 ============================================================
10:28:34.0156 2604 Scan started
10:28:34.0156 2604 Mode: Manual; SigCheck; TDLFS;
10:28:34.0156 2604 ============================================================
10:28:34.0718 2604 Abiosdsk - ok
10:28:34.0781 2604 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
10:28:37.0515 2604 abp480n5 - ok
10:28:37.0640 2604 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:28:38.0031 2604 ACPI - ok
10:28:38.0093 2604 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:28:38.0375 2604 ACPIEC - ok
10:28:38.0468 2604 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
10:28:38.0687 2604 adpu160m - ok
10:28:38.0812 2604 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:28:39.0218 2604 aec - ok
10:28:39.0312 2604 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:28:39.0468 2604 AFD - ok
10:28:39.0562 2604 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
10:28:39.0968 2604 agp440 - ok
10:28:40.0062 2604 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
10:28:40.0343 2604 agpCPQ - ok
10:28:40.0406 2604 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
10:28:40.0593 2604 Aha154x - ok
10:28:40.0671 2604 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
10:28:40.0906 2604 aic78u2 - ok
10:28:40.0921 2604 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
10:28:41.0187 2604 aic78xx - ok
10:28:41.0265 2604 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
10:28:41.0562 2604 AliIde - ok
10:28:41.0656 2604 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
10:28:41.0984 2604 alim1541 - ok
10:28:42.0078 2604 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
10:28:42.0375 2604 amdagp - ok
10:28:42.0437 2604 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
10:28:42.0687 2604 amsint - ok
10:28:42.0812 2604 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
10:28:43.0046 2604 asc - ok
10:28:43.0125 2604 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
10:28:43.0296 2604 asc3350p - ok
10:28:43.0390 2604 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
10:28:43.0609 2604 asc3550 - ok
10:28:43.0703 2604 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
10:28:43.0734 2604 ASCTRM ( UnsignedFile.Multi.Generic ) - warning
10:28:43.0734 2604 ASCTRM - detected UnsignedFile.Multi.Generic (1)
10:28:43.0812 2604 Aspi32 (20d04091eba710f6988f710507d85868) C:\WINDOWS\system32\drivers\Aspi32.sys
10:28:43.0859 2604 Aspi32 ( UnsignedFile.Multi.Generic ) - warning
10:28:43.0859 2604 Aspi32 - detected UnsignedFile.Multi.Generic (1)
10:28:43.0937 2604 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:28:44.0203 2604 AsyncMac - ok
10:28:44.0265 2604 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:28:44.0625 2604 atapi - ok
10:28:44.0625 2604 Atdisk - ok
10:28:44.0671 2604 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:28:44.0921 2604 Atmarpc - ok
10:28:44.0968 2604 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:28:45.0234 2604 audstub - ok
10:28:45.0312 2604 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:28:45.0671 2604 Beep - ok
10:28:45.0937 2604 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111223.001\BHDrvx86.sys
10:28:46.0312 2604 BHDrvx86 - ok
10:28:46.0515 2604 brfilt (4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\system32\Drivers\Brfilt.sys
10:28:47.0312 2604 brfilt - ok
10:28:47.0500 2604 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
10:28:47.0859 2604 BrScnUsb - ok
10:28:48.0000 2604 BrSerIf (1a5fc78e41840edf79d65ec16eff2787) C:\WINDOWS\system32\Drivers\BrSerIf.sys
10:28:48.0218 2604 BrSerIf - ok
10:28:48.0312 2604 BrSerWDM (8e06cd96e00472c03770a697d04031c0) C:\WINDOWS\system32\Drivers\BrSerWdm.sys
10:28:48.0703 2604 BrSerWDM - ok
10:28:48.0828 2604 BrUsbMdm (37e2d0b12ddf536cd64af6eb3b580ef8) C:\WINDOWS\system32\Drivers\BrUsbMdm.sys
10:28:49.0734 2604 BrUsbMdm - ok
10:28:49.0875 2604 BrUsbScn (1c5f014048e5b2748c1a8ad297c50b6f) C:\WINDOWS\system32\Drivers\BrUsbScn.sys
10:28:50.0781 2604 BrUsbScn - ok
10:28:50.0906 2604 BrUsbSer (a24c7b39602218f8dbdb2b6704325fc7) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
10:28:51.0171 2604 BrUsbSer - ok
10:28:51.0375 2604 BT - ok
10:28:51.0421 2604 BTCOM - ok
10:28:51.0500 2604 BTCOMBUS - ok
10:28:51.0671 2604 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
10:28:52.0640 2604 BthEnum - ok
10:28:52.0765 2604 BtHidBus (da9e15e55c33392d7dfd7f21116214be) C:\WINDOWS\system32\Drivers\BtHidBus.sys
10:28:52.0968 2604 BtHidBus - ok
10:28:53.0062 2604 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
10:28:53.0687 2604 BthPan - ok
10:28:53.0796 2604 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
10:28:54.0109 2604 BTHPORT - ok
10:28:54.0250 2604 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
10:28:54.0968 2604 BTHUSB - ok
10:28:55.0078 2604 btnetBUs (7bb8ac22bc9e6a1e7707daecada95cd9) C:\WINDOWS\system32\Drivers\btnetBus.sys
10:28:55.0234 2604 btnetBUs - ok
10:28:55.0312 2604 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
10:28:56.0078 2604 cbidf - ok
10:28:56.0218 2604 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:28:57.0375 2604 cbidf2k - ok
10:28:57.0484 2604 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
10:28:58.0218 2604 cd20xrnt - ok
10:28:58.0296 2604 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:28:59.0046 2604 Cdaudio - ok
10:28:59.0171 2604 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:29:00.0031 2604 Cdfs - ok
10:29:00.0109 2604 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:29:00.0578 2604 Cdrom - ok
10:29:00.0671 2604 Changer - ok
10:29:00.0890 2604 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
10:29:01.0359 2604 CmdIde - ok
10:29:01.0531 2604 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
10:29:02.0250 2604 Cpqarray - ok
10:29:02.0328 2604 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
10:29:03.0093 2604 dac2w2k - ok
10:29:03.0171 2604 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
10:29:03.0765 2604 dac960nt - ok
10:29:03.0968 2604 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:29:04.0750 2604 Disk - ok
10:29:04.0859 2604 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
10:29:04.0937 2604 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
10:29:04.0937 2604 DLABOIOM - detected UnsignedFile.Multi.Generic (1)
10:29:05.0078 2604 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
10:29:05.0140 2604 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
10:29:05.0140 2604 DLACDBHM - detected UnsignedFile.Multi.Generic (1)
10:29:05.0203 2604 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
10:29:05.0296 2604 DLADResN ( UnsignedFile.Multi.Generic ) - warning
10:29:05.0296 2604 DLADResN - detected UnsignedFile.Multi.Generic (1)
10:29:05.0375 2604 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
10:29:05.0484 2604 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
10:29:05.0484 2604 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
10:29:05.0765 2604 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
10:29:05.0875 2604 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
10:29:05.0875 2604 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
10:29:06.0000 2604 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
10:29:06.0062 2604 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
10:29:06.0062 2604 DLAPoolM - detected UnsignedFile.Multi.Generic (1)
10:29:06.0234 2604 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
10:29:06.0296 2604 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
10:29:06.0296 2604 DLARTL_N - detected UnsignedFile.Multi.Generic (1)
10:29:06.0500 2604 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
10:29:06.0578 2604 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
10:29:06.0578 2604 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
10:29:06.0750 2604 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
10:29:06.0890 2604 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
10:29:06.0890 2604 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
10:29:07.0312 2604 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:29:08.0562 2604 dmboot - ok
10:29:08.0812 2604 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:29:09.0781 2604 dmio - ok
10:29:09.0921 2604 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:29:10.0687 2604 dmload - ok
10:29:10.0812 2604 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:29:11.0671 2604 DMusic - ok
10:29:11.0843 2604 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
10:29:12.0500 2604 dpti2o - ok
10:29:12.0562 2604 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:29:12.0984 2604 drmkaud - ok
10:29:13.0093 2604 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
10:29:13.0187 2604 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
10:29:13.0187 2604 DRVMCDB - detected UnsignedFile.Multi.Generic (1)
10:29:13.0296 2604 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
10:29:13.0359 2604 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
10:29:13.0359 2604 DRVNDDM - detected UnsignedFile.Multi.Generic (1)
10:29:13.0468 2604 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
10:29:13.0546 2604 DSproct ( UnsignedFile.Multi.Generic ) - warning
10:29:13.0562 2604 DSproct - detected UnsignedFile.Multi.Generic (1)
10:29:13.0656 2604 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
10:29:14.0359 2604 E100B - ok
10:29:14.0484 2604 e1express (00192f0c612591d585594e9467e6ca8b) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
10:29:14.0984 2604 e1express - ok
10:29:15.0156 2604 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
10:29:15.0390 2604 eeCtrl - ok
10:29:15.0453 2604 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:29:15.0578 2604 EraserUtilRebootDrv - ok
10:29:15.0843 2604 FANTOM (e3b0cd18146f9d51a34969e9bc2458d2) C:\WINDOWS\system32\DRIVERS\fantom.sys
10:29:15.0921 2604 FANTOM ( UnsignedFile.Multi.Generic ) - warning
10:29:15.0937 2604 FANTOM - detected UnsignedFile.Multi.Generic (1)
10:29:16.0093 2604 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:29:16.0640 2604 Fastfat - ok
10:29:16.0843 2604 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
10:29:17.0171 2604 Fdc - ok
10:29:17.0250 2604 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:29:18.0437 2604 Fips - ok
10:29:18.0546 2604 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:29:19.0406 2604 Flpydisk - ok
10:29:19.0812 2604 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:29:20.0140 2604 FltMgr - ok
10:29:20.0281 2604 FsVga (455f778ee14368468560bd7cb8c854d0) C:\WINDOWS\system32\DRIVERS\fsvga.sys
10:29:20.0515 2604 FsVga - ok
10:29:20.0625 2604 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:29:22.0078 2604 Fs_Rec - ok
10:29:22.0187 2604 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:29:23.0218 2604 Ftdisk - ok
10:29:23.0375 2604 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
10:29:23.0593 2604 GEARAspiWDM - ok
10:29:23.0671 2604 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:29:24.0703 2604 Gpc - ok
10:29:24.0875 2604 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:29:25.0968 2604 HDAudBus - ok
10:29:26.0125 2604 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:29:26.0890 2604 HidUsb - ok
10:29:27.0000 2604 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
10:29:27.0781 2604 hpn - ok
10:29:27.0921 2604 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:29:28.0203 2604 HTTP - ok
10:29:28.0343 2604 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
10:29:29.0312 2604 i2omgmt - ok
10:29:29.0375 2604 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
10:29:30.0859 2604 i2omp - ok
10:29:30.0953 2604 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:29:31.0359 2604 i8042prt - ok
10:29:31.0500 2604 iaStor (019cf5f31c67030841233c545a0e217a) C:\WINDOWS\system32\drivers\iaStor.sys
10:29:31.0703 2604 iaStor - ok
10:29:31.0890 2604 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120119.006\IDSxpx86.sys
10:29:32.0125 2604 IDSxpx86 - ok
10:29:32.0281 2604 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:29:33.0515 2604 Imapi - ok
10:29:33.0609 2604 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
10:29:34.0750 2604 ini910u - ok
10:29:34.0859 2604 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
10:29:36.0140 2604 IntelIde - ok
10:29:36.0250 2604 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:29:36.0796 2604 intelppm - ok
10:29:36.0921 2604 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:29:38.0218 2604 Ip6Fw - ok
10:29:38.0328 2604 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:29:39.0625 2604 IpFilterDriver - ok
10:29:39.0750 2604 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:29:40.0359 2604 IpInIp - ok
10:29:40.0421 2604 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:29:41.0140 2604 IpNat - ok
10:29:41.0265 2604 IPSec (273a59303d431b518dc4329dfb08be0b) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:29:41.0265 2604 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ipsec.sys. Real md5: 273a59303d431b518dc4329dfb08be0b, Fake md5: 23c74d75e36e7158768dd63d92789a91
10:29:41.0281 2604 IPSec ( Virus.Win32.ZAccess.k ) - infected
10:29:41.0281 2604 IPSec - detected Virus.Win32.ZAccess.k (0)
10:29:41.0359 2604 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:29:41.0937 2604 IRENUM - ok
10:29:42.0062 2604 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:29:43.0281 2604 isapnp - ok
10:29:43.0406 2604 IvtBtBUs (132eb047e3f94dc9eab83c74e8c2e85a) C:\WINDOWS\system32\Drivers\IvtBtBus.sys
10:29:43.0640 2604 IvtBtBUs - ok
10:29:43.0765 2604 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:29:45.0125 2604 Kbdclass - ok
10:29:45.0218 2604 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:29:46.0062 2604 kbdhid - ok
10:29:46.0203 2604 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:29:46.0984 2604 kmixer - ok
10:29:47.0140 2604 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:29:47.0484 2604 KSecDD - ok
10:29:47.0656 2604 lbrtfdc - ok
10:29:47.0937 2604 LxrSII1d (db7f488269290a8c1907602b7f4c213d) C:\WINDOWS\system32\Drivers\LxrSII1d.sys
10:29:48.0000 2604 LxrSII1d ( UnsignedFile.Multi.Generic ) - warning
10:29:48.0000 2604 LxrSII1d - detected UnsignedFile.Multi.Generic (1)
10:29:48.0187 2604 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys
10:29:49.0062 2604 mf - ok
10:29:49.0187 2604 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:29:50.0062 2604 mnmdd - ok
10:29:50.0234 2604 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:29:51.0250 2604 Modem - ok
10:29:51.0375 2604 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:29:52.0453 2604 Mouclass - ok
10:29:52.0578 2604 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:29:53.0171 2604 mouhid - ok
10:29:53.0265 2604 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:29:53.0890 2604 MountMgr - ok
10:29:53.0968 2604 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
10:29:54.0437 2604 mraid35x - ok
10:29:54.0546 2604 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:29:55.0265 2604 MRxDAV - ok
10:29:55.0390 2604 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:29:55.0734 2604 MRxSmb - ok
10:29:55.0921 2604 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:29:56.0531 2604 Msfs - ok
10:29:56.0656 2604 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:29:57.0562 2604 MSKSSRV - ok
10:29:57.0671 2604 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:29:58.0609 2604 MSPCLOCK - ok
10:29:58.0750 2604 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:29:59.0562 2604 MSPQM - ok
10:29:59.0703 2604 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:30:00.0906 2604 mssmbios - ok
10:30:01.0015 2604 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:30:01.0312 2604 Mup - ok
10:30:01.0468 2604 MXOPSWD (216ac775320f64de28cfeb7c179c4ff9) C:\WINDOWS\system32\DRIVERS\mxopswd.sys
10:30:01.0796 2604 MXOPSWD - ok
10:30:01.0968 2604 NAL (1e59aaed42a5e3a5ed86ec403f9c0776) C:\WINDOWS\system32\Drivers\iqvw32.sys
10:30:02.0062 2604 NAL ( UnsignedFile.Multi.Generic ) - warning
10:30:02.0078 2604 NAL - detected UnsignedFile.Multi.Generic (1)
10:30:02.0328 2604 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120119.035\NAVENG.SYS
10:30:02.0468 2604 NAVENG - ok
10:30:02.0796 2604 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120119.035\NAVEX15.SYS
10:30:03.0250 2604 NAVEX15 - ok
10:30:03.0375 2604 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:30:04.0296 2604 NDIS - ok
10:30:04.0390 2604 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:30:04.0593 2604 NdisTapi - ok
10:30:04.0703 2604 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:30:06.0140 2604 Ndisuio - ok
10:30:06.0250 2604 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:30:06.0953 2604 NdisWan - ok
10:30:07.0078 2604 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:30:07.0390 2604 NDProxy - ok
10:30:07.0515 2604 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:30:07.0968 2604 NetBIOS - ok
10:30:08.0109 2604 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:30:08.0921 2604 NetBT - ok
10:30:09.0109 2604 NmPar (2497646e228c3e9e50ed3137e25ea9be) C:\WINDOWS\system32\DRIVERS\NmPar.sys
10:30:09.0515 2604 NmPar - ok
10:30:09.0625 2604 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:30:10.0687 2604 Npfs - ok
10:30:10.0796 2604 npkcrypt - ok
10:30:10.0890 2604 npkcusb - ok
10:30:10.0968 2604 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:30:11.0828 2604 Ntfs - ok
10:30:12.0078 2604 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
10:30:12.0234 2604 NuidFltr - ok
10:30:12.0296 2604 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:30:12.0812 2604 Null - ok
10:30:13.0234 2604 nv (5950e6cc9fb3fabb61604d395dbc8550) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:30:14.0671 2604 nv - ok
10:30:14.0796 2604 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:30:15.0890 2604 NwlnkFlt - ok
10:30:16.0015 2604 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:30:17.0218 2604 NwlnkFwd - ok
10:30:17.0359 2604 PalmUSBD (dc450992eba6f914080c1f7fbeeed72c) C:\WINDOWS\system32\drivers\PalmUSBD.sys
10:30:17.0515 2604 PalmUSBD - ok
10:30:17.0609 2604 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
10:30:18.0734 2604 Parport - ok
10:30:18.0828 2604 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:30:19.0968 2604 PartMgr - ok
10:30:20.0109 2604 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:30:20.0875 2604 ParVdm - ok
10:30:20.0968 2604 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:30:21.0484 2604 PCI - ok
10:30:21.0578 2604 PCIDump - ok
10:30:21.0656 2604 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:30:22.0531 2604 PCIIde - ok
10:30:22.0609 2604 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:30:24.0312 2604 Pcmcia - ok
10:30:24.0390 2604 PDCOMP - ok
10:30:24.0453 2604 PDFRAME - ok
10:30:24.0562 2604 PDRELI - ok
10:30:24.0625 2604 PDRFRAME - ok
10:30:24.0734 2604 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
10:30:25.0046 2604 perc2 - ok
10:30:25.0140 2604 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
10:30:25.0437 2604 perc2hib - ok
10:30:25.0546 2604 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:30:25.0812 2604 PptpMiniport - ok
10:30:25.0906 2604 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:30:26.0718 2604 PSched - ok
10:30:26.0890 2604 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:30:27.0296 2604 Ptilink - ok
10:30:27.0406 2604 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:30:27.0500 2604 PxHelp20 - ok
10:30:27.0593 2604 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
10:30:28.0484 2604 ql1080 - ok
10:30:28.0546 2604 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
10:30:28.0812 2604 Ql10wnt - ok
10:30:28.0875 2604 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
10:30:29.0187 2604 ql12160 - ok
10:30:29.0250 2604 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
10:30:29.0718 2604 ql1240 - ok
10:30:29.0796 2604 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
10:30:30.0250 2604 ql1280 - ok
10:30:30.0359 2604 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:30:30.0687 2604 RasAcd - ok
10:30:30.0796 2604 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:30:31.0140 2604 Rasl2tp - ok
10:30:31.0296 2604 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:30:31.0671 2604 RasPppoe - ok
10:30:31.0765 2604 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:30:32.0015 2604 Raspti - ok
10:30:32.0093 2604 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:30:32.0453 2604 Rdbss - ok
10:30:32.0531 2604 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:30:32.0734 2604 RDPCDD - ok
10:30:32.0828 2604 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:30:33.0062 2604 rdpdr - ok
10:30:33.0171 2604 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
10:30:33.0312 2604 RDPWD - ok
10:30:33.0390 2604 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:30:33.0781 2604 redbook - ok
10:30:33.0890 2604 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
10:30:34.0203 2604 RFCOMM - ok
10:30:34.0359 2604 RSBLKM2 (26eb0049b96122f9b2052acb0817f097) C:\WINDOWS\system32\DRIVERS\RSBLKM2.SYS
10:30:34.0390 2604 RSBLKM2 ( UnsignedFile.Multi.Generic ) - warning
10:30:34.0406 2604 RSBLKM2 - detected UnsignedFile.Multi.Generic (1)
10:30:34.0437 2604 RSBLKRM2 (efcda04316baa1548fb1e07f636653ea) C:\WINDOWS\system32\DRIVERS\rsblkrm2.sys
10:30:34.0484 2604 RSBLKRM2 ( UnsignedFile.Multi.Generic ) - warning
10:30:34.0484 2604 RSBLKRM2 - detected UnsignedFile.Multi.Generic (1)
10:30:34.0656 2604 scsiscan (089870dab7aa277585c475ae09ee4c63) C:\WINDOWS\system32\DRIVERS\scsiscan.sys
10:30:35.0078 2604 scsiscan - ok
10:30:35.0140 2604 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:30:35.0359 2604 Secdrv - ok
10:30:35.0437 2604 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:30:35.0734 2604 serenum - ok
10:30:35.0796 2604 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
10:30:36.0000 2604 Serial - ok
10:30:36.0171 2604 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:30:36.0500 2604 Sfloppy - ok
10:30:36.0625 2604 Simbad - ok
10:30:36.0671 2604 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
10:30:37.0015 2604 sisagp - ok
10:30:37.0156 2604 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
10:30:37.0296 2604 Sparrow - ok
10:30:37.0390 2604 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:30:37.0625 2604 splitter - ok
10:30:37.0703 2604 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:30:37.0828 2604 sr - ok
10:30:37.0968 2604 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS
10:30:38.0046 2604 SRTSP - ok
10:30:38.0093 2604 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS
10:30:38.0125 2604 SRTSPX - ok
10:30:38.0187 2604 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:30:38.0343 2604 Srv - ok
10:30:38.0468 2604 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys
10:30:38.0671 2604 STHDA - ok
10:30:38.0750 2604 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:30:39.0109 2604 swenum - ok
10:30:39.0171 2604 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:30:39.0531 2604 swmidi - ok
10:30:39.0609 2604 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
10:30:39.0890 2604 symc810 - ok
10:30:39.0937 2604 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
10:30:40.0250 2604 symc8xx - ok
10:30:40.0375 2604 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS
10:30:40.0453 2604 SymDS - ok
10:30:40.0546 2604 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS
10:30:40.0671 2604 SymEFA - ok
10:30:40.0750 2604 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
10:30:40.0828 2604 SymEvent - ok
10:30:40.0906 2604 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS
10:30:41.0000 2604 SymIRON - ok
10:30:41.0109 2604 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS
10:30:41.0171 2604 SYMTDI - ok
10:30:41.0250 2604 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
10:30:41.0515 2604 sym_hi - ok
10:30:41.0640 2604 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
10:30:42.0031 2604 sym_u3 - ok
10:30:42.0125 2604 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:30:42.0390 2604 sysaudio - ok
10:30:42.0578 2604 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:30:42.0765 2604 Tcpip - ok
10:30:42.0875 2604 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:30:43.0031 2604 TDPIPE - ok
10:30:43.0093 2604 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:30:43.0296 2604 TDTCP - ok
10:30:43.0359 2604 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:30:43.0656 2604 TermDD - ok
10:30:43.0734 2604 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
10:30:44.0140 2604 TosIde - ok
10:30:44.0281 2604 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:30:44.0718 2604 Udfs - ok
10:30:44.0796 2604 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
10:30:44.0921 2604 ultra - ok
10:30:45.0000 2604 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:30:45.0187 2604 Update - ok
10:30:45.0296 2604 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
10:30:45.0437 2604 USBAAPL - ok
10:30:45.0531 2604 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:30:45.0921 2604 usbccgp - ok
10:30:46.0078 2604 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:30:46.0343 2604 usbehci - ok
10:30:46.0453 2604 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:30:46.0718 2604 usbhub - ok
10:30:46.0812 2604 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:30:47.0171 2604 usbprint - ok
10:30:47.0281 2604 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:30:47.0515 2604 usbscan - ok
10:30:47.0593 2604 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.sys
10:30:47.0937 2604 USBSTOR - ok
10:30:48.0078 2604 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:30:48.0375 2604 usbuhci - ok
10:30:48.0484 2604 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:30:48.0843 2604 VgaSave - ok
10:30:48.0953 2604 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
10:30:49.0296 2604 viaagp - ok
10:30:49.0406 2604 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
10:30:49.0703 2604 ViaIde - ok
10:30:49.0843 2604 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:30:50.0218 2604 VolSnap - ok
10:30:50.0328 2604 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:30:50.0593 2604 Wanarp - ok
10:30:50.0671 2604 wanatw - ok
10:30:50.0734 2604 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
10:30:50.0859 2604 Wdf01000 - ok
10:30:50.0906 2604 WDICA - ok
10:30:50.0984 2604 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:30:51.0250 2604 wdmaud - ok
10:30:51.0500 2604 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
10:30:51.0765 2604 WpdUsb - ok
10:30:51.0921 2604 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:30:52.0093 2604 WudfPf - ok
10:30:52.0203 2604 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:30:52.0328 2604 WudfRd - ok
10:30:52.0375 2604 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
10:30:52.0515 2604 \Device\Harddisk0\DR0 - ok
10:30:52.0562 2604 Boot (0x1200) (b605ccf43f6ee29c0938b99fb0bc3227) \Device\Harddisk0\DR0\Partition0
10:30:52.0562 2604 \Device\Harddisk0\DR0\Partition0 - ok
10:30:52.0562 2604 ============================================================
10:30:52.0562 2604 Scan finished
10:30:52.0562 2604 ============================================================
10:30:52.0703 1960 Detected object count: 20
10:30:52.0703 1960 Actual detected object count: 20
10:31:39.0203 1960 ASCTRM ( UnsignedFile.Multi.Generic ) - skipped by user
10:31:39.0203 1960 ASCTRM ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:31:39.0203 1960 Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user
10:31:39.0203 1960 Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:31:39.0203 1960 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
10:31:39.0203 1960 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:31:39.0203 1960 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
10:31:39.0203 1960 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:31:39.0203 1960 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
10:31:39.0203 1960 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:31:39.0218 1960 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
10:31:39.0218 1960 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:31:39.0218 1960 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
10:31:39.0218 1960 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:31:39.0218 1960 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
10:31:39.0218 1960 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:31:39.0218 1960 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
10:31:39.0218 1960 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:31:39.0218 1960 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
10:31:39.0218 1960 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:31:39.0218 1960 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
10:31:39.0218 1960 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:31:39.0234 1960 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
10:31:39.0234 1960 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:31:39.0250 1960 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
10:31:39.0250 1960 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:31:39.0250 1960 DSproct ( UnsignedFile.Multi.Generic ) - skipped by user
10:31:39.0250 1960 DSproct ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:31:39.0250 1960 FANTOM ( UnsignedFile.Multi.Generic ) - skipped by user
10:31:39.0250 1960 FANTOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:31:39.0718 1960 Backup copy found, using it..
10:31:39.0875 1960 C:\WINDOWS\system32\DRIVERS\ipsec.sys - will be cured on reboot
10:31:42.0828 1960 IPSec ( Virus.Win32.ZAccess.k ) - User select action: Cure
10:31:42.0828 1960 LxrSII1d ( UnsignedFile.Multi.Generic ) - skipped by user
10:31:42.0828 1960 LxrSII1d ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:31:42.0828 1960 NAL ( UnsignedFile.Multi.Generic ) - skipped by user
10:31:42.0828 1960 NAL ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:31:42.0828 1960 RSBLKM2 ( UnsignedFile.Multi.Generic ) - skipped by user
10:31:42.0828 1960 RSBLKM2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:31:42.0843 1960 RSBLKRM2 ( UnsignedFile.Multi.Generic ) - skipped by user
10:31:42.0843 1960 RSBLKRM2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:42:53.0234 1280 Deinitialize success

=============================================================================================
Farbar Service Scanner Version: 18-01-2012 01
Ran by Kim (administrator) on 21-01-2012 at 10:56:34
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) RFCOMM(14) SYMTDI(16) Tcpip(3)
0x10000000040000000100000002000000030000001000000005000000060000000700000008000000090000000A0000000B0000000C0000000D0000000E0000000F000000


OTL logfile created on: 1/21/2012 11:06:19 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Kim\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 79.66% Memory free
4.34 Gb Paging File | 3.92 Gb Available in Paging File | 90.31% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.83 Gb Total Space | 42.07 Gb Free Space | 28.85% Space Free | Partition Type: NTFS

Computer Name: MAINOFFICE | User Name: Kim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/21 11:01:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kim\Desktop\OTL.exe
PRC - [2012/01/05 01:48:46 | 001,047,024 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Kim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/04/16 16:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccsvchst.exe
PRC - [2009/05/21 09:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/30 04:52:22 | 000,106,496 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
PRC - [2007/03/02 15:48:00 | 000,098,304 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2006/09/14 06:56:06 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2006/08/28 19:57:12 | 000,395,776 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2006/07/06 05:15:00 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/07/06 05:14:30 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/03/20 17:34:46 | 000,865,200 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
PRC - [2005/09/08 03:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/05/19 15:48:34 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\LxrSII1s.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/05 01:48:44 | 000,411,120 | ---- | M] () -- C:\Documents and Settings\Kim\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\ppgooglenaclpluginchrome.dll
MOD - [2012/01/05 01:48:43 | 003,767,792 | ---- | M] () -- C:\Documents and Settings\Kim\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\pdf.dll
MOD - [2012/01/05 01:47:19 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\Kim\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\avutil-51.dll
MOD - [2012/01/05 01:47:18 | 000,222,208 | ---- | M] () -- C:\Documents and Settings\Kim\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\avformat-53.dll
MOD - [2012/01/05 01:47:17 | 001,746,432 | ---- | M] () -- C:\Documents and Settings\Kim\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\avcodec-53.dll
MOD - [2011/12/14 11:44:47 | 003,316,000 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_b427739.dll
MOD - [2011/10/12 09:11:02 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/12 09:08:55 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/12 09:08:44 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2006/09/14 06:56:06 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
MOD - [2005/05/19 15:48:34 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\LxrSII1s.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RSVPAdobeActiveFileMonitor5.0)
SRV - File not found [Disabled | Stopped] -- -- (BsMobileCS)
SRV - File not found [Disabled | Stopped] -- -- (BsHelpCS)
SRV - File not found [Auto | Stopped] -- -- (BlueSoleilCS)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/12/14 11:44:47 | 003,316,000 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011/04/16 16:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2010/10/07 14:39:52 | 000,234,784 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\AirPrint\airprint.exe -- (AirPrint)
SRV - [2010/05/31 09:40:10 | 000,069,120 | ---- | M] (BOONTY) [Disabled | Stopped] -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe -- (Boonty Games)
SRV - [2008/09/08 06:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/01/30 04:52:22 | 000,106,496 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/09/14 06:56:06 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2006/07/06 05:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2005/05/19 15:48:34 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\LxrSII1s.exe -- (LxrSII1s)


========== Driver Services (SafeList) ==========

DRV - [2011/12/29 14:05:48 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/12/29 14:05:04 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120120.035\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/12/29 14:05:03 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/12/29 14:05:03 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/29 14:05:03 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120120.035\NAVENG.SYS -- (NAVENG)
DRV - [2011/12/28 18:35:30 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120119.006\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/11/30 18:25:03 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111223.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/03/30 19:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 19:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 16:39:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/14 18:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/26 22:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2010/11/15 17:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010/07/09 10:21:10 | 000,081,920 | R--- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NmPar.sys -- (NmPar)
DRV - [2010/04/06 17:33:10 | 000,025,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btnetBus.sys -- (btnetBUs)
DRV - [2010/04/06 17:32:48 | 000,023,048 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV - [2010/04/06 17:32:44 | 000,020,104 | ---- | M] (IVT Corporation.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\BtHidBus.sys -- (BtHidBus)
DRV - [2008/04/13 10:45:34 | 000,011,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\scsiscan.sys -- (scsiscan)
DRV - [2008/04/13 10:36:42 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2007/12/04 16:10:30 | 000,016,640 | R--- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/05/03 12:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2006/12/16 13:30:47 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/07/24 08:20:00 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/06/05 01:39:56 | 000,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2006/03/10 15:55:18 | 000,039,424 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fantom.sys -- (FANTOM)
DRV - [2006/01/10 09:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/09/08 03:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 03:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 03:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 03:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 03:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 03:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 03:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 10:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 10:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/05/19 15:48:24 | 000,070,016 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LxrSII1d.sys -- (LxrSII1d)
DRV - [2004/08/04 03:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2003/04/02 10:55:00 | 000,017,785 | R--- | M] (Copyright © RATOC Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RSBLKM2.SYS -- (RSBLKM2)
DRV - [2003/04/02 10:54:10 | 000,006,170 | R--- | M] (Copyright © RATOC Systems, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\rsblkrm2.sys -- (RSBLKRM2)
DRV - [2001/11/30 10:40:12 | 000,017,101 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.BAK -- (Aspi32)
DRV - [2001/08/17 12:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/08/17 12:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1061216
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1061216


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1061216
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1061216
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1061216
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1061216
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2522294198-910829210-3020038387-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1061216
IE - HKU\S-1-5-21-2522294198-910829210-3020038387-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
IE - HKU\S-1-5-21-2522294198-910829210-3020038387-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
IE - HKU\S-1-5-21-2522294198-910829210-3020038387-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2522294198-910829210-3020038387-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\Alex's Documents\Mozilla Plugins\npitunes.dll File not found
FF - HKLM\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Erika\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Kim\Local Settings\Application Data\Google\Update\1.3.21.93\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Kim\Local Settings\Application Data\Google\Update\1.3.21.93\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/12/30 08:20:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_4_3 [2012/01/21 10:46:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins


========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Kim\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Kim\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Kim\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Erika\Application Data\Move Networks\plugins\npqmp071503000010.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Kim\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Kim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Documents and Settings\Kim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Documents and Settings\Kim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

Hosts file not found
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (StylerToolBar) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll (StyleFantasist)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\S-1-5-21-2522294198-910829210-3020038387-1007\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\S-1-5-21-2522294198-910829210-3020038387-1007\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe File not found
O4 - HKU\S-1-5-21-2522294198-910829210-3020038387-1007..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - Startup: C:\Documents and Settings\Erika\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Erika\Start Menu\Programs\Startup\Styler.lnk = C:\Documents and Settings\Erika\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2522294198-910829210-3020038387-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=67633 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} http://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} http://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming.cab (MALPlaybackCtrl Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcophotocenter.com/CostcoActivia.cab (Snapfish Activia)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203727848468 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} http://www.linksysfix.com/netcheck/67/install/gtdownls.cab (LinkSys Content Update)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} http://livenj02.custhelp.com/7520-b289h/rnl/java/RntX.cab (Live Collaboration)
O16 - DPF: CabBuilder http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A098755-65E0-4E79-B2C2-A4EA58BB5397}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 11:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2522294198-910829210-3020038387-1007\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/01/21 11:01:50 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kim\Desktop\OTL.exe
[2012/01/21 10:26:29 | 002,054,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Kim\Desktop\tdsskiller.exe
[2012/01/19 11:36:44 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Kim\Desktop\dds.scr
[2012/01/04 10:04:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kim\Application Data\Tific
[2012/01/04 10:04:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kim\Local Settings\Application Data\Symantec
[2011/12/31 09:26:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kim\Desktop\PHOTO CONTESTS
[2011/12/29 15:36:43 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/29 15:36:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2011/12/29 15:32:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2011/12/29 14:05:39 | 000,369,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symtdi.sys
[2011/12/29 14:05:39 | 000,331,384 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symtdiv.sys
[2011/12/29 14:05:39 | 000,296,568 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnets.sys
[2011/12/29 14:05:38 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symefa.sys
[2011/12/29 14:05:38 | 000,516,216 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.sys
[2011/12/29 14:05:38 | 000,340,088 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symds.sys
[2011/12/29 14:05:38 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\ironx86.sys
[2011/12/29 14:05:38 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.sys
[2011/12/29 14:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0501000.01D
[2011/12/29 11:48:36 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/12/29 11:48:36 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/12/29 11:48:36 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/12/29 11:47:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2011/12/29 11:47:45 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2011/12/29 11:47:45 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2011/12/29 11:47:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton 360
[2011/12/29 11:47:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2011/12/29 11:40:49 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/12/29 11:40:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2011/12/29 11:40:04 | 148,385,712 | ---- | C] (Symantec Corporation) -- C:\Program Files\N360_5.0.0.125_SYMTB_CNET_LOEM_MRFTT_233_5628_1C.exe
[2011/12/26 23:23:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kim\Application Data\Malwarebytes
[2011/12/26 23:23:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/26 23:23:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/12/26 23:23:18 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/26 23:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/09/19 20:07:15 | 004,548,042 | ---- | C] (MT Solution Ltd. ) -- C:\Program Files\PDRSETUP.EXE
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/21 11:25:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{950393EE-CC74-4A54-B51D-F019E5FCA902}.job
[2012/01/21 11:24:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D8736EEA-A3C6-4FF0-BEAA-DAFDACDED26C}.job
[2012/01/21 11:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2012/01/21 11:15:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2012/01/21 11:12:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2522294198-910829210-3020038387-1008UA.job
[2012/01/21 11:06:03 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2522294198-910829210-3020038387-1007UA.job
[2012/01/21 11:01:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kim\Desktop\OTL.exe
[2012/01/21 10:54:23 | 000,334,429 | ---- | M] () -- C:\Documents and Settings\Kim\Desktop\FSS.exe
[2012/01/21 10:49:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/21 10:47:40 | 000,000,522 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Startup.job
[2012/01/21 10:46:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/21 10:26:35 | 002,054,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Kim\Desktop\tdsskiller.exe
[2012/01/20 22:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2012/01/20 22:15:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2012/01/20 21:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2012/01/20 21:15:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2012/01/20 20:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2012/01/20 20:15:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2012/01/20 19:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2012/01/20 19:15:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2012/01/20 18:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2012/01/20 18:15:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2012/01/20 17:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2012/01/20 17:15:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2012/01/20 17:00:00 | 000,000,546 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Program Check.job
[2012/01/20 16:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2012/01/20 16:15:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2012/01/20 15:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2012/01/20 15:15:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2012/01/20 10:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2012/01/20 10:15:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2012/01/20 09:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2012/01/20 09:15:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2012/01/20 08:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2012/01/20 08:15:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2012/01/20 07:15:42 | 000,000,272 | ---- | M] () -- C:\{7AA5BC0B-011F-457D-9F2D-6CBD1D2C9710}
[2012/01/20 07:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2012/01/20 07:15:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2012/01/20 07:12:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2522294198-910829210-3020038387-1008Core.job
[2012/01/19 14:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2012/01/19 14:15:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2012/01/19 13:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2012/01/19 13:15:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2012/01/19 12:54:49 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Kim\Desktop\gmer.zip
[2012/01/19 12:50:22 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Kim\Desktop\obklrn7s.exe
[2012/01/19 12:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2012/01/19 12:15:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2012/01/19 11:33:20 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Kim\Desktop\dds.scr
[2012/01/19 10:20:08 | 002,013,115 | ---- | M] () -- C:\Documents and Settings\Kim\Desktop\dixmlsetup.exe
[2012/01/18 07:24:22 | 000,000,456 | ---- | M] () -- C:\{74B34E20-859F-4449-8B1E-243B57E70ED9}
[2012/01/17 19:57:24 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2012/01/17 19:35:36 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2012/01/17 10:13:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/17 07:44:25 | 000,000,272 | ---- | M] () -- C:\{8EE4023D-1DDA-4DE5-84D6-33776F8F6AC7}
[2012/01/16 23:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2012/01/16 23:15:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2012/01/16 08:55:03 | 000,000,272 | ---- | M] () -- C:\{243D1081-A640-487C-9A2F-C219FD2470AF}
[2012/01/15 21:40:04 | 000,004,864 | ---- | M] () -- C:\{0F71284A-3D8B-4E41-A98C-DE677A9F75FA}
[2012/01/15 21:40:04 | 000,000,272 | ---- | M] () -- C:\{AD84BE1A-3EB7-4300-B66E-6C1DF73ACA5B}
[2012/01/15 09:15:32 | 000,005,440 | ---- | M] () -- C:\{3B5AA152-3EC1-4ACF-B28B-5DE8A242F32F}
[2012/01/14 17:34:28 | 000,004,864 | ---- | M] () -- C:\{E4590257-DCAF-44C0-B366-5D14EA0DCD76}
[2012/01/14 08:01:54 | 000,000,280 | ---- | M] () -- C:\{4EBC4883-1F83-420E-AC33-0B00EED30C89}
[2012/01/14 07:59:50 | 000,000,272 | ---- | M] () -- C:\{CB058291-9956-4DEB-9A30-88C6EE624191}
[2012/01/14 07:57:24 | 000,004,872 | ---- | M] () -- C:\{7F3FA61D-7251-49BF-8D36-11C47CE6A89D}
[2012/01/14 07:57:24 | 000,000,272 | ---- | M] () -- C:\{45B20F6D-A350-447E-9273-7CA9D8593C17}
[2012/01/14 07:55:50 | 000,000,272 | ---- | M] () -- C:\{4FC1B8B5-49F5-426B-A448-1D93F556C63D}
[2012/01/14 06:37:24 | 000,004,880 | ---- | M] () -- C:\{10ABE90D-8AE4-4C80-8098-2AB8FD18FF83}
[2012/01/14 06:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2012/01/14 06:15:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2012/01/14 05:50:42 | 000,004,872 | ---- | M] () -- C:\{AC237750-05AF-4418-AE4E-88BDC173410E}
[2012/01/14 05:49:19 | 000,004,864 | ---- | M] () -- C:\{BCEFD234-9538-4AFB-A68C-373DFCFBB03A}
[2012/01/14 05:15:01 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2012/01/14 05:15:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2012/01/14 05:01:19 | 000,004,864 | ---- | M] () -- C:\{D722B96B-D616-4D4B-80D7-7B73E4B29273}
[2012/01/14 04:15:09 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2012/01/14 04:15:09 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2012/01/14 04:10:39 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2522294198-910829210-3020038387-1007Core.job
[2012/01/14 03:26:27 | 000,004,856 | ---- | M] () -- C:\{910C57AE-9E9F-441A-8736-BC76162DE795}
[2012/01/14 03:25:03 | 000,004,856 | ---- | M] () -- C:\{57E9DBF7-4430-4962-B572-EA518D48BCDA}
[2012/01/14 03:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2012/01/14 03:15:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2012/01/14 02:20:30 | 000,004,864 | ---- | M] () -- C:\{A0ADB970-6315-496A-8A6F-EBD3DEC9F63A}
[2012/01/14 02:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2012/01/14 02:15:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2012/01/14 01:53:28 | 000,000,272 | ---- | M] () -- C:\{929F1E9A-1E90-483E-90C0-D1CFC6E78A84}
[2012/01/14 01:33:21 | 000,004,872 | ---- | M] () -- C:\{8CC2A790-9E8F-48EB-98CF-866DD637D424}
[2012/01/14 01:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/01/14 01:15:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/01/14 00:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/01/14 00:15:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/01/13 20:13:06 | 000,004,864 | ---- | M] () -- C:\{351ECDED-6797-455E-8ADA-AD023721F5E6}
[2012/01/13 19:09:46 | 000,004,864 | ---- | M] () -- C:\{1C7C1432-E745-4ECC-8BE0-84111515871B}
[2012/01/13 19:08:28 | 000,004,872 | ---- | M] () -- C:\{48E3E361-52C7-49CD-869D-F017408D5BF5}
[2012/01/13 16:45:03 | 000,004,864 | ---- | M] () -- C:\{03B709A8-0D38-4076-8A08-A50DAE121FEE}
[2012/01/13 16:45:03 | 000,003,504 | ---- | M] () -- C:\{C4B1418A-DC23-4993-A140-97B484117484}
[2012/01/13 16:42:51 | 000,003,504 | ---- | M] () -- C:\{059675AB-A13B-4B43-B7E5-B752DD2464DF}
[2012/01/13 16:40:20 | 000,003,504 | ---- | M] () -- C:\{B09DA0E8-6083-47A5-B720-40CA2C941255}
[2012/01/13 13:50:19 | 000,000,272 | ---- | M] () -- C:\{22A511F9-DFE7-4EE2-8611-5ADFB5349259}
[2012/01/13 13:48:49 | 000,000,280 | ---- | M] () -- C:\{8717213A-5D9E-4DE1-ABBF-052EB3683960}
[2012/01/13 13:47:33 | 000,004,856 | ---- | M] () -- C:\{67E2ED45-E143-4B68-AB1E-54E993F4322F}
[2012/01/13 13:47:33 | 000,000,488 | ---- | M] () -- C:\{E1152F22-28DF-4FB4-BF7A-C4C07B7E5F41}
[2012/01/13 13:46:18 | 000,000,664 | ---- | M] () -- C:\{10BBE3F5-1178-4214-AFA2-FB1B7AD8C8A6}
[2012/01/13 13:45:02 | 000,000,632 | ---- | M] () -- C:\{2A18BC26-091C-41FF-A178-6DFE50D31180}
[2012/01/13 13:31:47 | 000,004,872 | ---- | M] () -- C:\{35EB936C-B7B1-4E69-9AE2-517B737AF3B3}
[2012/01/13 12:31:28 | 000,004,864 | ---- | M] () -- C:\{5F08E62D-A074-4E55-99DA-48820CE39733}
[2012/01/13 12:29:27 | 000,004,864 | ---- | M] () -- C:\{36E76790-BD44-4990-9D59-A04E3FE6F8A1}
[2012/01/13 12:27:35 | 000,004,864 | ---- | M] () -- C:\{E9B3497D-807F-4888-B90C-74497694FC3B}
[2012/01/13 08:59:15 | 000,004,864 | ---- | M] () -- C:\{53DF2A3D-9348-4982-9A9F-FFE5D4ED3A6F}
[2012/01/13 07:43:27 | 000,000,664 | ---- | M] () -- C:\{191191ED-CBFB-4985-99D8-CAA2B6A9563F}
[2012/01/13 07:42:20 | 000,000,632 | ---- | M] () -- C:\{AD39EE03-07E3-4EFA-8455-F809B2FEB3CA}
[2012/01/12 23:16:10 | 000,004,880 | ---- | M] () -- C:\{E097C9CD-82FF-499C-AB8D-46E40673E433}
[2012/01/12 13:22:02 | 000,000,488 | ---- | M] () -- C:\{6A775180-16C9-438C-A2A0-A6784711A74C}
[2012/01/12 08:48:21 | 000,004,856 | ---- | M] () -- C:\{AAEB3EAA-6EF6-4DE3-A8D4-DC82AB13B6E1}
[2012/01/11 22:19:11 | 000,004,864 | ---- | M] () -- C:\{540BFFB5-ECC8-4CBF-BB23-025F21DEFD0B}
[2012/01/11 20:17:33 | 000,000,488 | ---- | M] () -- C:\{DBAE0CBF-2782-46CD-AE1D-1908D7423230}
[2012/01/11 13:02:46 | 000,004,864 | ---- | M] () -- C:\{4B909A84-EED3-42E9-9710-45DE356B2E18}
[2012/01/11 10:37:21 | 000,004,864 | ---- | M] () -- C:\{4966BA99-03F9-45BB-A1C8-B697BDA951BD}
[2012/01/11 09:33:02 | 000,004,864 | ---- | M] () -- C:\{319DAEEF-BC33-4277-9B22-1260C7FAEC93}
[2012/01/11 08:45:35 | 000,004,856 | ---- | M] () -- C:\{5B43AD56-1409-4833-9CF2-F8E244565678}
[2012/01/11 08:29:48 | 000,004,872 | ---- | M] () -- C:\{5E667288-B61B-4B53-ACB2-9FD1953CE39D}
[2012/01/11 07:36:28 | 000,000,760 | ---- | M] () -- C:\{B2C3E352-7A6B-476B-A9DC-FE6EC028339B}
[2012/01/11 07:31:55 | 000,000,488 | ---- | M] () -- C:\{AC42F673-3A30-4011-8C42-1DC272FB5012}
[2012/01/10 22:21:37 | 000,004,864 | ---- | M] () -- C:\{60F05343-4B07-4A78-9739-D8F8797B8EB7}
[2012/01/10 21:20:09 | 000,004,856 | ---- | M] () -- C:\{98492D0B-C26C-455C-ADD4-84C5D92D90DE}
[2012/01/10 15:24:28 | 000,004,864 | ---- | M] () -- C:\{BA4ACBCE-2348-4ADD-93B6-1E4D5845FE11}
[2012/01/10 15:14:54 | 000,000,488 | ---- | M] () -- C:\{76798F50-671D-4D0F-9A39-E9666846A3E1}
[2012/01/10 14:37:11 | 000,004,864 | ---- | M] () -- C:\{B17E395A-ED44-4872-8697-92AE27E8AB02}
[2012/01/10 14:05:08 | 000,004,864 | ---- | M] () -- C:\{A11D33FE-A2CD-46B7-BFF9-CC0E0BCFFA24}
[2012/01/10 13:49:30 | 000,004,864 | ---- | M] () -- C:\{DDC8C954-213D-4533-A67E-C5E0C4B81336}
[2012/01/10 13:16:51 | 000,004,872 | ---- | M] () -- C:\{1AA12C77-0A16-41F0-AE6F-54EEED157B71}
[2012/01/10 08:43:40 | 000,004,872 | ---- | M] () -- C:\{1EE6CE6D-7BE0-4C7E-864B-C463BF4FE5F6}
[2012/01/09 21:59:30 | 000,004,864 | ---- | M] () -- C:\{FE9F08DB-0E8B-4848-84D6-F781D91F0049}
[2012/01/09 19:19:11 | 000,004,864 | ---- | M] () -- C:\{82132131-FED7-40FE-A099-DA245CAF919E}
[2012/01/09 19:17:59 | 000,004,872 | ---- | M] () -- C:\{2F4B54EB-F4AB-4B0A-B418-BC41C565D4E6}
[2012/01/09 19:03:50 | 000,004,880 | ---- | M] () -- C:\{0AC3D7D1-AD3A-4B55-835C-8C51DE0F54CB}
[2012/01/09 18:29:45 | 000,004,856 | ---- | M] () -- C:\{04C8C554-D5A0-4F40-B8FE-8F36B70F3FEC}
[2012/01/09 16:22:25 | 000,004,864 | ---- | M] () -- C:\{D4903072-8098-4B1B-93CE-3F8D22824B7C}
[2012/01/09 16:07:46 | 000,004,856 | ---- | M] () -- C:\{53C880D4-8B2F-4FEC-A006-B2285A2B4735}
[2012/01/09 16:06:14 | 000,004,864 | ---- | M] () -- C:\{735B03A1-AC67-4EC2-8607-4FDA67DD196D}
[2012/01/09 15:33:43 | 000,004,864 | ---- | M] () -- C:\{3119B25F-FA94-4938-9935-62B913E2CCCB}
[2012/01/09 15:18:56 | 000,004,864 | ---- | M] () -- C:\{3AD88C7F-2F19-412F-9AC3-2C3E4ECB0954}
[2012/01/09 15:17:21 | 000,004,872 | ---- | M] () -- C:\{F239C39D-3F3F-4340-B519-B33D86885BA3}
[2012/01/09 15:01:32 | 000,004,864 | ---- | M] () -- C:\{D737195C-D8AF-41DA-AE0A-0FA729FC7D88}
[2012/01/09 14:29:20 | 000,004,864 | ---- | M] () -- C:\{2909B7EF-A68B-4454-A257-6A599458E541}
[2012/01/09 14:13:33 | 000,004,872 | ---- | M] () -- C:\{F06CA30E-38DD-4554-8682-554D89D8DDF7}
[2012/01/09 13:58:32 | 000,004,864 | ---- | M] () -- C:\{72100639-31F1-4052-9504-2596CDEBE559}
[2012/01/09 12:54:40 | 000,004,864 | ---- | M] () -- C:\{AE29A163-C639-4CD6-85AE-368D4EF19FB3}
[2012/01/09 12:53:12 | 000,004,872 | ---- | M] () -- C:\{F79D9F42-36A8-44DD-823B-FC40640AB8A6}
[2012/01/09 12:37:29 | 000,004,872 | ---- | M] () -- C:\{0AE3D8B4-47FC-44B9-AA1A-1CE9886F3BCB}
[2012/01/09 11:49:30 | 000,004,864 | ---- | M] () -- C:\{D32E8A6F-DA6D-4468-865C-B58818A2FE37}
[2012/01/09 07:36:50 | 000,004,864 | ---- | M] () -- C:\{C171CFE8-8289-4BDD-8295-3D6C1927B10B}
[2012/01/09 07:26:06 | 000,000,760 | ---- | M] () -- C:\{176B6D99-8EEB-4048-B73D-24A65EE8F8CB}
[2012/01/08 21:29:23 | 000,004,856 | ---- | M] () -- C:\{63F7BE48-CDFD-4906-9C46-EC107DBE7579}
[2012/01/08 16:41:14 | 000,004,856 | ---- | M] () -- C:\{DEA2CB0F-F1B1-4EB1-A117-57B0BCF2A2F4}
[2012/01/08 16:39:48 | 000,004,848 | ---- | M] () -- C:\{46552977-CD67-48D0-9C6D-97B2B2317DEA}
[2012/01/08 15:18:34 | 000,004,864 | ---- | M] () -- C:\{AB681404-07C0-4E60-9B99-B8024DCCD206}
[2012/01/08 15:18:34 | 000,000,272 | ---- | M] () -- C:\{3228211E-80AC-4181-883C-C0D500F97576}
[2012/01/08 13:12:31 | 000,004,856 | ---- | M] () -- C:\{B0E79BC7-4696-4070-9B95-0D2718FE41BD}
[2012/01/08 13:10:47 | 000,004,864 | ---- | M] () -- C:\{ADAADC1C-3645-4D6B-9895-7CB3DBF09867}
[2012/01/08 12:54:25 | 000,004,864 | ---- | M] () -- C:\{7AE02A7A-0507-4947-90E0-4557CDF0E3C1}
[2012/01/08 12:40:00 | 000,004,856 | ---- | M] () -- C:\{C79F07B6-33CF-4801-9EE7-80C964303EDC}
[2012/01/08 12:38:19 | 000,004,872 | ---- | M] () -- C:\{AD46CCED-BB65-45CE-8C54-55300B4BCD96}
[2012/01/08 12:06:01 | 000,004,872 | ---- | M] () -- C:\{CB53165C-4D52-4E72-9E16-2BF7542869CF}
[2012/01/08 10:30:12 | 000,004,872 | ---- | M] () -- C:\{0D110B05-3FD0-40BC-BE4E-2FBB61453786}
[2012/01/08 10:13:41 | 000,004,856 | ---- | M] () -- C:\{DD7C06FE-C52B-4AEA-8F07-37ECB20F0DF9}
[2012/01/07 18:54:11 | 000,004,872 | ---- | M] () -- C:\{359655CE-5876-4111-A379-789DFDD4831F}
[2012/01/07 12:36:53 | 000,004,856 | ---- | M] () -- C:\{C1472BA3-DB56-4308-8064-A6D4A19B2966}
[2012/01/07 11:16:55 | 000,004,856 | ---- | M] () -- C:\{379AEC71-E57A-4311-BC35-7CF5625BA6DF}
[2012/01/07 09:43:40 | 000,004,864 | ---- | M] () -- C:\{9E988A59-5817-43FE-BBB1-61E628EAAD55}
[2012/01/07 09:43:40 | 000,003,352 | ---- | M] () -- C:\{E3A6DBF5-6EE9-4F66-B2AD-E3222B81810F}
[2012/01/07 09:41:38 | 000,004,864 | ---- | M] () -- C:\{CC8D71D4-88CD-4AC6-9923-22AD0CB1BBA4}
[2012/01/07 09:26:26 | 000,004,864 | ---- | M] () -- C:\{187811D3-FDC9-4BE0-879A-D19023FAFE30}
[2012/01/07 09:13:14 | 000,004,872 | ---- | M] () -- C:\{5B0A2814-A6E1-45A2-8F42-DB7423440BB0}
[2012/01/07 09:11:08 | 000,004,856 | ---- | M] () -- C:\{C025EADA-3474-4FCD-859E-BEE8C5B1784E}
[2012/01/06 21:18:41 | 000,000,776 | ---- | M] () -- C:\{F356EAE6-728B-4E91-94FF-509C067F243D}
[2012/01/06 20:19:13 | 000,002,268 | ---- | M] () -- C:\Documents and Settings\Kim\Desktop\Google Chrome.lnk
[2012/01/06 20:19:13 | 000,002,246 | ---- | M] () -- C:\Documents and Settings\Kim\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/06 15:16:55 | 000,000,776 | ---- | M] () -- C:\{270BF8BD-E43F-4327-868D-F78B28D810E9}
[2012/01/06 10:32:30 | 000,004,872 | ---- | M] () -- C:\{A18134D5-41C8-4830-99F8-2B43ED8E3E3E}
[2012/01/06 10:19:08 | 000,004,864 | ---- | M] () -- C:\{8722A2EA-D5A3-4BCC-82D2-042D7BAE75D1}
[2012/01/06 10:17:52 | 000,004,872 | ---- | M] () -- C:\{500B943B-F5EF-4FF9-B75E-52E4D46EB913}
[2012/01/06 09:48:21 | 000,004,872 | ---- | M] () -- C:\{FC5C8777-72B4-44C1-A7F1-BF95F0BBBE70}
[2012/01/06 09:45:42 | 000,004,856 | ---- | M] () -- C:\{870B418F-39EF-4C6D-8468-D1FCC7B099B9}
[2012/01/06 08:58:39 | 000,004,872 | ---- | M] () -- C:\{CAD05E5D-81C5-4C5B-8853-411E20954B6A}
[2012/01/06 08:57:27 | 000,004,872 | ---- | M] () -- C:\{2DF63B59-5D6B-4A77-B7E3-1503AAE7E580}
[2012/01/06 08:56:14 | 000,004,872 | ---- | M] () -- C:\{B227C5B9-093A-45A0-8B42-552E97FEF8F8}
[2012/01/06 08:43:54 | 000,004,872 | ---- | M] () -- C:\{69545BFC-0B70-4DDE-9D85-4C79E3505FCE}
[2012/01/06 08:42:29 | 000,004,872 | ---- | M] () -- C:\{ED63FFCE-FE45-4A55-8575-1F77EAEA0ACE}
[2012/01/06 08:40:48 | 000,004,872 | ---- | M] () -- C:\{E2A8B772-7061-48D7-B77E-B78767AF0CA0}
[2012/01/06 02:13:41 | 000,003,352 | ---- | M] () -- C:\{ED9605FC-E8B4-4039-8013-6AB5F994B75A}
[2012/01/04 09:50:42 | 000,004,856 | ---- | M] () -- C:\{457C9783-4657-4CAA-84B9-696ADC72D451}
[2012/01/03 23:47:43 | 000,003,504 | ---- | M] () -- C:\{C1C551B2-45A7-44D0-A8C3-386BE5E70B89}
[2012/01/03 15:27:58 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/03 10:04:02 | 000,004,856 | ---- | M] () -- C:\{EC87EC99-3370-47F2-ACDF-74161037BA33}
[2012/01/01 14:01:50 | 000,004,872 | ---- | M] () -- C:\{3FFC2F66-F7D8-4AFE-8A52-4A9FD01613FF}
[2012/01/01 13:54:41 | 000,002,424 | ---- | M] () -- C:\{9687DB11-AC0D-4BFD-B11F-0273221ACDE4}
[2012/01/01 13:47:16 | 000,002,424 | ---- | M] () -- C:\{ACBBB859-AAE6-4E64-B049-B953E9EA9F12}
[2012/01/01 13:42:28 | 000,002,424 | ---- | M] () -- C:\{6CA2A751-CAF5-4DAB-8BD3-B30BEFE259AB}
[2012/01/01 13:36:20 | 000,002,864 | ---- | M] () -- C:\{B341BE4F-426A-4B7D-9520-673A55BFD580}
[2012/01/01 13:34:17 | 000,004,864 | ---- | M] () -- C:\{5A288D0D-05AA-47BB-9474-01E8D4E4A9E2}
[2012/01/01 12:17:44 | 000,001,768 | ---- | M] () -- C:\{C44B0727-AB4D-4E02-A769-68FA32C8BAE8}
[2012/01/01 12:10:26 | 000,004,872 | ---- | M] () -- C:\{C9E9A184-DF0D-4227-8046-51CE9A32878F}
[2012/01/01 12:04:05 | 000,001,816 | ---- | M] () -- C:\{2F131BD2-9F34-4E0B-B677-4B10B5D5C762}
[2011/12/31 09:37:16 | 000,004,872 | ---- | M] () -- C:\{160CF4B2-9444-404A-BBEF-5BA0B8D1E22A}
[2011/12/30 11:30:29 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Kim\Desktop\HiJackThis.lnk
[2011/12/30 10:24:15 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Kim\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/30 07:29:57 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2011/12/29 21:49:02 | 000,722,646 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\Cat.DB
[2011/12/29 20:41:34 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/12/29 15:27:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/12/29 14:50:39 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/29 14:48:58 | 005,140,854 | ---- | M] () -- C:\Documents and Settings\Kim\My Documents\trojan 122911.bmp
[2011/12/29 14:40:03 | 000,001,900 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2011/12/29 14:38:50 | 003,671,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/29 14:05:48 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/12/29 14:05:48 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/12/29 14:05:48 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/12/29 14:05:48 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/12/29 11:45:36 | 000,451,164 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/29 11:45:36 | 000,075,698 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/29 11:40:46 | 148,385,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\N360_5.0.0.125_SYMTB_CNET_LOEM_MRFTT_233_5628_1C.exe
[2011/12/29 10:27:31 | 000,004,728 | ---- | M] () -- C:\WINDOWS\DCEBOOT.RST
[2011/12/29 09:30:27 | 000,022,032 | ---- | M] () -- C:\WINDOWS\DCEBoot.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/21 10:54:20 | 000,334,429 | ---- | C] () -- C:\Documents and Settings\Kim\Desktop\FSS.exe
[2012/01/20 07:15:42 | 000,000,272 | ---- | C] () -- C:\{7AA5BC0B-011F-457D-9F2D-6CBD1D2C9710}
[2012/01/19 12:54:47 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Kim\Desktop\gmer.zip
[2012/01/19 12:50:19 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Kim\Desktop\obklrn7s.exe
[2012/01/19 10:20:05 | 002,013,115 | ---- | C] () -- C:\Documents and Settings\Kim\Desktop\dixmlsetup.exe
[2012/01/18 07:24:22 | 000,000,456 | ---- | C] () -- C:\{74B34E20-859F-4449-8B1E-243B57E70ED9}
[2012/01/17 07:44:24 | 000,000,272 | ---- | C] () -- C:\{8EE4023D-1DDA-4DE5-84D6-33776F8F6AC7}
[2012/01/16 08:55:02 | 000,000,272 | ---- | C] () -- C:\{243D1081-A640-487C-9A2F-C219FD2470AF}
[2012/01/15 21:40:04 | 000,004,864 | ---- | C] () -- C:\{0F71284A-3D8B-4E41-A98C-DE677A9F75FA}
[2012/01/15 21:40:04 | 000,000,272 | ---- | C] () -- C:\{AD84BE1A-3EB7-4300-B66E-6C1DF73ACA5B}
[2012/01/15 09:15:32 | 000,005,440 | ---- | C] () -- C:\{3B5AA152-3EC1-4ACF-B28B-5DE8A242F32F}
[2012/01/14 17:34:28 | 000,004,864 | ---- | C] () -- C:\{E4590257-DCAF-44C0-B366-5D14EA0DCD76}
[2012/01/14 08:01:54 | 000,000,280 | ---- | C] () -- C:\{4EBC4883-1F83-420E-AC33-0B00EED30C89}
[2012/01/14 07:59:50 | 000,000,272 | ---- | C] () -- C:\{CB058291-9956-4DEB-9A30-88C6EE624191}
[2012/01/14 07:57:24 | 000,004,872 | ---- | C] () -- C:\{7F3FA61D-7251-49BF-8D36-11C47CE6A89D}
[2012/01/14 07:57:24 | 000,000,272 | ---- | C] () -- C:\{45B20F6D-A350-447E-9273-7CA9D8593C17}
[2012/01/14 07:55:50 | 000,000,272 | ---- | C] () -- C:\{4FC1B8B5-49F5-426B-A448-1D93F556C63D}
[2012/01/14 06:37:24 | 000,004,880 | ---- | C] () -- C:\{10ABE90D-8AE4-4C80-8098-2AB8FD18FF83}
[2012/01/14 05:50:42 | 000,004,872 | ---- | C] () -- C:\{AC237750-05AF-4418-AE4E-88BDC173410E}
[2012/01/14 05:49:19 | 000,004,864 | ---- | C] () -- C:\{BCEFD234-9538-4AFB-A68C-373DFCFBB03A}
[2012/01/14 05:01:19 | 000,004,864 | ---- | C] () -- C:\{D722B96B-D616-4D4B-80D7-7B73E4B29273}
[2012/01/14 03:26:27 | 000,004,856 | ---- | C] () -- C:\{910C57AE-9E9F-441A-8736-BC76162DE795}
[2012/01/14 03:25:03 | 000,004,856 | ---- | C] () -- C:\{57E9DBF7-4430-4962-B572-EA518D48BCDA}
[2012/01/14 02:20:30 | 000,004,864 | ---- | C] () -- C:\{A0ADB970-6315-496A-8A6F-EBD3DEC9F63A}
[2012/01/14 01:53:28 | 000,000,272 | ---- | C] () -- C:\{929F1E9A-1E90-483E-90C0-D1CFC6E78A84}
[2012/01/14 01:33:21 | 000,004,872 | ---- | C] () -- C:\{8CC2A790-9E8F-48EB-98CF-866DD637D424}
[2012/01/13 20:13:06 | 000,004,864 | ---- | C] () -- C:\{351ECDED-6797-455E-8ADA-AD023721F5E6}
[2012/01/13 19:09:46 | 000,004,864 | ---- | C] () -- C:\{1C7C1432-E745-4ECC-8BE0-84111515871B}
[2012/01/13 19:08:28 | 000,004,872 | ---- | C] () -- C:\{48E3E361-52C7-49CD-869D-F017408D5BF5}
[2012/01/13 16:45:03 | 000,004,864 | ---- | C] () -- C:\{03B709A8-0D38-4076-8A08-A50DAE121FEE}
[2012/01/13 16:45:03 | 000,003,504 | ---- | C] () -- C:\{C4B1418A-DC23-4993-A140-97B484117484}
[2012/01/13 16:42:51 | 000,003,504 | ---- | C] () -- C:\{059675AB-A13B-4B43-B7E5-B752DD2464DF}
[2012/01/13 16:40:20 | 000,003,504 | ---- | C] () -- C:\{B09DA0E8-6083-47A5-B720-40CA2C941255}
[2012/01/13 13:50:19 | 000,000,272 | ---- | C] () -- C:\{22A511F9-DFE7-4EE2-8611-5ADFB5349259}
[2012/01/13 13:48:49 | 000,000,280 | ---- | C] () -- C:\{8717213A-5D9E-4DE1-ABBF-052EB3683960}
[2012/01/13 13:47:33 | 000,004,856 | ---- | C] () -- C:\{67E2ED45-E143-4B68-AB1E-54E993F4322F}
[2012/01/13 13:47:33 | 000,000,488 | ---- | C] () -- C:\{E1152F22-28DF-4FB4-BF7A-C4C07B7E5F41}
[2012/01/13 13:46:18 | 000,000,664 | ---- | C] () -- C:\{10BBE3F5-1178-4214-AFA2-FB1B7AD8C8A6}
[2012/01/13 13:45:02 | 000,000,632 | ---- | C] () -- C:\{2A18BC26-091C-41FF-A178-6DFE50D31180}
[2012/01/13 13:31:47 | 000,004,872 | ---- | C] () -- C:\{35EB936C-B7B1-4E69-9AE2-517B737AF3B3}
[2012/01/13 12:31:28 | 000,004,864 | ---- | C] () -- C:\{5F08E62D-A074-4E55-99DA-48820CE39733}
[2012/01/13 12:29:27 | 000,004,864 | ---- | C] () -- C:\{36E76790-BD44-4990-9D59-A04E3FE6F8A1}
[2012/01/13 12:27:35 | 000,004,864 | ---- | C] () -- C:\{E9B3497D-807F-4888-B90C-74497694FC3B}
[2012/01/13 08:59:15 | 000,004,864 | ---- | C] () -- C:\{53DF2A3D-9348-4982-9A9F-FFE5D4ED3A6F}
[2012/01/13 07:43:27 | 000,000,664 | ---- | C] () -- C:\{191191ED-CBFB-4985-99D8-CAA2B6A9563F}
[2012/01/13 07:42:20 | 000,000,632 | ---- | C] () -- C:\{AD39EE03-07E3-4EFA-8455-F809B2FEB3CA}
[2012/01/12 23:16:10 | 000,004,880 | ---- | C] () -- C:\{E097C9CD-82FF-499C-AB8D-46E40673E433}
[2012/01/12 13:22:01 | 000,000,488 | ---- | C] () -- C:\{6A775180-16C9-438C-A2A0-A6784711A74C}
[2012/01/12 08:48:21 | 000,004,856 | ---- | C] () -- C:\{AAEB3EAA-6EF6-4DE3-A8D4-DC82AB13B6E1}
[2012/01/11 22:19:11 | 000,004,864 | ---- | C] () -- C:\{540BFFB5-ECC8-4CBF-BB23-025F21DEFD0B}
[2012/01/11 20:17:33 | 000,000,488 | ---- | C] () -- C:\{DBAE0CBF-2782-46CD-AE1D-1908D7423230}
[2012/01/11 13:02:46 | 000,004,864 | ---- | C] () -- C:\{4B909A84-EED3-42E9-9710-45DE356B2E18}
[2012/01/11 10:37:21 | 000,004,864 | ---- | C] () -- C:\{4966BA99-03F9-45BB-A1C8-B697BDA951BD}
[2012/01/11 09:33:02 | 000,004,864 | ---- | C] () -- C:\{319DAEEF-BC33-4277-9B22-1260C7FAEC93}
[2012/01/11 08:45:35 | 000,004,856 | ---- | C] () -- C:\{5B43AD56-1409-4833-9CF2-F8E244565678}
[2012/01/11 08:29:48 | 000,004,872 | ---- | C] () -- C:\{5E667288-B61B-4B53-ACB2-9FD1953CE39D}
[2012/01/11 07:36:28 | 000,000,760 | ---- | C] () -- C:\{B2C3E352-7A6B-476B-A9DC-FE6EC028339B}
[2012/01/11 07:31:55 | 000,000,488 | ---- | C] () -- C:\{AC42F673-3A30-4011-8C42-1DC272FB5012}
[2012/01/10 22:21:37 | 000,004,864 | ---- | C] () -- C:\{60F05343-4B07-4A78-9739-D8F8797B8EB7}
[2012/01/10 21:20:09 | 000,004,856 | ---- | C] () -- C:\{98492D0B-C26C-455C-ADD4-84C5D92D90DE}
[2012/01/10 15:24:28 | 000,004,864 | ---- | C] () -- C:\{BA4ACBCE-2348-4ADD-93B6-1E4D5845FE11}
[2012/01/10 15:14:54 | 000,000,488 | ---- | C] () -- C:\{76798F50-671D-4D0F-9A39-E9666846A3E1}
[2012/01/10 14:37:11 | 000,004,864 | ---- | C] () -- C:\{B17E395A-ED44-4872-8697-92AE27E8AB02}
[2012/01/10 14:05:08 | 000,004,864 | ---- | C] () -- C:\{A11D33FE-A2CD-46B7-BFF9-CC0E0BCFFA24}
[2012/01/10 13:49:30 | 000,004,864 | ---- | C] () -- C:\{DDC8C954-213D-4533-A67E-C5E0C4B81336}
[2012/01/10 13:16:51 | 000,004,872 | ---- | C] () -- C:\{1AA12C77-0A16-41F0-AE6F-54EEED157B71}
[2012/01/10 08:43:40 | 000,004,872 | ---- | C] () -- C:\{1EE6CE6D-7BE0-4C7E-864B-C463BF4FE5F6}
[2012/01/09 21:59:30 | 000,004,864 | ---- | C] () -- C:\{FE9F08DB-0E8B-4848-84D6-F781D91F0049}
[2012/01/09 19:19:11 | 000,004,864 | ---- | C] () -- C:\{82132131-FED7-40FE-A099-DA245CAF919E}
[2012/01/09 19:17:59 | 000,004,872 | ---- | C] () -- C:\{2F4B54EB-F4AB-4B0A-B418-BC41C565D4E6}
[2012/01/09 19:03:50 | 000,004,880 | ---- | C] () -- C:\{0AC3D7D1-AD3A-4B55-835C-8C51DE0F54CB}
[2012/01/09 18:29:45 | 000,004,856 | ---- | C] () -- C:\{04C8C554-D5A0-4F40-B8FE-8F36B70F3FEC}
[2012/01/09 16:22:25 | 000,004,864 | ---- | C] () -- C:\{D4903072-8098-4B1B-93CE-3F8D22824B7C}
[2012/01/09 16:07:46 | 000,004,856 | ---- | C] () -- C:\{53C880D4-8B2F-4FEC-A006-B2285A2B4735}
[2012/01/09 16:06:14 | 000,004,864 | ---- | C] () -- C:\{735B03A1-AC67-4EC2-8607-4FDA67DD196D}
[2012/01/09 15:33:42 | 000,004,864 | ---- | C] () -- C:\{3119B25F-FA94-4938-9935-62B913E2CCCB}
[2012/01/09 15:18:56 | 000,004,864 | ---- | C] () -- C:\{3AD88C7F-2F19-412F-9AC3-2C3E4ECB0954}
[2012/01/09 15:17:21 | 000,004,872 | ---- | C] () -- C:\{F239C39D-3F3F-4340-B519-B33D86885BA3}
[2012/01/09 15:01:32 | 000,004,864 | ---- | C] () -- C:\{D737195C-D8AF-41DA-AE0A-0FA729FC7D88}
[2012/01/09 14:29:20 | 000,004,864 | ---- | C] () -- C:\{2909B7EF-A68B-4454-A257-6A599458E541}
[2012/01/09 14:13:33 | 000,004,872 | ---- | C] () -- C:\{F06CA30E-38DD-4554-8682-554D89D8DDF7}
[2012/01/09 13:58:32 | 000,004,864 | ---- | C] () -- C:\{72100639-31F1-4052-9504-2596CDEBE559}
[2012/01/09 12:54:39 | 000,004,864 | ---- | C] () -- C:\{AE29A163-C639-4CD6-85AE-368D4EF19FB3}
[2012/01/09 12:53:12 | 000,004,872 | ---- | C] () -- C:\{F79D9F42-36A8-44DD-823B-FC40640AB8A6}
[2012/01/09 12:37:28 | 000,004,872 | ---- | C] () -- C:\{0AE3D8B4-47FC-44B9-AA1A-1CE9886F3BCB}
[2012/01/09 11:49:30 | 000,004,864 | ---- | C] () -- C:\{D32E8A6F-DA6D-4468-865C-B58818A2FE37}
[2012/01/09 07:36:50 | 000,004,864 | ---- | C] () -- C:\{C171CFE8-8289-4BDD-8295-3D6C1927B10B}
[2012/01/09 07:26:06 | 000,000,760 | ---- | C] () -- C:\{176B6D99-8EEB-4048-B73D-24A65EE8F8CB}
[2012/01/08 21:29:23 | 000,004,856 | ---- | C] () -- C:\{63F7BE48-CDFD-4906-9C46-EC107DBE7579}
[2012/01/08 16:41:14 | 000,004,856 | ---- | C] () -- C:\{DEA2CB0F-F1B1-4EB1-A117-57B0BCF2A2F4}
[2012/01/08 16:39:48 | 000,004,848 | ---- | C] () -- C:\{46552977-CD67-48D0-9C6D-97B2B2317DEA}
[2012/01/08 15:18:34 | 000,004,864 | ---- | C] () -- C:\{AB681404-07C0-4E60-9B99-B8024DCCD206}
[2012/01/08 15:18:34 | 000,000,272 | ---- | C] () -- C:\{3228211E-80AC-4181-883C-C0D500F97576}
[2012/01/08 13:12:31 | 000,004,856 | ---- | C] () -- C:\{B0E79BC7-4696-4070-9B95-0D2718FE41BD}
[2012/01/08 13:10:47 | 000,004,864 | ---- | C] () -- C:\{ADAADC1C-3645-4D6B-9895-7CB3DBF09867}
[2012/01/08 12:54:24 | 000,004,864 | ---- | C] () -- C:\{7AE02A7A-0507-4947-90E0-4557CDF0E3C1}
[2012/01/08 12:40:00 | 000,004,856 | ---- | C] () -- C:\{C79F07B6-33CF-4801-9EE7-80C964303EDC}
[2012/01/08 12:38:19 | 000,004,872 | ---- | C] () -- C:\{AD46CCED-BB65-45CE-8C54-55300B4BCD96}
[2012/01/08 12:06:01 | 000,004,872 | ---- | C] () -- C:\{CB53165C-4D52-4E72-9E16-2BF7542869CF}
[2012/01/08 10:30:12 | 000,004,872 | ---- | C] () -- C:\{0D110B05-3FD0-40BC-BE4E-2FBB61453786}
[2012/01/08 10:13:41 | 000,004,856 | ---- | C] () -- C:\{DD7C06FE-C52B-4AEA-8F07-37ECB20F0DF9}
[2012/01/07 18:54:11 | 000,004,872 | ---- | C] () -- C:\{359655CE-5876-4111-A379-789DFDD4831F}
[2012/01/07 12:36:53 | 000,004,856 | ---- | C] () -- C:\{C1472BA3-DB56-4308-8064-A6D4A19B2966}
[2012/01/07 11:16:55 | 000,004,856 | ---- | C] () -- C:\{379AEC71-E57A-4311-BC35-7CF5625BA6DF}
[2012/01/07 09:43:40 | 000,004,864 | ---- | C] () -- C:\{9E988A59-5817-43FE-BBB1-61E628EAAD55}
[2012/01/07 09:43:40 | 000,003,352 | ---- | C] () -- C:\{E3A6DBF5-6EE9-4F66-B2AD-E3222B81810F}
[2012/01/07 09:41:38 | 000,004,864 | ---- | C] () -- C:\{CC8D71D4-88CD-4AC6-9923-22AD0CB1BBA4}
[2012/01/07 09:26:26 | 000,004,864 | ---- | C] () -- C:\{187811D3-FDC9-4BE0-879A-D19023FAFE30}
[2012/01/07 09:13:13 | 000,004,872 | ---- | C] () -- C:\{5B0A2814-A6E1-45A2-8F42-DB7423440BB0}
[2012/01/07 09:11:08 | 000,004,856 | ---- | C] () -- C:\{C025EADA-3474-4FCD-859E-BEE8C5B1784E}
[2012/01/06 21:18:41 | 000,000,776 | ---- | C] () -- C:\{F356EAE6-728B-4E91-94FF-509C067F243D}
[2012/01/06 15:16:55 | 000,000,776 | ---- | C] () -- C:\{270BF8BD-E43F-4327-868D-F78B28D810E9}
[2012/01/06 10:32:30 | 000,004,872 | ---- | C] () -- C:\{A18134D5-41C8-4830-99F8-2B43ED8E3E3E}
[2012/01/06 10:19:08 | 000,004,864 | ---- | C] () -- C:\{8722A2EA-D5A3-4BCC-82D2-042D7BAE75D1}
[2012/01/06 10:17:52 | 000,004,872 | ---- | C] () -- C:\{500B943B-F5EF-4FF9-B75E-52E4D46EB913}
[2012/01/06 09:48:21 | 000,004,872 | ---- | C] () -- C:\{FC5C8777-72B4-44C1-A7F1-BF95F0BBBE70}
[2012/01/06 09:45:42 | 000,004,856 | ---- | C] () -- C:\{870B418F-39EF-4C6D-8468-D1FCC7B099B9}
[2012/01/06 08:58:38 | 000,004,872 | ---- | C] () -- C:\{CAD05E5D-81C5-4C5B-8853-411E20954B6A}
[2012/01/06 08:57:27 | 000,004,872 | ---- | C] () -- C:\{2DF63B59-5D6B-4A77-B7E3-1503AAE7E580}
[2012/01/06 08:56:14 | 000,004,872 | ---- | C] () -- C:\{B227C5B9-093A-45A0-8B42-552E97FEF8F8}
[2012/01/06 08:43:54 | 000,004,872 | ---- | C] () -- C:\{69545BFC-0B70-4DDE-9D85-4C79E3505FCE}
[2012/01/06 08:42:29 | 000,004,872 | ---- | C] () -- C:\{ED63FFCE-FE45-4A55-8575-1F77EAEA0ACE}
[2012/01/06 08:40:48 | 000,004,872 | ---- | C] () -- C:\{E2A8B772-7061-48D7-B77E-B78767AF0CA0}
[2012/01/06 02:13:40 | 000,003,352 | ---- | C] () -- C:\{ED9605FC-E8B4-4039-8013-6AB5F994B75A}
[2012/01/04 09:50:42 | 000,004,856 | ---- | C] () -- C:\{457C9783-4657-4CAA-84B9-696ADC72D451}
[2012/01/03 23:47:42 | 000,003,504 | ---- | C] () -- C:\{C1C551B2-45A7-44D0-A8C3-386BE5E70B89}
[2012/01/03 15:27:58 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/03 10:04:02 | 000,004,856 | ---- | C] () -- C:\{EC87EC99-3370-47F2-ACDF-74161037BA33}
[2012/01/01 14:01:50 | 000,004,872 | ---- | C] () -- C:\{3FFC2F66-F7D8-4AFE-8A52-4A9FD01613FF}
[2012/01/01 13:54:01 | 000,002,424 | ---- | C] () -- C:\{9687DB11-AC0D-4BFD-B11F-0273221ACDE4}
[2012/01/01 13:46:42 | 000,002,424 | ---- | C] () -- C:\{ACBBB859-AAE6-4E64-B049-B953E9EA9F12}
[2012/01/01 13:41:42 | 000,002,424 | ---- | C] () -- C:\{6CA2A751-CAF5-4DAB-8BD3-B30BEFE259AB}
[2012/01/01 13:35:45 | 000,002,864 | ---- | C] () -- C:\{B341BE4F-426A-4B7D-9520-673A55BFD580}
[2012/01/01 13:34:17 | 000,004,864 | ---- | C] () -- C:\{5A288D0D-05AA-47BB-9474-01E8D4E4A9E2}
[2012/01/01 12:17:42 | 000,001,768 | ---- | C] () -- C:\{C44B0727-AB4D-4E02-A769-68FA32C8BAE8}
[2012/01/01 12:10:26 | 000,004,872 | ---- | C] () -- C:\{C9E9A184-DF0D-4227-8046-51CE9A32878F}
[2012/01/01 12:03:33 | 000,001,816 | ---- | C] () -- C:\{2F131BD2-9F34-4E0B-B677-4B10B5D5C762}
[2011/12/31 09:37:15 | 000,004,872 | ---- | C] () -- C:\{160CF4B2-9444-404A-BBEF-5BA0B8D1E22A}
[2011/12/29 15:37:11 | 000,000,211 | -HS- | C] () -- C:\BOOT.BAK
[2011/12/29 15:37:08 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/29 14:48:57 | 005,140,854 | ---- | C] () -- C:\Documents and Settings\Kim\My Documents\trojan 122911.bmp
[2011/12/29 14:37:35 | 000,722,646 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\Cat.DB
[2011/12/29 14:05:39 | 000,007,877 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnetv.cat
[2011/12/29 14:05:39 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnetv.inf
[2011/12/29 14:05:38 | 000,007,458 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnet.cat
[2011/12/29 14:05:38 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symefa.cat
[2011/12/29 14:05:38 | 000,007,454 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.cat
[2011/12/29 14:05:38 | 000,007,450 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.cat
[2011/12/29 14:05:38 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symefa.inf
[2011/12/29 14:05:38 | 000,002,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symds.inf
[2011/12/29 14:05:38 | 000,001,446 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnet.inf
[2011/12/29 14:05:38 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.inf
[2011/12/29 14:05:38 | 000,001,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.inf
[2011/12/29 14:05:37 | 000,007,528 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\iron.cat
[2011/12/29 14:05:37 | 000,000,742 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\iron.inf
[2011/12/29 14:05:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symds.cat
[2011/12/29 14:05:10 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\isolate.ini
[2011/12/29 11:48:36 | 000,007,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/12/29 11:48:36 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/12/29 11:48:32 | 000,001,900 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2011/12/27 19:03:51 | 000,004,728 | ---- | C] () -- C:\WINDOWS\DCEBOOT.RST
[2011/12/13 17:19:05 | 000,001,464 | -HS- | C] () -- C:\Documents and Settings\Kim\Local Settings\Application Data\cvuvou5f8wft3cai2ypk8k370q1c
[2011/12/13 17:19:05 | 000,001,464 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\cvuvou5f8wft3cai2ypk8k370q1c
[2011/11/26 16:10:17 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/26 14:30:07 | 000,022,032 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2011/11/19 08:41:38 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\6uTd131jw.dat
[2011/06/27 14:08:40 | 002,516,992 | ---- | C] () -- C:\Program Files\Dse104e.exe
[2010/04/06 17:33:10 | 000,025,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\btnetBus.sys
[2009/12/25 14:36:01 | 000,080,444 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/05/13 07:25:35 | 000,000,094 | ---- | C] () -- C:\WINDOWS\family.ini
[2008/10/23 17:45:47 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/10/23 17:45:47 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/10/23 17:44:46 | 000,000,812 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2008/10/23 17:44:46 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2008/10/23 17:43:42 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2008/10/23 17:43:41 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2008/10/23 17:41:42 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/10/23 16:37:31 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf07a.dat
[2008/10/23 16:36:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2008/10/10 10:56:50 | 000,000,025 | ---- | C] () -- C:\WINDOWS\DrvEraser.INI
[2008/10/10 10:39:31 | 000,000,161 | ---- | C] () -- C:\WINDOWS\DRVERASE.INI
[2008/07/14 17:13:53 | 020,308,376 | ---- | C] () -- C:\Program Files\iTunesSetup.exe
[2008/06/27 17:06:47 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Kim\Application Data\dvd.bmk
[2008/06/27 17:02:55 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Kim\Local Settings\Application Data\fusioncache.dat
[2008/04/23 20:31:42 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Compressor
[2008/04/23 20:31:42 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Kim\Application Data\Command Line Utility
[2008/03/28 13:35:49 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
[2008/03/28 11:39:03 | 000,000,290 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2008/03/28 11:21:17 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Vocal Transformer
[2008/03/28 11:21:17 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Kim\Application Data\URLs
[2008/03/28 11:21:17 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2008/03/28 11:21:17 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\business-inkjet
[2008/03/28 11:17:26 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\User Pictures
[2008/03/28 11:17:26 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Kim\Application Data\Trumpet Section
[2008/03/28 11:17:26 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2008/03/28 11:17:26 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Woodwind
[2008/02/03 17:36:00 | 001,305,088 | ---- | C] () -- C:\Program Files\NF_Movie_Player_211.msi
[2007/11/19 13:47:07 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\SunData.ini
[2007/11/19 13:43:24 | 000,000,040 | ---- | C] () -- C:\WINDOWS\TTL3.ini
[2007/10/01 08:40:08 | 000,002,651 | ---- | C] () -- C:\WINDOWS\BRMFBIDI.INI
[2007/10/01 08:40:08 | 000,000,256 | R--- | C] () -- C:\WINDOWS\System32\brmsi04f.bin
[2007/08/19 12:11:59 | 000,000,583 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2007/01/04 15:03:10 | 000,070,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrSII1d.sys
[2007/01/04 15:03:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\LxrSII1s.exe
[2007/01/04 15:03:10 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LxrUnplug.exe
[2007/01/03 20:06:31 | 000,000,711 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2007/01/03 19:05:51 | 000,000,765 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2007/01/03 15:16:55 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/01/01 22:50:42 | 000,002,672 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/01/01 22:50:42 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\89B80FC176.sys
[2007/01/01 22:37:45 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Kim\Local Settings\Application Data\FASTWiz.html
[2007/01/01 20:36:02 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Kim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/28 10:30:05 | 000,000,211 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/12/27 19:30:52 | 000,008,526 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/16 13:43:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/12/16 13:38:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/16 13:34:24 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/12/16 13:30:13 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/12/16 13:12:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/12/16 13:11:03 | 000,000,393 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/10/13 11:30:10 | 000,668,976 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2005/11/09 23:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 11:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 11:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 11:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 11:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 10:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 10:57:15 | 003,671,832 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 10:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 10:51:20 | 000,451,164 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 10:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 10:51:20 | 000,075,698 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 10:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 10:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 10:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 10:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 10:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 10:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 10:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 10:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 13:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9

< End of report >


OTL Extras logfile created on: 1/21/2012 11:06:19 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Kim\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 79.66% Memory free
4.34 Gb Paging File | 3.92 Gb Available in Paging File | 90.31% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.83 Gb Total Space | 42.07 Gb Free Space | 28.85% Space Free | Partition Type: NTFS

Computer Name: MAINOFFICE | User Name: Kim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2522294198-910829210-3020038387-1007\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Robotics Academy\ROBOTC for MINDSTORMS\RobotC.exe" = C:\Program Files\Robotics Academy\ROBOTC for MINDSTORMS\RobotC.exe:*:Enabled:ROBOTC for MINDSTORMS
"C:\Program Files\AirPrint\airprint.exe" = C:\Program Files\AirPrint\airprint.exe:*:Disabled:AirPrint -- (Apple Inc.)
"C:\Documents and Settings\Naoko\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\Naoko\Local Settings\Application Data\Akamai\netsession_win.exe:*:Disabled:Akamai NetSession Interface -- (Akamai Technologies, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL
"G:\IVT_BlueSoleil_8.0.338.0\BlueSoleil 8.0.338.0\install\BlueSoleilCS.exe" = G:\IVT_BlueSoleil_8.0.338.0\BlueSoleil 8.0.338.0\install\BlueSoleilCS.exe:*:Disabled:BlueSoleilCS
"F:\Alex's Documents\iTunes.exe" = F:\Alex's Documents\iTunes.exe:*:Disabled:iTunes
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}" = Intel® PRO Network Connections
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0C3FCE48-6984-11D5-90F8-00E029591716}" = Brother MFL Pro Suite
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{19A4B988-DBEE-4AEE-8733-9E622355F70B}" = Bonjour
"{1CCBCF78-EF12-4137-B3CA-99F30A2E7D21}" = CuteFTP 7 Professional
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 24
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.1
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51B833D8-66B0-4E72-92B9-4E4977EF37F2}" = WD Drive Manager (x86)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B50C858-0C80-49A0-B0D3-A91F5C5F0A9B}" = Apple Mobile Device Support
"{83258E90-1F76-4E13-9F60-A0F8ED41E76F}" = PC Connectivity Solution
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{881923C1-D51B-4CF8-A963-946E280DF2DA}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.7
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{B702CCCE-3176-4DBF-B932-D1B8F402F330}" = Digital Content Portal
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}" = Styler
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Akamai" = Akamai NetSession Interface Service
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Capture NX" = Capture NX
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CompuApps DriveEraser" = CompuApps DriveEraser
"CSCLIB" = Canon Camera Support Core Library
"DPP" = Canon Utilities Digital Photo Professional 3.3
"EOS Utility" = Canon Utilities EOS Utility
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"N360" = Norton 360
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa2" = Picasa 2
"Picture Style Editor" = Canon Utilities Picture Style Editor
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer Basic
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"RescuePRO-3.0" = RescuePRO 3.2
"Restorer2000 Pro_is1" = Restorer2000 Pro 3.3
"Restorer2000_is1" = Restorer2000 3.3
"SearchAssist" = SearchAssist
"SpeedyPC" = SpeedyPC
"ViewpointMediaPlayer" = Viewpoint Media Player
"VueScan" = VueScan
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2522294198-910829210-3020038387-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/18/2012 3:49:01 PM | Computer Name = MAINOFFICE | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/18/2012 3:49:27 PM | Computer Name = MAINOFFICE | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/18/2012 3:56:16 PM | Computer Name = MAINOFFICE | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/19/2012 2:11:17 PM | Computer Name = MAINOFFICE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16791, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/19/2012 2:11:34 PM | Computer Name = MAINOFFICE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16791, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/20/2012 12:12:59 AM | Computer Name = MAINOFFICE | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/21/2012 2:27:38 PM | Computer Name = MAINOFFICE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 1/21/2012 2:27:39 PM | Computer Name = MAINOFFICE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 1/21/2012 2:44:29 PM | Computer Name = MAINOFFICE | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/21/2012 2:44:57 PM | Computer Name = MAINOFFICE | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 1/21/2012 2:39:06 PM | Computer Name = MAINOFFICE | Source = DCOM | ID = 10010
Description = The server {A1F4E726-8CF1-11D1-BF92-0060081ED811} did not register
with DCOM within the required timeout.

Error - 1/21/2012 2:42:38 PM | Computer Name = MAINOFFICE | Source = DCOM | ID = 10010
Description = The server {A1F4E726-8CF1-11D1-BF92-0060081ED811} did not register
with DCOM within the required timeout.

Error - 1/21/2012 2:46:50 PM | Computer Name = MAINOFFICE | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 1/21/2012 2:46:58 PM | Computer Name = MAINOFFICE | Source = Service Control Manager | ID = 7000
Description = The BlueSoleilCS service failed to start due to the following error:
%%3

Error - 1/21/2012 2:46:58 PM | Computer Name = MAINOFFICE | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%2

Error - 1/21/2012 2:49:01 PM | Computer Name = MAINOFFICE | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 1/21/2012 2:49:01 PM | Computer Name = MAINOFFICE | Source = Service Control Manager | ID = 7001
Description = The Canon Camera Access Library 8 service depends on the Windows Image
Acquisition (WIA) service which failed to start because of the following error:
%%1070

Error - 1/21/2012 2:49:01 PM | Computer Name = MAINOFFICE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
RSBLKRM2

Error - 1/21/2012 3:15:00 PM | Computer Name = MAINOFFICE | Source = Schedule | ID = 7901
Description = The At23.job command failed to start due to the following error: %%2147942402

Error - 1/21/2012 3:15:00 PM | Computer Name = MAINOFFICE | Source = Schedule | ID = 7901
Description = The At24.job command failed to start due to the following error: %%2147942402


< End of report >


Thank you again for your assistance.

Kimballa

#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:24 PM

Posted 22 January 2012 - 05:42 AM

Hi kimballa,

It does look like TDSSKiller had one item that was selected to be cured.

Running ComboFix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
    Posted Image
    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 kimballa

kimballa
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 22 January 2012 - 02:46 PM

Hi Agent ST,

Thank you again for your continuing assistance in my PC problems.

When I downloaded the combofix for the first time, Norton 360 was on, and it detected some threats in the ComboFix file and quarantined it. I disabled Norton, and I was able to download the ComboFix this time.

Now I ran the ComboFix. Without thinking too much I disabled Norton only for 15 minutes, so in the middle of ComboFix, I had to disable Norton again, and this time I set it for 5 hours.

The ComboFix produced a warning, "You are infected with Rootkit ZeroAccess! It has inserted itself into the tct/ip stack. This is particularly difficult infection If for any reason that you are unable to connect to the internet after running ComboFix, reboot once and see if that fixes it. If it's not fixed, run ComboFix one more time."

Then another warning, "Rootkit is detected. Be patient as this may take some moments."

After this warning I had to disable Norton again because of my setting of 15 minutes as I mentioned above.

The above two warnings showed up again in the same sequence, and I clicked "OK" each time.

ComboFix rebooted the system, and started Autoscan without the task bar or icons on the desktop.

ComboFix rebooted the system again, and this time produced the log report as follows.:


ComboFix 12-01-21.02 - Kim 01/22/2012 10:18:45.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2632 [GMT -8:00]
Running from: c:\documents and settings\Kim\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Kim\Application Data\PriceGong
c:\documents and settings\Kim\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Kim\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Kim\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Kim\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Kim\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Kim\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Kim\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Kim\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Kim\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Kim\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Kim\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Kim\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Kim\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Kim\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Kim\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Kim\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Kim\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Kim\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Kim\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Kim\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Kim\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Kim\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Kim\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Kim\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Kim\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Kim\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Kim\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Kim\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Kim\g2mdlhlpx.exe
c:\documents and settings\Kim\Recent\Thumbs.db
c:\documents and settings\Kim\WINDOWS
c:\program files\N360_5.0.0.125_SYMTB_CNET_LOEM_MRFTT_233_5628_1C.exe
c:\windows\$NtUninstallKB54224$
c:\windows\$NtUninstallKB54224$\14214972
c:\windows\$NtUninstallKB54224$\3274838242\@
c:\windows\$NtUninstallKB54224$\3274838242\bckfg.tmp
c:\windows\$NtUninstallKB54224$\3274838242\cfg.ini
c:\windows\$NtUninstallKB54224$\3274838242\Desktop.ini
c:\windows\$NtUninstallKB54224$\3274838242\keywords
c:\windows\$NtUninstallKB54224$\3274838242\kwrd.dll
c:\windows\$NtUninstallKB54224$\3274838242\L\odetmngk
c:\windows\$NtUninstallKB54224$\3274838242\lsflt7.ver
c:\windows\$NtUninstallKB54224$\3274838242\U\00000001.@
c:\windows\$NtUninstallKB54224$\3274838242\U\00000002.@
c:\windows\$NtUninstallKB54224$\3274838242\U\00000004.@
c:\windows\$NtUninstallKB54224$\3274838242\U\80000000.@
c:\windows\$NtUninstallKB54224$\3274838242\U\80000004.@
c:\windows\$NtUninstallKB54224$\3274838242\U\80000032.@
c:\windows\OLD1C3.tmp
c:\windows\OLD1C6.tmp
c:\windows\OLD1C9.tmp
c:\windows\OLD1CC.tmp
c:\windows\system32\service
c:\windows\system32\service\01032009_TIS17_SfFniAU.log
c:\windows\system32\service\01052009_TIS17_SfFniAU.log
c:\windows\system32\service\02062009_TIS17_SfFniAU.log
c:\windows\system32\service\02072010_TIS17_SfFniAU.log
c:\windows\system32\service\03022009_TIS17_SfFniAU.log
c:\windows\system32\service\03032009_TIS17_SfFniAU.log
c:\windows\system32\service\05022009_TIS17_SfFniAU.log
c:\windows\system32\service\07022010_TIS17_SfFniAU.log
c:\windows\system32\service\07032009_TIS17_SfFniAU.log
c:\windows\system32\service\08052009_TIS17_SfFniAU.log
c:\windows\system32\service\08102009_TIS17_SfFniAU.log
c:\windows\system32\service\09082010_TIS17_SfFniAU.log
c:\windows\system32\service\10062010_TIS17_SfFniAU.log
c:\windows\system32\service\10072009_TIS17_SfFniAU.log
c:\windows\system32\service\11012010_TIS17_SfFniAU.log
c:\windows\system32\service\11052009_TIS17_SfFniAU.log
c:\windows\system32\service\11062009_TIS17_SfFniAU.log
c:\windows\system32\service\12012009_TIS17_SfFniAU.log
c:\windows\system32\service\12052009_TIS17_SfFniAU.log
c:\windows\system32\service\12062009_TIS17_SfFniAU.log
c:\windows\system32\service\12082010_TIS17_SfFniAU.log
c:\windows\system32\service\13092010_TIS17_SfFniAU.log
c:\windows\system32\service\14012009_TIS17_SfFniAU.log
c:\windows\system32\service\14082010_TIS17_SfFniAU.log
c:\windows\system32\service\15012009_TIS17_SfFniAU.log
c:\windows\system32\service\15052009_TIS17_SfFniAU.log
c:\windows\system32\service\15062009_TIS17_SfFniAU.log
c:\windows\system32\service\16032009_TIS17_SfFniAU.log
c:\windows\system32\service\16112010_TIS17_SfFniAU.log
c:\windows\system32\service\17062009_TIS17_SfFniAU.log
c:\windows\system32\service\17062010_TIS17_SfFniAU.log
c:\windows\system32\service\17092010_TIS17_SfFniAU.log
c:\windows\system32\service\17122010_TIS17_SfFniAU.log
c:\windows\system32\service\18022009_TIS17_SfFniAU.log
c:\windows\system32\service\18032009_TIS17_SfFniAU.log
c:\windows\system32\service\18032010_TIS17_SfFniAU.log
c:\windows\system32\service\18062009_TIS17_SfFniAU.log
c:\windows\system32\service\19032010_TIS17_SfFniAU.log
c:\windows\system32\service\19052009_TIS17_SfFniAU.log
c:\windows\system32\service\19082009_TIS17_SfFniAU.log
c:\windows\system32\service\19102010_TIS17_SfFniAU.log
c:\windows\system32\service\20052010_TIS17_SfFniAU.log
c:\windows\system32\service\20112009_TIS17_SfFniAU.log
c:\windows\system32\service\21042010_TIS17_SfFniAU.log
c:\windows\system32\service\22012009_TIS17_SfFniAU.log
c:\windows\system32\service\22012010_TIS17_SfFniAU.log
c:\windows\system32\service\22032009_TIS17_SfFniAU.log
c:\windows\system32\service\22082009_TIS17_SfFniAU.log
c:\windows\system32\service\23012009_TIS17_SfFniAU.log
c:\windows\system32\service\23042009_TIS17_SfFniAU.log
c:\windows\system32\service\23092010_TIS17_SfFniAU.log
c:\windows\system32\service\23122009_TIS17_SfFniAU.log
c:\windows\system32\service\25012009_TIS17_SfFniAU.log
c:\windows\system32\service\25022009_TIS17_SfFniAU.log
c:\windows\system32\service\25092010_TIS17_SfFniAU.log
c:\windows\system32\service\26022009_TIS17_SfFniAU.log
c:\windows\system32\service\26052010_TIS17_SfFniAU.log
c:\windows\system32\service\26092009_TIS17_SfFniAU.log
c:\windows\system32\service\28012009_TIS17_SfFniAU.log
c:\windows\system32\service\29122008_TIS17_SfFniAU.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BOONTY_GAMES
-------\Legacy_RSVPADOBEACTIVEFILEMONITOR5.0
-------\Service_Boonty Games
-------\Service_RSVPAdobeActiveFileMonitor5.0
.
.
((((((((((((((((((((((((( Files Created from 2011-12-22 to 2012-01-22 )))))))))))))))))))))))))))))))
.
.
2012-01-04 18:04 . 2012-01-04 18:04 -------- d-----w- c:\documents and settings\Kim\Application Data\Tific
2012-01-04 18:04 . 2012-01-04 18:04 -------- d-----w- c:\documents and settings\Kim\Local Settings\Application Data\Symantec
2011-12-30 19:26 . 2011-12-30 19:27 -------- d-----w- c:\documents and settings\Administrator
2011-12-29 19:48 . 2011-12-29 22:05 -------- d-----w- c:\program files\Symantec
2011-12-29 19:48 . 2011-12-29 22:05 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-12-29 19:48 . 2011-12-29 22:05 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-12-29 19:47 . 2011-12-29 22:40 -------- d-----w- c:\windows\system32\drivers\N360
2011-12-29 19:47 . 2011-12-29 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2011-12-29 19:47 . 2011-12-29 19:47 -------- d-----w- c:\program files\Norton 360
2011-12-29 19:47 . 2011-12-29 19:47 -------- d-----w- c:\program files\Windows Sidebar
2011-12-29 19:40 . 2011-12-29 19:40 -------- d-----w- c:\program files\NortonInstaller
2011-12-27 07:23 . 2011-12-27 07:23 -------- d-----w- c:\documents and settings\Kim\Application Data\Malwarebytes
2011-12-27 07:23 . 2011-12-27 07:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-27 07:23 . 2012-01-03 23:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-27 07:23 . 2011-12-10 23:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-21 18:46 . 2004-08-10 18:51 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2011-12-29 17:30 . 2011-11-26 22:30 22032 ----a-w- c:\windows\DCEBoot.exe
2011-12-14 00:21 . 2011-12-14 00:21 388096 ----a-r- c:\documents and settings\Kim\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-27 22:08 . 2011-06-27 22:08 2516992 ----a-w- c:\program files\Dse104e.exe
2008-09-20 04:07 . 2008-09-20 04:07 4548042 ----a-w- c:\program files\PDRSETUP.EXE
2008-07-15 01:14 . 2008-07-15 01:13 20308376 ----a-w- c:\program files\iTunesSetup.exe
2008-02-04 01:36 . 2008-02-04 01:36 1305088 -c--a-w- c:\program files\NF_Movie_Player_211.msi
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-23 663552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-21 86960]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-03-21 213936]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-21 213936]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE"=
"c:\\Program Files\\AirPrint\\airprint.exe"=
"c:\\Documents and Settings\\Naoko\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [4/6/2010 5:32 PM 20104]
R0 RSBLKRM2;RSBLKRM2;c:\windows\system32\drivers\RSBLKRM2.SYS [6/24/2011 1:50 PM 6170]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\symds.sys [12/29/2011 2:05 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\symefa.sys [12/29/2011 2:05 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111223.001\BHDrvx86.sys [11/30/2011 6:25 PM 820344]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\ironx86.sys [12/29/2011 2:05 PM 136312]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/10/2004 10:51 AM 14336]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [1/4/2007 3:03 PM 70016]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\5.1.0.29\ccsvchst.exe [12/29/2011 2:05 PM 130008]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [1/30/2008 4:52 AM 106496]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/29/2011 2:05 PM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120119.006\IDSXpx86.sys [1/19/2012 6:00 PM 356280]
S3 AirPrint;AirPrint;c:\program files\AirPrint\airprint.exe [10/7/2010 2:39 PM 234784]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [10/1/2007 8:40 AM 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [10/1/2007 8:40 AM 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [10/1/2007 8:40 AM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [10/1/2007 8:40 AM 10368]
S3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys --> c:\windows\system32\DRIVERS\btcomport.sys [?]
S3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys --> c:\windows\system32\Drivers\btcombus.sys [?]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [4/6/2010 5:33 PM 25864]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [3/10/2006 3:55 PM 39424]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [4/6/2010 5:32 PM 23048]
S3 NmPar;PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [5/29/2011 12:50 PM 81920]
S3 RSBLKM2;RATOC U2SCX USB WDM driver;c:\windows\system32\drivers\RSBLKM2.SYS [6/27/2011 4:19 PM 17785]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [6/27/2011 2:00 PM 11520]
S4 BsMobileCS;BsMobileCS;g:\ivt_bluesoleil_8.0.338.0\BlueSoleil 8.0.338.0\install\BsMobileCS.exe --> g:\ivt_bluesoleil_8.0.338.0\BlueSoleil 8.0.338.0\install\BsMobileCS.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]
.
2012-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2522294198-910829210-3020038387-1007Core.job
- c:\documents and settings\Kim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-30 18:56]
.
2012-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2522294198-910829210-3020038387-1007UA.job
- c:\documents and settings\Kim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-30 18:56]
.
2012-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2522294198-910829210-3020038387-1008Core.job
- c:\documents and settings\Naoko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-21 19:13]
.
2012-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2522294198-910829210-3020038387-1008UA.job
- c:\documents and settings\Naoko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-21 19:13]
.
2012-01-22 c:\windows\Tasks\User_Feed_Synchronization-{950393EE-CC74-4A54-B51D-F019E5FCA902}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 19:58]
.
2012-01-22 c:\windows\Tasks\User_Feed_Synchronization-{D8736EEA-A3C6-4FF0-BEAA-DAFDACDED26C}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 19:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-78451381.sys
AddRemove-SpeedyPC - c:\documents and settings\Alex\My Documents\Downloads\SpeedyPC\uninst.exe
AddRemove-WinRAR archiver - f:\alex's documents\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-22 10:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_b427739.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3252)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\LxrSII1s.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
.
**************************************************************************
.
Completion time: 2012-01-22 11:06:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-22 19:05
.
Pre-Run: 44,926,930,944 bytes free
Post-Run: 47,903,494,144 bytes free
.
- - End Of File - - 9EE7B0CD47AB9B52B46C2D8EAB84CBA7


Thank you.

Kimballa

#9 kimballa

kimballa
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 22 January 2012 - 03:26 PM

Hi Agent ST,

After posting the ComboFix report on the forum, I noticed that I now have the Windows update icon (an yellow shield looking one) and the speaker icon on the task bar, which we did not see for a long time. I thought it was kind of a good sign. I attempted to get latest updates, but it stalled at the first one (the automatic update indicated that it was going to download 21 updates), and I restarted the PC. After the reboot, those two icons are not there anymore.

I tried to open MS Word, but it freezes. Also, when shutting down the PC, Power Meter and DS Agent.exe are unresponsive, so I have to end it within the end program window. I had this problem before all the fixes.

The PC is still running very slow.

Just to let you know.

Thank you.

Kimballa

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:24 PM

Posted 23 January 2012 - 03:44 AM

Hi Kimballa!

Let me see what these scans find below and then we should have a better idea of where we stand.

Please run this script below:

OTL Fix

We need to run an OTL Fix

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    
    :Reg
    
    :Files
    c:\program files\Dse104e.exe
    c:\program files\PDRSETUP.EXE
    c:\program files\iTunesSetup.exe
    c:\program files\NF_Movie_Player_211.msi
    ipconfig /flushdns /c
    :Commands
    [purity]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Running aswMBR.exe

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

Edited by SweetTech, 23 January 2012 - 03:47 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 kimballa

kimballa
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 24 January 2012 - 01:05 AM

Hi Agent ST,

First, I need to tell you that I have Malwarebytes Anti-Malware on the PC, but it is the free version. It does not scan the system automatically, and it does not have an option to turn off.

I ran OTL, then TDSSKiller. This time I made sure all the threats had the skip option selected. I chose "Continue" and it did not reboot. I scanned again, and it did not reboot either. I gave up and looked for the log. It created two logs because I scanned twice. The log I am posting here is the second one.

Thank you for your continuing assistance.

Kimballa


All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
c:\program files\Dse104e.exe moved successfully.
c:\program files\PDRSETUP.EXE moved successfully.
c:\program files\iTunesSetup.exe moved successfully.
c:\program files\NF_Movie_Player_211.msi moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Kim\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Kim\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Alex
->Temp folder emptied: 356184503 bytes
->Temporary Internet Files folder emptied: 238415534 bytes
->Java cache emptied: 33480350 bytes
->FireFox cache emptied: 14148531 bytes
->Google Chrome cache emptied: 7709040 bytes
->Apple Safari cache emptied: 17925120 bytes
->Flash cache emptied: 525082 bytes

User: All Users

User: Default User
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41620 bytes

User: Erika
->Temp folder emptied: 272720836 bytes
->Temporary Internet Files folder emptied: 541054 bytes
->Java cache emptied: 85657164 bytes
->FireFox cache emptied: 4277802 bytes
->Google Chrome cache emptied: 1642864 bytes
->Apple Safari cache emptied: 51362816 bytes
->Flash cache emptied: 390923 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 42192 bytes

User: Kim
->Temp folder emptied: 147126854 bytes
->Temporary Internet Files folder emptied: 787571 bytes
->Java cache emptied: 76867728 bytes
->Google Chrome cache emptied: 82418681 bytes
->Flash cache emptied: 42953 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 144594 bytes
->Flash cache emptied: 405 bytes

User: Naoko
->Temp folder emptied: 5827920 bytes
->Temporary Internet Files folder emptied: 185923 bytes
->Java cache emptied: 123622337 bytes
->FireFox cache emptied: 4251001 bytes
->Google Chrome cache emptied: 334193657 bytes
->Flash cache emptied: 787458 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 252291 bytes
->Flash cache emptied: 102692 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49816 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,776.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: Alex
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Erika
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Kim
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: Naoko
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator

User: Alex
->Java cache emptied: 0 bytes

User: All Users

User: Default User

User: Erika
->Java cache emptied: 0 bytes

User: Guest
->Java cache emptied: 0 bytes

User: Kim
->Java cache emptied: 0 bytes

User: LocalService

User: Naoko
->Java cache emptied: 0 bytes

User: NetworkService
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01232012_173118

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_1c4.dat not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_700.dat not found!
File move failed. C:\WINDOWS\temp\T30DebugLogFile.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


18:38:13.0720 2632 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
18:38:14.0502 2632 ============================================================
18:38:14.0502 2632 Current date / time: 2012/01/23 18:38:14.0502
18:38:14.0502 2632 SystemInfo:
18:38:14.0502 2632
18:38:14.0502 2632 OS Version: 5.1.2600 ServicePack: 3.0
18:38:14.0502 2632 Product type: Workstation
18:38:14.0502 2632 ComputerName: MAINOFFICE
18:38:14.0517 2632 UserName: Kim
18:38:14.0517 2632 Windows directory: C:\WINDOWS
18:38:14.0517 2632 System windows directory: C:\WINDOWS
18:38:14.0517 2632 Processor architecture: Intel x86
18:38:14.0517 2632 Number of processors: 2
18:38:14.0517 2632 Page size: 0x1000
18:38:14.0517 2632 Boot type: Normal boot
18:38:14.0517 2632 ============================================================
18:38:15.0720 2632 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:38:15.0783 2632 Initialize success
18:38:24.0189 1328 ============================================================
18:38:24.0189 1328 Scan started
18:38:24.0189 1328 Mode: Manual; SigCheck; TDLFS;
18:38:24.0189 1328 ============================================================
18:38:24.0611 1328 Abiosdsk - ok
18:38:24.0720 1328 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
18:38:25.0736 1328 abp480n5 - ok
18:38:25.0861 1328 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:38:26.0189 1328 ACPI - ok
18:38:26.0283 1328 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:38:26.0470 1328 ACPIEC - ok
18:38:26.0548 1328 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
18:38:26.0783 1328 adpu160m - ok
18:38:26.0892 1328 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:38:27.0236 1328 aec - ok
18:38:27.0330 1328 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:38:27.0408 1328 AFD - ok
18:38:27.0502 1328 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:38:27.0627 1328 agp440 - ok
18:38:27.0720 1328 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
18:38:27.0877 1328 agpCPQ - ok
18:38:27.0939 1328 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
18:38:28.0017 1328 Aha154x - ok
18:38:28.0111 1328 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
18:38:28.0455 1328 aic78u2 - ok
18:38:28.0502 1328 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
18:38:28.0798 1328 aic78xx - ok
18:38:28.0892 1328 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
18:38:29.0173 1328 AliIde - ok
18:38:29.0236 1328 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
18:38:29.0517 1328 alim1541 - ok
18:38:29.0595 1328 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
18:38:29.0923 1328 amdagp - ok
18:38:29.0986 1328 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
18:38:30.0142 1328 amsint - ok
18:38:30.0267 1328 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
18:38:30.0517 1328 asc - ok
18:38:30.0611 1328 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
18:38:30.0736 1328 asc3350p - ok
18:38:30.0845 1328 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
18:38:31.0033 1328 asc3550 - ok
18:38:31.0111 1328 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
18:38:31.0111 1328 ASCTRM ( UnsignedFile.Multi.Generic ) - warning
18:38:31.0111 1328 ASCTRM - detected UnsignedFile.Multi.Generic (1)
18:38:31.0236 1328 Aspi32 (20d04091eba710f6988f710507d85868) C:\WINDOWS\system32\drivers\Aspi32.sys
18:38:31.0283 1328 Aspi32 ( UnsignedFile.Multi.Generic ) - warning
18:38:31.0283 1328 Aspi32 - detected UnsignedFile.Multi.Generic (1)
18:38:31.0314 1328 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:38:31.0798 1328 AsyncMac - ok
18:38:31.0877 1328 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:38:32.0127 1328 atapi - ok
18:38:32.0142 1328 Atdisk - ok
18:38:32.0220 1328 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:38:32.0548 1328 Atmarpc - ok
18:38:32.0642 1328 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:38:32.0908 1328 audstub - ok
18:38:32.0986 1328 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:38:33.0267 1328 Beep - ok
18:38:33.0470 1328 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120121.002\BHDrvx86.sys
18:38:33.0642 1328 BHDrvx86 - ok
18:38:33.0752 1328 brfilt (4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\system32\Drivers\Brfilt.sys
18:38:34.0017 1328 brfilt - ok
18:38:34.0095 1328 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
18:38:34.0173 1328 BrScnUsb - ok
18:38:34.0205 1328 BrSerIf (1a5fc78e41840edf79d65ec16eff2787) C:\WINDOWS\system32\Drivers\BrSerIf.sys
18:38:34.0252 1328 BrSerIf - ok
18:38:34.0314 1328 BrSerWDM (8e06cd96e00472c03770a697d04031c0) C:\WINDOWS\system32\Drivers\BrSerWdm.sys
18:38:34.0455 1328 BrSerWDM - ok
18:38:34.0533 1328 BrUsbMdm (37e2d0b12ddf536cd64af6eb3b580ef8) C:\WINDOWS\system32\Drivers\BrUsbMdm.sys
18:38:34.0767 1328 BrUsbMdm - ok
18:38:34.0845 1328 BrUsbScn (1c5f014048e5b2748c1a8ad297c50b6f) C:\WINDOWS\system32\Drivers\BrUsbScn.sys
18:38:35.0127 1328 BrUsbScn - ok
18:38:35.0189 1328 BrUsbSer (a24c7b39602218f8dbdb2b6704325fc7) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
18:38:35.0252 1328 BrUsbSer - ok
18:38:35.0283 1328 BT - ok
18:38:35.0314 1328 BTCOM - ok
18:38:35.0361 1328 BTCOMBUS - ok
18:38:35.0408 1328 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
18:38:35.0658 1328 BthEnum - ok
18:38:35.0767 1328 BtHidBus (da9e15e55c33392d7dfd7f21116214be) C:\WINDOWS\system32\Drivers\BtHidBus.sys
18:38:35.0783 1328 BtHidBus - ok
18:38:35.0845 1328 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
18:38:36.0111 1328 BthPan - ok
18:38:36.0189 1328 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
18:38:36.0267 1328 BTHPORT - ok
18:38:36.0392 1328 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
18:38:36.0752 1328 BTHUSB - ok
18:38:36.0845 1328 btnetBUs (7bb8ac22bc9e6a1e7707daecada95cd9) C:\WINDOWS\system32\Drivers\btnetBus.sys
18:38:36.0892 1328 btnetBUs - ok
18:38:36.0923 1328 catchme - ok
18:38:36.0986 1328 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
18:38:37.0220 1328 cbidf - ok
18:38:37.0283 1328 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:38:37.0595 1328 cbidf2k - ok
18:38:37.0658 1328 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
18:38:37.0814 1328 cd20xrnt - ok
18:38:37.0892 1328 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:38:38.0345 1328 Cdaudio - ok
18:38:38.0423 1328 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:38:38.0892 1328 Cdfs - ok
18:38:38.0955 1328 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:38:39.0783 1328 Cdrom - ok
18:38:39.0877 1328 Changer - ok
18:38:39.0986 1328 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
18:38:40.0267 1328 CmdIde - ok
18:38:40.0361 1328 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
18:38:40.0689 1328 Cpqarray - ok
18:38:40.0814 1328 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
18:38:41.0580 1328 dac2w2k - ok
18:38:41.0705 1328 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
18:38:42.0173 1328 dac960nt - ok
18:38:42.0252 1328 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:38:42.0548 1328 Disk - ok
18:38:42.0627 1328 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
18:38:42.0658 1328 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
18:38:42.0658 1328 DLABOIOM - detected UnsignedFile.Multi.Generic (1)
18:38:42.0720 1328 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
18:38:42.0752 1328 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
18:38:42.0767 1328 DLACDBHM - detected UnsignedFile.Multi.Generic (1)
18:38:42.0830 1328 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
18:38:42.0861 1328 DLADResN ( UnsignedFile.Multi.Generic ) - warning
18:38:42.0861 1328 DLADResN - detected UnsignedFile.Multi.Generic (1)
18:38:42.0892 1328 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
18:38:42.0955 1328 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
18:38:42.0970 1328 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
18:38:43.0048 1328 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
18:38:43.0158 1328 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
18:38:43.0158 1328 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
18:38:43.0205 1328 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
18:38:43.0220 1328 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
18:38:43.0220 1328 DLAPoolM - detected UnsignedFile.Multi.Generic (1)
18:38:43.0236 1328 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
18:38:43.0267 1328 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
18:38:43.0267 1328 DLARTL_N - detected UnsignedFile.Multi.Generic (1)
18:38:43.0330 1328 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
18:38:43.0392 1328 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
18:38:43.0392 1328 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
18:38:43.0455 1328 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
18:38:43.0517 1328 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
18:38:43.0517 1328 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
18:38:43.0705 1328 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:38:44.0345 1328 dmboot - ok
18:38:44.0470 1328 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:38:45.0002 1328 dmio - ok
18:38:45.0095 1328 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:38:46.0048 1328 dmload - ok
18:38:46.0158 1328 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:38:46.0986 1328 DMusic - ok
18:38:47.0236 1328 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
18:38:48.0095 1328 dpti2o - ok
18:38:48.0158 1328 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:38:49.0158 1328 drmkaud - ok
18:38:49.0283 1328 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
18:38:49.0361 1328 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
18:38:49.0361 1328 DRVMCDB - detected UnsignedFile.Multi.Generic (1)
18:38:49.0517 1328 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
18:38:49.0564 1328 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
18:38:49.0564 1328 DRVNDDM - detected UnsignedFile.Multi.Generic (1)
18:38:49.0673 1328 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
18:38:49.0736 1328 DSproct ( UnsignedFile.Multi.Generic ) - warning
18:38:49.0736 1328 DSproct - detected UnsignedFile.Multi.Generic (1)
18:38:49.0845 1328 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
18:38:50.0111 1328 E100B - ok
18:38:50.0252 1328 e1express (00192f0c612591d585594e9467e6ca8b) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
18:38:50.0330 1328 e1express - ok
18:38:50.0470 1328 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:38:50.0611 1328 eeCtrl - ok
18:38:50.0673 1328 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:38:50.0861 1328 EraserUtilRebootDrv - ok
18:38:51.0080 1328 FANTOM (e3b0cd18146f9d51a34969e9bc2458d2) C:\WINDOWS\system32\DRIVERS\fantom.sys
18:38:51.0236 1328 FANTOM ( UnsignedFile.Multi.Generic ) - warning
18:38:51.0236 1328 FANTOM - detected UnsignedFile.Multi.Generic (1)
18:38:51.0361 1328 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:38:52.0314 1328 Fastfat - ok
18:38:52.0423 1328 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:38:52.0798 1328 Fdc - ok
18:38:52.0877 1328 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:38:53.0127 1328 Fips - ok
18:38:53.0173 1328 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:38:54.0173 1328 Flpydisk - ok
18:38:54.0252 1328 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:38:54.0923 1328 FltMgr - ok
18:38:55.0048 1328 FsVga (455f778ee14368468560bd7cb8c854d0) C:\WINDOWS\system32\DRIVERS\fsvga.sys
18:38:56.0095 1328 FsVga - ok
18:38:56.0189 1328 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:38:56.0783 1328 Fs_Rec - ok
18:38:56.0892 1328 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:38:57.0345 1328 Ftdisk - ok
18:38:57.0470 1328 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:38:57.0548 1328 GEARAspiWDM - ok
18:38:57.0627 1328 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:38:57.0986 1328 Gpc - ok
18:38:58.0111 1328 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:38:58.0830 1328 HDAudBus - ok
18:38:58.0955 1328 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:38:59.0423 1328 HidUsb - ok
18:38:59.0548 1328 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
18:39:00.0752 1328 hpn - ok
18:39:00.0845 1328 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:39:01.0173 1328 HTTP - ok
18:39:01.0283 1328 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
18:39:02.0392 1328 i2omgmt - ok
18:39:02.0455 1328 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
18:39:02.0658 1328 i2omp - ok
18:39:02.0705 1328 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:39:03.0439 1328 i8042prt - ok
18:39:03.0533 1328 iaStor (019cf5f31c67030841233c545a0e217a) C:\WINDOWS\system32\drivers\iaStor.sys
18:39:03.0720 1328 iaStor - ok
18:39:03.0923 1328 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120119.006\IDSxpx86.sys
18:39:04.0048 1328 IDSxpx86 - ok
18:39:04.0158 1328 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:39:04.0752 1328 Imapi - ok
18:39:04.0861 1328 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
18:39:05.0455 1328 ini910u - ok
18:39:05.0595 1328 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:39:06.0392 1328 IntelIde - ok
18:39:06.0486 1328 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:39:07.0533 1328 intelppm - ok
18:39:07.0595 1328 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:39:08.0486 1328 Ip6Fw - ok
18:39:08.0611 1328 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:39:09.0080 1328 IpFilterDriver - ok
18:39:09.0142 1328 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:39:09.0673 1328 IpInIp - ok
18:39:09.0736 1328 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:39:10.0173 1328 IpNat - ok
18:39:10.0314 1328 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:39:10.0923 1328 IPSec - ok
18:39:11.0033 1328 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:39:11.0455 1328 IRENUM - ok
18:39:11.0548 1328 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:39:11.0861 1328 isapnp - ok
18:39:11.0939 1328 IvtBtBUs (132eb047e3f94dc9eab83c74e8c2e85a) C:\WINDOWS\system32\Drivers\IvtBtBus.sys
18:39:11.0986 1328 IvtBtBUs - ok
18:39:12.0095 1328 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:39:12.0970 1328 Kbdclass - ok
18:39:13.0080 1328 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:39:13.0767 1328 kbdhid - ok
18:39:13.0830 1328 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:39:14.0517 1328 kmixer - ok
18:39:14.0595 1328 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:39:14.0642 1328 KSecDD - ok
18:39:14.0814 1328 lbrtfdc - ok
18:39:14.0908 1328 LxrSII1d (db7f488269290a8c1907602b7f4c213d) C:\WINDOWS\system32\Drivers\LxrSII1d.sys
18:39:14.0923 1328 LxrSII1d ( UnsignedFile.Multi.Generic ) - warning
18:39:14.0923 1328 LxrSII1d - detected UnsignedFile.Multi.Generic (1)
18:39:15.0017 1328 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys
18:39:15.0298 1328 mf - ok
18:39:15.0361 1328 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:39:15.0736 1328 mnmdd - ok
18:39:15.0814 1328 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:39:16.0189 1328 Modem - ok
18:39:16.0252 1328 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:39:16.0439 1328 Mouclass - ok
18:39:16.0564 1328 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:39:17.0423 1328 mouhid - ok
18:39:17.0533 1328 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:39:18.0158 1328 MountMgr - ok
18:39:18.0252 1328 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
18:39:18.0502 1328 mraid35x - ok
18:39:18.0627 1328 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:39:19.0330 1328 MRxDAV - ok
18:39:19.0455 1328 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:39:19.0689 1328 MRxSmb - ok
18:39:19.0798 1328 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:39:20.0580 1328 Msfs - ok
18:39:20.0798 1328 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:39:21.0298 1328 MSKSSRV - ok
18:39:21.0533 1328 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:39:21.0939 1328 MSPCLOCK - ok
18:39:22.0095 1328 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:39:22.0861 1328 MSPQM - ok
18:39:23.0002 1328 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:39:23.0533 1328 mssmbios - ok
18:39:23.0658 1328 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:39:23.0736 1328 Mup - ok
18:39:23.0814 1328 MXOPSWD (216ac775320f64de28cfeb7c179c4ff9) C:\WINDOWS\system32\DRIVERS\mxopswd.sys
18:39:24.0111 1328 MXOPSWD - ok
18:39:24.0252 1328 NAL (1e59aaed42a5e3a5ed86ec403f9c0776) C:\WINDOWS\system32\Drivers\iqvw32.sys
18:39:24.0283 1328 NAL ( UnsignedFile.Multi.Generic ) - warning
18:39:24.0283 1328 NAL - detected UnsignedFile.Multi.Generic (1)
18:39:24.0705 1328 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120123.002\NAVENG.SYS
18:39:24.0798 1328 NAVENG - ok
18:39:25.0080 1328 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120123.002\NAVEX15.SYS
18:39:25.0330 1328 NAVEX15 - ok
18:39:25.0455 1328 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:39:25.0861 1328 NDIS - ok
18:39:25.0986 1328 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:39:26.0236 1328 NdisTapi - ok
18:39:26.0330 1328 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:39:26.0877 1328 Ndisuio - ok
18:39:26.0986 1328 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:39:27.0423 1328 NdisWan - ok
18:39:27.0533 1328 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:39:27.0798 1328 NDProxy - ok
18:39:27.0908 1328 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:39:28.0455 1328 NetBIOS - ok
18:39:28.0627 1328 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:39:29.0236 1328 NetBT - ok
18:39:29.0377 1328 NmPar (2497646e228c3e9e50ed3137e25ea9be) C:\WINDOWS\system32\DRIVERS\NmPar.sys
18:39:29.0470 1328 NmPar - ok
18:39:29.0548 1328 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:39:29.0908 1328 Npfs - ok
18:39:30.0017 1328 npkcrypt - ok
18:39:30.0111 1328 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:39:30.0689 1328 Ntfs - ok
18:39:30.0798 1328 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
18:39:30.0892 1328 NuidFltr - ok
18:39:30.0970 1328 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:39:31.0267 1328 Null - ok
18:39:31.0611 1328 nv (5950e6cc9fb3fabb61604d395dbc8550) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:39:32.0189 1328 nv - ok
18:39:32.0330 1328 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:39:33.0236 1328 NwlnkFlt - ok
18:39:33.0330 1328 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:39:34.0111 1328 NwlnkFwd - ok
18:39:34.0252 1328 PalmUSBD (dc450992eba6f914080c1f7fbeeed72c) C:\WINDOWS\system32\drivers\PalmUSBD.sys
18:39:34.0345 1328 PalmUSBD - ok
18:39:34.0502 1328 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:39:35.0173 1328 Parport - ok
18:39:35.0298 1328 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:39:35.0595 1328 PartMgr - ok
18:39:35.0673 1328 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:39:36.0095 1328 ParVdm - ok
18:39:36.0173 1328 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:39:36.0689 1328 PCI - ok
18:39:36.0752 1328 PCIDump - ok
18:39:36.0861 1328 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:39:37.0548 1328 PCIIde - ok
18:39:37.0689 1328 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:39:38.0127 1328 Pcmcia - ok
18:39:38.0252 1328 PDCOMP - ok
18:39:38.0283 1328 PDFRAME - ok
18:39:38.0314 1328 PDRELI - ok
18:39:38.0392 1328 PDRFRAME - ok
18:39:38.0455 1328 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
18:39:39.0517 1328 perc2 - ok
18:39:39.0642 1328 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
18:39:39.0955 1328 perc2hib - ok
18:39:40.0205 1328 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:39:40.0752 1328 PptpMiniport - ok
18:39:40.0861 1328 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:39:41.0205 1328 PSched - ok
18:39:41.0283 1328 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:39:42.0455 1328 Ptilink - ok
18:39:42.0580 1328 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:39:42.0611 1328 PxHelp20 - ok
18:39:42.0658 1328 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
18:39:42.0892 1328 ql1080 - ok
18:39:42.0986 1328 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
18:39:43.0173 1328 Ql10wnt - ok
18:39:43.0283 1328 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
18:39:43.0517 1328 ql12160 - ok
18:39:43.0564 1328 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
18:39:43.0767 1328 ql1240 - ok
18:39:43.0845 1328 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
18:39:44.0173 1328 ql1280 - ok
18:39:44.0236 1328 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:39:44.0455 1328 RasAcd - ok
18:39:44.0502 1328 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:39:44.0798 1328 Rasl2tp - ok
18:39:44.0877 1328 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:39:45.0298 1328 RasPppoe - ok
18:39:45.0392 1328 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:39:45.0736 1328 Raspti - ok
18:39:45.0830 1328 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:39:46.0048 1328 Rdbss - ok
18:39:46.0095 1328 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:39:46.0439 1328 RDPCDD - ok
18:39:46.0533 1328 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:39:46.0783 1328 rdpdr - ok
18:39:46.0861 1328 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:39:46.0892 1328 RDPWD - ok
18:39:46.0970 1328 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:39:47.0205 1328 redbook - ok
18:39:47.0267 1328 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
18:39:47.0502 1328 RFCOMM - ok
18:39:47.0627 1328 RSBLKM2 (26eb0049b96122f9b2052acb0817f097) C:\WINDOWS\system32\DRIVERS\RSBLKM2.SYS
18:39:47.0658 1328 RSBLKM2 ( UnsignedFile.Multi.Generic ) - warning
18:39:47.0658 1328 RSBLKM2 - detected UnsignedFile.Multi.Generic (1)
18:39:47.0705 1328 RSBLKRM2 (efcda04316baa1548fb1e07f636653ea) C:\WINDOWS\system32\DRIVERS\rsblkrm2.sys
18:39:47.0705 1328 RSBLKRM2 ( UnsignedFile.Multi.Generic ) - warning
18:39:47.0705 1328 RSBLKRM2 - detected UnsignedFile.Multi.Generic (1)
18:39:47.0908 1328 scsiscan (089870dab7aa277585c475ae09ee4c63) C:\WINDOWS\system32\DRIVERS\scsiscan.sys
18:39:48.0048 1328 scsiscan - ok
18:39:48.0173 1328 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:39:48.0236 1328 Secdrv - ok
18:39:48.0330 1328 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:39:48.0439 1328 serenum - ok
18:39:48.0533 1328 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:39:48.0783 1328 Serial - ok
18:39:48.0877 1328 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:39:49.0205 1328 Sfloppy - ok
18:39:49.0252 1328 Simbad - ok
18:39:49.0345 1328 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
18:39:49.0642 1328 sisagp - ok
18:39:49.0673 1328 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
18:39:49.0798 1328 Sparrow - ok
18:39:49.0861 1328 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:39:50.0142 1328 splitter - ok
18:39:50.0236 1328 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:39:50.0345 1328 sr - ok
18:39:50.0423 1328 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS
18:39:50.0455 1328 SRTSP - ok
18:39:50.0502 1328 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS
18:39:50.0548 1328 SRTSPX - ok
18:39:50.0627 1328 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:39:50.0673 1328 Srv - ok
18:39:50.0767 1328 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys
18:39:50.0908 1328 STHDA - ok
18:39:51.0017 1328 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:39:51.0267 1328 swenum - ok
18:39:51.0330 1328 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:39:51.0642 1328 swmidi - ok
18:39:51.0720 1328 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
18:39:52.0111 1328 symc810 - ok
18:39:52.0158 1328 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
18:39:52.0408 1328 symc8xx - ok
18:39:52.0533 1328 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS
18:39:52.0595 1328 SymDS - ok
18:39:52.0689 1328 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS
18:39:52.0736 1328 SymEFA - ok
18:39:52.0798 1328 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
18:39:52.0830 1328 SymEvent - ok
18:39:52.0908 1328 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS
18:39:52.0939 1328 SymIRON - ok
18:39:53.0064 1328 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS
18:39:53.0095 1328 SYMTDI - ok
18:39:53.0142 1328 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
18:39:53.0314 1328 sym_hi - ok
18:39:53.0392 1328 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
18:39:53.0658 1328 sym_u3 - ok
18:39:53.0736 1328 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:39:54.0048 1328 sysaudio - ok
18:39:54.0173 1328 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:39:54.0236 1328 Tcpip - ok
18:39:54.0298 1328 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:39:54.0548 1328 TDPIPE - ok
18:39:54.0627 1328 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:39:54.0923 1328 TDTCP - ok
18:39:55.0002 1328 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:39:55.0173 1328 TermDD - ok
18:39:55.0283 1328 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
18:39:55.0611 1328 TosIde - ok
18:39:55.0720 1328 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:39:55.0892 1328 Udfs - ok
18:39:55.0955 1328 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
18:39:56.0111 1328 ultra - ok
18:39:56.0158 1328 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:39:56.0408 1328 Update - ok
18:39:56.0517 1328 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:39:56.0595 1328 USBAAPL - ok
18:39:56.0658 1328 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:39:56.0923 1328 usbccgp - ok
18:39:57.0048 1328 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:39:57.0361 1328 usbehci - ok
18:39:57.0455 1328 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:39:57.0673 1328 usbhub - ok
18:39:57.0814 1328 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:39:58.0064 1328 usbprint - ok
18:39:58.0158 1328 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:39:58.0345 1328 usbscan - ok
18:39:58.0439 1328 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.sys
18:39:58.0783 1328 USBSTOR - ok
18:39:58.0892 1328 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:39:59.0189 1328 usbuhci - ok
18:39:59.0298 1328 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:39:59.0673 1328 VgaSave - ok
18:39:59.0783 1328 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
18:39:59.0955 1328 viaagp - ok
18:40:00.0048 1328 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
18:40:00.0189 1328 ViaIde - ok
18:40:00.0252 1328 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:40:00.0595 1328 VolSnap - ok
18:40:00.0705 1328 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:40:01.0048 1328 Wanarp - ok
18:40:01.0095 1328 wanatw - ok
18:40:01.0173 1328 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
18:40:01.0252 1328 Wdf01000 - ok
18:40:01.0298 1328 WDICA - ok
18:40:01.0345 1328 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:40:01.0564 1328 wdmaud - ok
18:40:01.0814 1328 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
18:40:01.0877 1328 WpdUsb - ok
18:40:01.0908 1328 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:40:02.0095 1328 WS2IFSL - ok
18:40:02.0205 1328 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:40:02.0298 1328 WudfPf - ok
18:40:02.0361 1328 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:40:02.0439 1328 WudfRd - ok
18:40:02.0548 1328 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
18:40:02.0673 1328 \Device\Harddisk0\DR0 - ok
18:40:02.0720 1328 Boot (0x1200) (b605ccf43f6ee29c0938b99fb0bc3227) \Device\Harddisk0\DR0\Partition0
18:40:02.0736 1328 \Device\Harddisk0\DR0\Partition0 - ok
18:40:02.0736 1328 ============================================================
18:40:02.0736 1328 Scan finished
18:40:02.0736 1328 ============================================================
18:40:02.0877 3496 Detected object count: 19
18:40:02.0877 3496 Actual detected object count: 19
18:44:25.0642 3496 ASCTRM ( UnsignedFile.Multi.Generic ) - skipped by user
18:44:25.0642 3496 ASCTRM ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:44:25.0642 3496 Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user
18:44:25.0642 3496 Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:44:25.0642 3496 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
18:44:25.0642 3496 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:44:25.0642 3496 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
18:44:25.0642 3496 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:44:25.0673 3496 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
18:44:25.0673 3496 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:44:25.0673 3496 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
18:44:25.0673 3496 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:44:25.0689 3496 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
18:44:25.0689 3496 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:44:25.0689 3496 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
18:44:25.0689 3496 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:44:25.0705 3496 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
18:44:25.0705 3496 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:44:25.0720 3496 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
18:44:25.0720 3496 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:44:25.0736 3496 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
18:44:25.0736 3496 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:44:25.0752 3496 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
18:44:25.0752 3496 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:44:25.0767 3496 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
18:44:25.0767 3496 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:44:25.0767 3496 DSproct ( UnsignedFile.Multi.Generic ) - skipped by user
18:44:25.0767 3496 DSproct ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:44:25.0767 3496 FANTOM ( UnsignedFile.Multi.Generic ) - skipped by user
18:44:25.0767 3496 FANTOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:44:25.0814 3496 LxrSII1d ( UnsignedFile.Multi.Generic ) - skipped by user
18:44:25.0814 3496 LxrSII1d ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:44:25.0845 3496 NAL ( UnsignedFile.Multi.Generic ) - skipped by user
18:44:25.0845 3496 NAL ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:44:25.0877 3496 RSBLKM2 ( UnsignedFile.Multi.Generic ) - skipped by user
18:44:25.0877 3496 RSBLKM2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:44:25.0908 3496 RSBLKRM2 ( UnsignedFile.Multi.Generic ) - skipped by user
18:44:25.0908 3496 RSBLKRM2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:45:06.0455 2884 Deinitialize success

aswMBR version 0.9.9.1509 Copyright© 2011 AVAST Software
Run date: 2012-01-23 19:30:35
-----------------------------
19:30:35.252 OS Version: Windows 5.1.2600 Service Pack 3
19:30:35.252 Number of processors: 2 586 0xF06
19:30:35.267 ComputerName: MAINOFFICE UserName: Kim
19:30:38.923 Initialize success
19:33:30.142 AVAST engine defs: 12012301
19:33:35.080 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:33:35.095 Disk 0 Vendor: ST316081 3.AD Size: 152587MB BusType: 3
19:33:35.111 Disk 0 MBR read successfully
19:33:35.111 Disk 0 MBR scan
19:33:35.236 Disk 0 unknown MBR code
19:33:35.236 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
19:33:35.298 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 149330 MB offset 96390
19:33:35.330 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3208 MB offset 305925795
19:33:35.361 Disk 0 scanning sectors +312496380
19:33:35.470 Disk 0 scanning C:\WINDOWS\system32\drivers
19:34:46.830 Service scanning
19:34:54.345 Modules scanning
19:35:05.095 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
19:35:07.080 Disk 0 trace - called modules:
19:35:07.095 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:35:07.111 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b2f4680]
19:35:07.111 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8b2c8030]
19:35:08.048 AVAST engine scan C:\WINDOWS
19:36:03.127 AVAST engine scan C:\WINDOWS\system32
19:45:07.783 AVAST engine scan C:\WINDOWS\system32\drivers
19:46:31.439 AVAST engine scan C:\Documents and Settings\Kim
20:46:03.502 AVAST engine scan C:\Documents and Settings\All Users
21:04:13.080 Scan finished successfully
21:05:41.783 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Kim\Desktop\MBR.dat"
21:05:41.783 The log file has been saved successfully to "C:\Documents and Settings\Kim\Desktop\aswMBR.txt"

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:24 PM

Posted 24 January 2012 - 03:05 AM

Hi Kimballa!

First, I need to tell you that I have Malwarebytes Anti-Malware on the PC, but it is the free version. It does not scan the system automatically, and it does not have an option to turn off.

That's fine. That tidbit was for users I work with who have the Pro version or Trial version, as it can cause the system to hang when running the script.

Thank you for your continuing assistance.

You are welcome. :)

Can you please upload this file to VirusTotal for me?

C:\WINDOWS\System32\DLA\DLADResN.SYS

I realize the image and instructions below maybe a bit different then what you'll see when you visit VirusTotal, but please try your best to upload the file using them below.

I still haven't gotten around to updating them yet.

VirusTotal File Scan
Please go to: VirusTotal
  • Posted Image
  • Click the Choose File button and search for the following file: C:\WINDOWS\System32\DLA\DLADResN.SYS
  • Click Open
  • Then click Send File
If it says already scanned -- click "reanalyze now"

  • Please be patient while the file is scanned.
  • Once the scan results appear, please click on the Compact button.
  • A new window should appear with a bunch of tabs at the top. Please click on the BBCode tab.
  • Copy and Paste the contents of the text in the BBCode into your next reply for me to review.

Please post the results in your next reply

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 kimballa

kimballa
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 24 January 2012 - 01:45 PM

Hi Agent ST,

I am currently uploading the file to Virus Total, and It has been three hours since I clicked the "Send File". Is it normal?

Also, last time when I shut down the PC, the Windows updates started. I was assuming that it would end the process and the PC would be be turned off. Seven hours later the PC was still downloading the updates, and the status is still 1 of 19. As I previously mentioned, I had not seen Windows Updates' download for a long time.

Just to let you know.

Thank you.

Kimballa

#14 kimballa

kimballa
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 24 January 2012 - 11:23 PM

It has been more than 12 hours, and it still is uploading. What should I do?

#15 kimballa

kimballa
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 24 January 2012 - 11:55 PM

Hi Agent ST,

After more than 12 hours of uploading, I gave up and closed the uploading window. Then, the window said it analyzed, so I chose reanalyze, then the results appeared. There was no Compact button, nor BBCode tab. I copied the screen and pasted here.

Thank you for your assistance.

Kimballa


SHA256: 25b18fef62395abb1eb4c17d81d9eb31759f6c5dbaa5cdb192949055d69e3071
Detection ratio: 0 / 43
Analysis date: 2012-01-25 04:43:38 UTC ( 0 minutes ago )


Antivirus Result Update
AhnLab-V3 - 20120122
AntiVir - 20120123
Antiy-AVL - 20120121
Avast - 20120123
AVG - 20120123
BitDefender - 20120123
ByteHero - 20120123
CAT-QuickHeal - 20120123
ClamAV - 20120123
Commtouch - 20120123
Comodo - 20120123
DrWeb - 20120124
Emsisoft - 20120123
eSafe - 20120123
eTrust-Vet - 20120123
F-Prot - 20120123
F-Secure - 20120123
Fortinet - 20120124
GData - 20120123
Ikarus - 20120123
Jiangmin - 20120123
K7AntiVirus - 20120123
Kaspersky - 20120124
McAfee - 20120121
McAfee-GW-Edition- 20120124
Microsoft - 20120123
NOD32 - 20120123
Norman - 20120123
nProtect - 20120123
Panda - 20120123
PCTools - 20120123
Prevx - 20120125
Rising - 20120118
Sophos - 20120123
SUPERAntiSpyware- 20120123
Symantec - 20120124
TheHacker - 20120123
TrendMicro - 20120123
TrendMicro-HouseCall- 20120124
VBA32 - 20120123
VIPRE - 20120123
ViRobot - 20120123
VirusBuster - 20120123


ssdeep file piecewise hash
48:67ouQd4a3el4bdc0L+EALglo/AAkON2hKwARHnE:6HMl3e30SEKgl/cN1wh
TrID file type information
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
ExifTool file metadata
SubsystemVersion.........: 4.0
InitializedDataSize......: 1280
BuildName................: TFSREL5x
ImageVersion.............: 4.0
FileVersionNumber........: 5.20.8.0
UninitializedDataSize....: 0
LanguageCode.............: English (U.S.)
FileFlagsMask............: 0x003f
CharacterSet.............: Unicode
LinkerVersion............: 6.0
MIMEType.................: application/octet-stream
Subsystem................: Native
FileVersion..............: 5.20.08a
TimeStamp................: 2005:09:08 17:32:10+01:00
FileType.................: Win32 EXE
PEType...................: PE32
FileDescription..........: Drive Letter Access Component
OSVersion................: 4.0
FileOS...................: Win32
LegalCopyright...........: Copyright 2004 Sonic Solutions
MachineType..............: Intel 386 or later, and compatibles
CompanyName..............: Sonic Solutions
CodeSize.................: 384
FileSubtype..............: 0
ProductVersionNumber.....: 1.0.0.1
EntryPoint...............: 0x035b
ObjectFileType...........: Dynamic link library
Sigcheck digital signature information
publisher................: Sonic Solutions
copyright................: Copyright © 2004 Sonic Solutions
file version.............: 5.20.08a
description..............: Drive Letter Access Component
Portable Executable structural information
Compilation timedatestamp.....: 2005-09-08 16:32:10
Target machine................: 332
Entry point address...........: 0x0000035B

PE Sections...................:

Name Virtual Address Virtual Size Raw Size Entropy MD5
.text 768 244 256 5.27 406f5fecf3d894e2a6e9f7eb5a2d3dda
.rdata 1024 44 64 1.52 9037c1cf9e46b3259544283d8aceea87
.data 1088 308 320 4.18 954236571c88e8ded7ee1cbe1c5ab0b8
.edata 1408 75 96 3.07 928f4fec04b08947d3b022da2499390b
INIT 1504 122 128 3.41 785a43c870286f1a8264753e9e008a47
.rsrc 1632 688 704 3.09 a8fc0f57ef3fe119a08613a0f178abeb
.reloc 2336 72 96 3.58 5cca03dc1c176d066aba51f094fb2e22

PE Imports....................:

DLARTL_N.SYS
SetSystemProperty, GetSystemProperty, mbstowcs


PE Exports....................:

L, o, a, d, S, t, r, i, n, g, W
First seen by VirusTotal
2007-11-15 01:05:06 UTC ( 4 years, 2 months ago )
Last seen by VirusTotal
2012-01-25 04:43:38 UTC ( 1 minute ago )
File names (max. 25)
DLADResN.SYS
DLADResN.SYS
6630E183C0C24817091200192F703E00B79BCD14.sys
DLADResN.SYS
DLADResN.sys
DPYWEESLEW-547.pms.sys.SVD




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users