Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cycbot backdoor, Tidserv activity, others


  • This topic is locked This topic is locked
39 replies to this topic

#1 howard sprague jr

howard sprague jr

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 10 February 2012 - 09:24 AM

Hi,
I am on XP. I am getting messages from symantec icon saying System Infected: Cycbot Backdoor Activity 4, or System Infected: Tidserv Activity.
Also getting message saying Traffic from IP so and so has been blocked. Also saw a couple of Web Attack: JRE Trusted Method messages -
they went away before I could get the whole message.
Symantec AV protection and Proactive Threat Protection are off and I can't turn them on on.
In Symantec risk log there are 3 infostealers - deleted, and 1 trojan.zeroaccess!kmem - not deleted.
Other symptoms are I periodically hear that ding you hear when a pop up box pops up, but there is no pop up.
And computer will start running incredibly slowly, but at times it is OK. And if I put computer on stand by it will not come back up. I have to turn off then back on.
In other words, I got dumped on.

Help greatly appreciated.

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Paul at 1:01:54 on 2012-02-08
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.1610 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.live.com
uInternet Connection Wizard,ShellNext = hxxp://www.daz3d.com/i.x/software/studio/-/sreg?regid=116B988CB00FF4A81257B210BB56E0D9&s=W
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - c:\program files\freecordertoolbar\vmntemplateX.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: @c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
TB: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - c:\program files\freecordertoolbar\vmntemplateX.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Bing Bar] "c:\program files\msn toolbar\platform\5.0.1423.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
StartupFolder: c:\docume~1\paul\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
LSP: mswsock.dll
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\www.update
Trusted Zone: windowsupdate.com\download
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1259021722343
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 24.247.15.53 66.189.0.100 24.178.162.3
TCP: Interfaces\{17A8ADBC-5311-40BC-AD31-ADA70130B135} : DhcpNameServer = 24.247.15.53 66.189.0.100 24.178.162.3
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\paul\application data\mozilla\firefox\profiles\zlzkuuyo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.wmich.edu/library
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 52889
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\paul\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\animeeple\npanimeep.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\3.0.40818.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-3-17 65536]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-2-1 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-2-1 108392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-7 106104]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120207.020\NAVENG.SYS [2012-2-7 86136]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120207.020\NAVEX15.SYS [2012-2-7 1576312]
S0 cerc6;cerc6; [x]
S2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2008-5-9 2240944]
S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [2006-7-31 580992]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
.
=============== Created Last 30 ================
.
2012-02-08 02:05:36 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-08 02:05:06 -------- d-----w- c:\program files\38E3A
2012-02-08 02:04:42 -------- d-----w- c:\documents and settings\paul\application data\44B38
2012-02-08 02:04:32 -------- d-----w- c:\program files\LP
2012-02-08 02:04:32 -------- d-----w- c:\documents and settings\paul\local settings\application data\SanctionedMedia
2012-01-15 21:01:08 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-01-15 21:01:08 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-15 21:01:08 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-15 21:01:08 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
.
==================== Find3M ====================
.
2011-12-12 03:01:29 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
.
============= FINISH: 1:04:48.51 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:31 PM

Posted 10 February 2012 - 06:31 PM

Hi,

Please do the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under Additional options, put a check mark in the box next to Detect TDLFS File System
  • click OK
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)



NEXT



Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 howard sprague jr

howard sprague jr
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 10 February 2012 - 10:25 PM

Hi CatByte
Thank you for the prompt response.
Couple of questions though - TDSS killer found 1 malware object-high risk and 1 suspicious object-medium risk. Not sure if the high risk object should be cured, or if it is just for "Malicious" objects.
And, the log you are asking for - is this the DDS log?

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:31 PM

Posted 10 February 2012 - 11:05 PM

Hi,

I'm looking for the TDSSKiller log and then the ComboFix log

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 howard sprague jr

howard sprague jr
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 11 February 2012 - 02:29 AM

Things seem OK, at least I can turn on symantec.

TDSS LOG

01:08:19.0421 2444 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
01:08:20.0000 2444 ============================================================
01:08:20.0000 2444 Current date / time: 2012/02/11 01:08:20.0000
01:08:20.0000 2444 SystemInfo:
01:08:20.0000 2444
01:08:20.0000 2444 OS Version: 5.1.2600 ServicePack: 3.0
01:08:20.0000 2444 Product type: Workstation
01:08:20.0000 2444 ComputerName: D2J5BZK1
01:08:20.0000 2444 UserName: Paul
01:08:20.0000 2444 Windows directory: C:\WINDOWS
01:08:20.0000 2444 System windows directory: C:\WINDOWS
01:08:20.0000 2444 Processor architecture: Intel x86
01:08:20.0000 2444 Number of processors: 2
01:08:20.0000 2444 Page size: 0x1000
01:08:20.0000 2444 Boot type: Normal boot
01:08:20.0000 2444 ============================================================
01:08:22.0187 2444 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
01:08:22.0187 2444 \Device\Harddisk0\DR0:
01:08:22.0187 2444 MBR used
01:08:22.0187 2444 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2738A, BlocksNum 0x129DDD72
01:08:22.0234 2444 Initialize success
01:08:22.0234 2444 ============================================================
01:08:31.0125 0748 ============================================================
01:08:31.0125 0748 Scan started
01:08:31.0125 0748 Mode: Manual; TDLFS;
01:08:31.0125 0748 ============================================================
01:08:32.0000 0748 Abiosdsk - ok
01:08:32.0125 0748 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
01:08:32.0140 0748 abp480n5 - ok
01:08:32.0265 0748 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
01:08:32.0265 0748 ACPI - ok
01:08:32.0437 0748 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
01:08:32.0437 0748 ACPIEC - ok
01:08:32.0593 0748 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
01:08:32.0593 0748 adpu160m - ok
01:08:32.0875 0748 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
01:08:32.0875 0748 aec - ok
01:08:33.0156 0748 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
01:08:33.0156 0748 Afc - ok
01:08:33.0312 0748 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
01:08:33.0312 0748 AFD - ok
01:08:33.0375 0748 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
01:08:33.0375 0748 agp440 - ok
01:08:33.0453 0748 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
01:08:33.0453 0748 agpCPQ - ok
01:08:33.0578 0748 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
01:08:33.0593 0748 Aha154x - ok
01:08:33.0640 0748 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
01:08:33.0640 0748 aic78u2 - ok
01:08:33.0750 0748 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
01:08:33.0750 0748 aic78xx - ok
01:08:34.0015 0748 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
01:08:34.0015 0748 AliIde - ok
01:08:34.0140 0748 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
01:08:34.0140 0748 alim1541 - ok
01:08:34.0265 0748 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
01:08:34.0265 0748 amdagp - ok
01:08:34.0312 0748 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
01:08:34.0312 0748 AmdK8 - ok
01:08:34.0421 0748 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
01:08:34.0437 0748 amsint - ok
01:08:34.0500 0748 APL531 (1fc8a7e5c3aed31f00940c6ab2fd9b49) C:\WINDOWS\system32\Drivers\ov550i.sys
01:08:34.0515 0748 APL531 - ok
01:08:34.0625 0748 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
01:08:34.0625 0748 asc - ok
01:08:34.0703 0748 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
01:08:34.0703 0748 asc3350p - ok
01:08:34.0781 0748 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
01:08:34.0796 0748 asc3550 - ok
01:08:35.0046 0748 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
01:08:35.0046 0748 AsyncMac - ok
01:08:35.0171 0748 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
01:08:35.0171 0748 atapi - ok
01:08:35.0265 0748 Atdisk - ok
01:08:35.0328 0748 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
01:08:35.0328 0748 Atmarpc - ok
01:08:35.0484 0748 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
01:08:35.0484 0748 audstub - ok
01:08:35.0562 0748 b57w2k (d0692f7b8217e3b82d2bfac535816117) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
01:08:35.0562 0748 b57w2k - ok
01:08:35.0656 0748 BASFND (3d87b0484be1093c6614062701f375c5) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
01:08:35.0656 0748 BASFND - ok
01:08:35.0765 0748 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
01:08:35.0765 0748 Beep - ok
01:08:35.0843 0748 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
01:08:35.0843 0748 cbidf - ok
01:08:35.0859 0748 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
01:08:35.0859 0748 cbidf2k - ok
01:08:35.0890 0748 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
01:08:35.0890 0748 CCDECODE - ok
01:08:36.0031 0748 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
01:08:36.0031 0748 cd20xrnt - ok
01:08:36.0140 0748 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
01:08:36.0140 0748 Cdaudio - ok
01:08:36.0250 0748 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
01:08:36.0250 0748 Cdfs - ok
01:08:36.0421 0748 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
01:08:36.0421 0748 Cdrom - ok
01:08:36.0500 0748 cerc6 - ok
01:08:36.0546 0748 Changer - ok
01:08:36.0765 0748 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
01:08:36.0765 0748 CmdIde - ok
01:08:36.0843 0748 COH_Mon (6186b6b953bdc884f0f379b84b3e3a98) C:\WINDOWS\system32\Drivers\COH_Mon.sys
01:08:36.0843 0748 COH_Mon - ok
01:08:37.0000 0748 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
01:08:37.0000 0748 Cpqarray - ok
01:08:37.0062 0748 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
01:08:37.0062 0748 dac2w2k - ok
01:08:37.0140 0748 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
01:08:37.0140 0748 dac960nt - ok
01:08:37.0218 0748 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
01:08:37.0234 0748 Disk - ok
01:08:37.0328 0748 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
01:08:37.0328 0748 dmboot - ok
01:08:37.0390 0748 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
01:08:37.0390 0748 dmio - ok
01:08:37.0437 0748 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
01:08:37.0437 0748 dmload - ok
01:08:37.0593 0748 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
01:08:37.0593 0748 DMusic - ok
01:08:37.0781 0748 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
01:08:37.0781 0748 dpti2o - ok
01:08:37.0859 0748 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
01:08:37.0859 0748 drmkaud - ok
01:08:38.0031 0748 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
01:08:38.0031 0748 eeCtrl - ok
01:08:38.0078 0748 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
01:08:38.0078 0748 EraserUtilRebootDrv - ok
01:08:38.0234 0748 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
01:08:38.0234 0748 Fastfat - ok
01:08:38.0375 0748 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
01:08:38.0375 0748 Fdc - ok
01:08:38.0421 0748 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
01:08:38.0421 0748 Fips - ok
01:08:38.0562 0748 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
01:08:38.0562 0748 Flpydisk - ok
01:08:38.0656 0748 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
01:08:38.0656 0748 FltMgr - ok
01:08:38.0812 0748 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
01:08:38.0812 0748 Fs_Rec - ok
01:08:38.0906 0748 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
01:08:38.0906 0748 Ftdisk - ok
01:08:38.0968 0748 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
01:08:38.0968 0748 Gpc - ok
01:08:39.0046 0748 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
01:08:39.0046 0748 HDAudBus - ok
01:08:39.0140 0748 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
01:08:39.0140 0748 hidusb - ok
01:08:39.0265 0748 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
01:08:39.0265 0748 hpn - ok
01:08:39.0375 0748 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
01:08:39.0375 0748 HTTP - ok
01:08:39.0453 0748 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
01:08:39.0453 0748 i2omgmt - ok
01:08:39.0484 0748 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
01:08:39.0484 0748 i2omp - ok
01:08:39.0703 0748 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
01:08:39.0703 0748 Imapi - ok
01:08:39.0812 0748 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
01:08:39.0812 0748 ini910u - ok
01:08:40.0031 0748 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
01:08:40.0031 0748 IntelIde - ok
01:08:40.0140 0748 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
01:08:40.0156 0748 intelppm - ok
01:08:40.0218 0748 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
01:08:40.0218 0748 Ip6Fw - ok
01:08:40.0328 0748 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
01:08:40.0328 0748 IpFilterDriver - ok
01:08:40.0390 0748 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
01:08:40.0390 0748 IpInIp - ok
01:08:40.0484 0748 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
01:08:40.0484 0748 IpNat - ok
01:08:40.0546 0748 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
01:08:40.0546 0748 IPSec - ok
01:08:40.0640 0748 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
01:08:40.0640 0748 IRENUM - ok
01:08:40.0765 0748 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
01:08:40.0765 0748 isapnp - ok
01:08:40.0796 0748 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
01:08:40.0796 0748 Kbdclass - ok
01:08:40.0875 0748 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
01:08:40.0875 0748 kbdhid - ok
01:08:40.0953 0748 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
01:08:40.0953 0748 kmixer - ok
01:08:41.0093 0748 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
01:08:41.0093 0748 KSecDD - ok
01:08:41.0265 0748 lbrtfdc - ok
01:08:41.0531 0748 MBAMSwissArmy - ok
01:08:41.0640 0748 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
01:08:41.0640 0748 mnmdd - ok
01:08:41.0734 0748 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
01:08:41.0734 0748 Modem - ok
01:08:41.0843 0748 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
01:08:41.0843 0748 Mouclass - ok
01:08:41.0937 0748 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
01:08:41.0937 0748 mouhid - ok
01:08:41.0984 0748 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
01:08:41.0984 0748 MountMgr - ok
01:08:42.0015 0748 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
01:08:42.0015 0748 mraid35x - ok
01:08:42.0062 0748 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
01:08:42.0062 0748 MRxDAV - ok
01:08:42.0171 0748 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
01:08:42.0187 0748 MRxSmb - ok
01:08:42.0359 0748 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
01:08:42.0359 0748 Msfs - ok
01:08:42.0531 0748 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
01:08:42.0531 0748 MSKSSRV - ok
01:08:42.0562 0748 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
01:08:42.0562 0748 MSPCLOCK - ok
01:08:42.0625 0748 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
01:08:42.0625 0748 MSPQM - ok
01:08:42.0734 0748 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
01:08:42.0734 0748 mssmbios - ok
01:08:42.0781 0748 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
01:08:42.0781 0748 MSTEE - ok
01:08:42.0796 0748 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
01:08:42.0812 0748 Mup - ok
01:08:42.0828 0748 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
01:08:42.0828 0748 NABTSFEC - ok
01:08:42.0953 0748 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120207.020\NAVENG.SYS
01:08:42.0953 0748 NAVENG - ok
01:08:43.0000 0748 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120207.020\NAVEX15.SYS
01:08:43.0015 0748 NAVEX15 - ok
01:08:43.0125 0748 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
01:08:43.0125 0748 NDIS - ok
01:08:43.0187 0748 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
01:08:43.0187 0748 NdisIP - ok
01:08:43.0234 0748 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
01:08:43.0234 0748 NdisTapi - ok
01:08:43.0312 0748 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
01:08:43.0312 0748 Ndisuio - ok
01:08:43.0312 0748 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
01:08:43.0328 0748 NdisWan - ok
01:08:43.0359 0748 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
01:08:43.0359 0748 NDProxy - ok
01:08:43.0375 0748 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
01:08:43.0375 0748 NetBIOS - ok
01:08:43.0421 0748 NetBT (08b906f2fbf600d42930da51a1cd7388) C:\WINDOWS\system32\DRIVERS\netbt.sys
01:08:43.0421 0748 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\netbt.sys. Real md5: 08b906f2fbf600d42930da51a1cd7388, Fake md5: 74b2b2f5bea5e9a3dc021d685551bd3d
01:08:43.0421 0748 NetBT ( Virus.Win32.ZAccess.aml ) - infected
01:08:43.0421 0748 NetBT - detected Virus.Win32.ZAccess.aml (0)
01:08:43.0437 0748 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
01:08:43.0437 0748 Npfs - ok
01:08:43.0500 0748 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
01:08:43.0500 0748 Ntfs - ok
01:08:43.0546 0748 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
01:08:43.0546 0748 Null - ok
01:08:43.0718 0748 nv (a1129753f45b79e29cb0766713087d4e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
01:08:43.0765 0748 nv - ok
01:08:43.0890 0748 nvatabus (6b37162e91a7005baa753cb611acea2d) C:\WINDOWS\system32\drivers\nvatabus.sys
01:08:43.0890 0748 nvatabus - ok
01:08:43.0921 0748 nvgts (a0b3f3a5049931657164f0ffcf0b208e) C:\WINDOWS\system32\DRIVERS\nvgts.sys
01:08:43.0921 0748 nvgts - ok
01:08:43.0937 0748 nvraid (3f98f15fca7420396bd2b1aa205c7247) C:\WINDOWS\system32\drivers\nvraid.sys
01:08:43.0937 0748 nvraid - ok
01:08:44.0000 0748 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
01:08:44.0000 0748 NwlnkFlt - ok
01:08:44.0046 0748 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
01:08:44.0046 0748 NwlnkFwd - ok
01:08:44.0109 0748 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
01:08:44.0109 0748 Parport - ok
01:08:44.0125 0748 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
01:08:44.0125 0748 PartMgr - ok
01:08:44.0156 0748 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
01:08:44.0156 0748 ParVdm - ok
01:08:44.0187 0748 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
01:08:44.0187 0748 PCI - ok
01:08:44.0203 0748 PCIDump - ok
01:08:44.0218 0748 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
01:08:44.0218 0748 PCIIde - ok
01:08:44.0265 0748 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
01:08:44.0265 0748 Pcmcia - ok
01:08:44.0281 0748 PDCOMP - ok
01:08:44.0281 0748 PDFRAME - ok
01:08:44.0296 0748 PDRELI - ok
01:08:44.0296 0748 PDRFRAME - ok
01:08:44.0328 0748 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
01:08:44.0328 0748 perc2 - ok
01:08:44.0359 0748 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
01:08:44.0359 0748 perc2hib - ok
01:08:44.0375 0748 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
01:08:44.0390 0748 PptpMiniport - ok
01:08:44.0406 0748 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
01:08:44.0406 0748 Processor - ok
01:08:44.0453 0748 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
01:08:44.0453 0748 PSched - ok
01:08:44.0484 0748 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
01:08:44.0484 0748 Ptilink - ok
01:08:44.0546 0748 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys
01:08:44.0546 0748 PxHelp20 - ok
01:08:44.0593 0748 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
01:08:44.0593 0748 ql1080 - ok
01:08:44.0625 0748 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
01:08:44.0625 0748 Ql10wnt - ok
01:08:44.0671 0748 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
01:08:44.0671 0748 ql12160 - ok
01:08:44.0734 0748 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
01:08:44.0734 0748 ql1240 - ok
01:08:44.0781 0748 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
01:08:44.0781 0748 ql1280 - ok
01:08:44.0812 0748 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
01:08:44.0812 0748 RasAcd - ok
01:08:44.0859 0748 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
01:08:44.0859 0748 Rasl2tp - ok
01:08:44.0875 0748 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
01:08:44.0875 0748 RasPppoe - ok
01:08:44.0906 0748 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
01:08:44.0906 0748 Raspti - ok
01:08:44.0937 0748 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
01:08:44.0937 0748 Rdbss - ok
01:08:44.0953 0748 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
01:08:44.0953 0748 RDPCDD - ok
01:08:44.0968 0748 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
01:08:44.0968 0748 rdpdr - ok
01:08:45.0015 0748 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
01:08:45.0015 0748 RDPWD - ok
01:08:45.0046 0748 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
01:08:45.0046 0748 redbook - ok
01:08:45.0093 0748 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
01:08:45.0093 0748 Secdrv - ok
01:08:45.0140 0748 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
01:08:45.0140 0748 Serenum - ok
01:08:45.0187 0748 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
01:08:45.0203 0748 Serial - ok
01:08:45.0234 0748 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
01:08:45.0234 0748 Sfloppy - ok
01:08:45.0250 0748 Simbad - ok
01:08:45.0296 0748 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
01:08:45.0296 0748 sisagp - ok
01:08:45.0359 0748 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
01:08:45.0359 0748 SLIP - ok
01:08:45.0390 0748 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
01:08:45.0390 0748 Sparrow - ok
01:08:45.0500 0748 SPBBCDrv (38c030777dabfc771dac7873443cfcba) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
01:08:45.0500 0748 SPBBCDrv - ok
01:08:45.0562 0748 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
01:08:45.0562 0748 splitter - ok
01:08:45.0609 0748 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
01:08:45.0609 0748 sr - ok
01:08:45.0640 0748 SRTSP (11564fd80e0d2fc80b904a5bcbf8d761) C:\WINDOWS\system32\Drivers\SRTSP.SYS
01:08:45.0640 0748 SRTSP - ok
01:08:45.0671 0748 SRTSPL (c668edee729925635c254b04e70f9493) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
01:08:45.0671 0748 SRTSPL - ok
01:08:45.0703 0748 SRTSPX (73d9add286baebdbf636eb53acf64e12) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
01:08:45.0703 0748 SRTSPX - ok
01:08:45.0734 0748 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
01:08:45.0734 0748 Srv - ok
01:08:45.0812 0748 STHDA (8990440e4b2a7ca5a56a1833b03741fd) C:\WINDOWS\system32\drivers\sthda.sys
01:08:45.0812 0748 STHDA - ok
01:08:45.0859 0748 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
01:08:45.0859 0748 streamip - ok
01:08:45.0921 0748 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
01:08:45.0921 0748 swenum - ok
01:08:45.0984 0748 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
01:08:45.0984 0748 swmidi - ok
01:08:46.0031 0748 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
01:08:46.0031 0748 symc810 - ok
01:08:46.0062 0748 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
01:08:46.0062 0748 symc8xx - ok
01:08:46.0125 0748 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
01:08:46.0125 0748 SymEvent - ok
01:08:46.0187 0748 SYMREDRV (9181892e5af5df8d2ac3d9d2cea48afd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
01:08:46.0187 0748 SYMREDRV - ok
01:08:46.0218 0748 SYMTDI (d539f317e6caaa4e08911a84c2180938) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
01:08:46.0218 0748 SYMTDI - ok
01:08:46.0265 0748 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
01:08:46.0265 0748 sym_hi - ok
01:08:46.0296 0748 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
01:08:46.0296 0748 sym_u3 - ok
01:08:46.0359 0748 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
01:08:46.0359 0748 sysaudio - ok
01:08:46.0406 0748 SysPlant (47e40b633e93f5b8d4e16b60cb972c7b) C:\WINDOWS\system32\Drivers\SysPlant.sys
01:08:46.0406 0748 SysPlant - ok
01:08:46.0468 0748 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
01:08:46.0468 0748 Tcpip - ok
01:08:46.0515 0748 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
01:08:46.0515 0748 TDPIPE - ok
01:08:46.0546 0748 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
01:08:46.0546 0748 TDTCP - ok
01:08:46.0593 0748 Teefer2 (94fb26d72326851e914b9fd988e1aa47) C:\WINDOWS\system32\DRIVERS\teefer2.sys
01:08:46.0593 0748 Teefer2 - ok
01:08:46.0625 0748 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
01:08:46.0625 0748 TermDD - ok
01:08:46.0656 0748 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
01:08:46.0656 0748 TosIde - ok
01:08:46.0687 0748 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
01:08:46.0687 0748 Udfs - ok
01:08:46.0734 0748 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
01:08:46.0734 0748 ultra - ok
01:08:46.0765 0748 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
01:08:46.0765 0748 Update - ok
01:08:46.0812 0748 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
01:08:46.0812 0748 usbccgp - ok
01:08:46.0859 0748 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
01:08:46.0859 0748 usbehci - ok
01:08:46.0890 0748 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
01:08:46.0890 0748 usbhub - ok
01:08:46.0921 0748 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
01:08:46.0921 0748 usbohci - ok
01:08:46.0953 0748 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
01:08:46.0953 0748 USBSTOR - ok
01:08:46.0968 0748 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
01:08:46.0968 0748 usbuhci - ok
01:08:47.0000 0748 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
01:08:47.0000 0748 VgaSave - ok
01:08:47.0031 0748 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
01:08:47.0031 0748 viaagp - ok
01:08:47.0078 0748 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
01:08:47.0078 0748 ViaIde - ok
01:08:47.0109 0748 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
01:08:47.0109 0748 VolSnap - ok
01:08:47.0140 0748 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
01:08:47.0140 0748 Wanarp - ok
01:08:47.0140 0748 WDICA - ok
01:08:47.0187 0748 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
01:08:47.0187 0748 wdmaud - ok
01:08:47.0265 0748 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
01:08:47.0265 0748 WpdUsb - ok
01:08:47.0296 0748 WPS (b0c73e3c023e4014866966a615d7db5e) C:\WINDOWS\system32\drivers\wpsdrvnt.sys
01:08:47.0296 0748 WPS - ok
01:08:47.0328 0748 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\WINDOWS\system32\drivers\WpsHelper.sys
01:08:47.0328 0748 WpsHelper - ok
01:08:47.0375 0748 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
01:08:47.0375 0748 WSTCODEC - ok
01:08:47.0390 0748 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
01:08:47.0390 0748 WudfPf - ok
01:08:47.0421 0748 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
01:08:47.0421 0748 WudfRd - ok
01:08:47.0453 0748 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
01:08:47.0515 0748 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
01:08:47.0515 0748 \Device\Harddisk0\DR0 - detected TDSS File System (1)
01:08:47.0531 0748 Boot (0x1200) (a87f46538e71e70aa51f1ee124125ea5) \Device\Harddisk0\DR0\Partition0
01:08:47.0531 0748 \Device\Harddisk0\DR0\Partition0 - ok
01:08:47.0531 0748 ============================================================
01:08:47.0531 0748 Scan finished
01:08:47.0531 0748 ============================================================
01:08:47.0531 2388 Detected object count: 2
01:08:47.0531 2388 Actual detected object count: 2
01:09:06.0828 2388 C:\WINDOWS\system32\DRIVERS\netbt.sys - copied to quarantine
01:09:08.0828 2388 Backup copy found, using it..
01:09:08.0890 2388 C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured on reboot
01:09:10.0828 2388 NetBT ( Virus.Win32.ZAccess.aml ) - User select action: Cure
01:09:10.0828 2388 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
01:09:10.0828 2388 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
01:09:22.0000 0288 Deinitialize success


COMBOFIX

ComboFix 12-02-10.03 - Paul 02/11/2012 1:38.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2798 [GMT -5:00]
Running from: c:\documents and settings\Paul\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\LP
c:\program files\LP\93E4\57A.tmp
c:\windows\$NtUninstallKB46$\1269123979\@
c:\windows\$NtUninstallKB46$\1269123979\cfg.ini
c:\windows\$NtUninstallKB46$\1269123979\Desktop.ini
c:\windows\$NtUninstallKB46$\1269123979\L\hzzfmgjn
c:\windows\$NtUninstallKB46$\1269123979\oemid
c:\windows\$NtUninstallKB46$\1269123979\U\00000001.@
c:\windows\$NtUninstallKB46$\1269123979\U\00000002.@
c:\windows\$NtUninstallKB46$\1269123979\U\00000004.@
c:\windows\$NtUninstallKB46$\1269123979\U\80000000.@
c:\windows\$NtUninstallKB46$\1269123979\U\80000004.@
c:\windows\$NtUninstallKB46$\1269123979\U\80000032.@
c:\windows\$NtUninstallKB46$\1269123979\version
c:\windows\$NtUninstallKB46$\3001093703
c:\windows\system32\office.exe
c:\windows\system32\rnaph.dll
c:\windows\system32\SET1E6.tmp
c:\windows\system32\SET1EB.tmp
c:\windows\system32\SET22D.tmp
c:\windows\system32\SET4A.tmp
c:\windows\system32\SET4D.tmp
c:\windows\system32\SET4E.tmp
c:\windows\system32\SET54.tmp
c:\windows\system32\SET55.tmp
c:\windows\$NtUninstallKB46$\1269123979\cfg.ini . . . . Failed to delete
.
Infected copy of c:\windows\system32\drivers\afd.sys was found and disinfected
Restored copy from - The cat found it :)
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2012-01-11 to 2012-02-11 )))))))))))))))))))))))))))))))
.
.
2012-02-11 06:34 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-11 06:09 . 2012-02-11 06:09 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-08 04:41 . 2012-02-08 04:41 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-02-08 02:05 . 2012-02-11 06:38 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-08 02:05 . 2012-02-08 02:05 -------- d-----w- c:\program files\38E3A
2012-02-08 02:04 . 2012-02-08 02:04 -------- d-----w- c:\documents and settings\Paul\Application Data\44B38
2012-02-08 02:04 . 2012-02-08 02:04 -------- d-----w- c:\documents and settings\Paul\Local Settings\Application Data\SanctionedMedia
2012-01-15 21:01 . 2012-01-15 21:01 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-15 21:01 . 2012-01-15 21:01 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-15 21:01 . 2012-01-15 21:01 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-15 21:01 . 2012-01-15 21:01 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-12 03:01 . 2011-05-29 21:30 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 20:24 . 2009-10-20 00:07 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2008-04-13 23:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2008-04-13 23:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2008-04-13 23:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2008-04-13 23:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2008-04-13 23:00 152064 ----a-w- c:\windows\system32\schannel.dll
2011-08-25 00:28 . 2011-08-25 00:28 294712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-01-15 21:01 . 2011-05-08 00:53 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}]
2011-06-24 15:04 81920 ----a-w- c:\program files\freecordertoolbar\vmntemplateX.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}"= "c:\program files\freecordertoolbar\vmntemplateX.dll" [2011-06-24 81920]
.
[HKEY_CLASSES_ROOT\clsid\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-27 13529088]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-01 115560]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"SigmatelSysTrayApp"="stsystra.exe" [2007-12-02 282624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe" [2010-03-24 243544]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-12-19 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
.
c:\documents and settings\Paul\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
.
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [3/17/2006 4:25 PM 65536]
R3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/29/2007 12:55 PM 23888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/7/2012 9:01 PM 106104]
S0 cerc6;cerc6; [x]
S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [7/31/2006 7:44 AM 580992]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
googledesktopmanager
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.daz3d.com/i.x/software/studio/-/sreg?regid=116B988CB00FF4A81257B210BB56E0D9&s=W
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\www.update
Trusted Zone: windowsupdate.com\download
TCP: DhcpNameServer = 24.247.15.53 66.189.0.100 24.178.162.3
FF - ProfilePath - c:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\zlzkuuyo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.wmich.edu/library
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 52889
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe
SafeBoot-68327165.sys
SafeBoot-Symantec Antvirus
AddRemove-OVT Scanner - c:\windows\omniuns.exe USB\Vid_05a9&PID_1550 OVT Scanner
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-11 02:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\$NtUninstallKB46$:SummaryInformation 0 bytes hidden from API
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\ *U**``*_*a*u*t*o*_*f*i*l*e*\shell]
@="open"
.
[HKEY_LOCAL_MACHINE\software\Classes\ *U**``*_*a*u*t*o*_*f*i*l*e*\shell\open]
@="&Open"
.
[HKEY_LOCAL_MACHINE\software\Classes\ *U**``*_*a*u*t*o*_*f*i*l*e*\shell\open\command]
@="c:\\Program Files\\Windows Media Player\\wmplayer.exe /Open \"%L\""
.
[HKEY_LOCAL_MACHINE\software\Classes\ *U**``*_*a*u*t*o*_*f*i*l*e*\shell\play]
@="&Play"
.
[HKEY_LOCAL_MACHINE\software\Classes\ *U**``*_*a*u*t*o*_*f*i*l*e*\shell\play\command]
@="c:\\Program Files\\Windows Media Player\\wmplayer.exe /Play \"%L\""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(5388)
c:\windows\system32\WININET.dll
c:\documents and settings\Paul\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Completion time: 2012-02-11 02:24:54 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-11 07:24
.
Pre-Run: 62,573,670,400 bytes free
Post-Run: 63,639,474,176 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 8F657F13EB430E5B6658C176902FD906

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:31 PM

Posted 11 February 2012 - 08:41 AM

Hi,

Please re-run TDSSKiller

when it reaches these entries

01:09:10.0828 2388 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
01:09:10.0828 2388 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip


Please choose to "delete"


NEXT




Now please re-run ComboFix with the following script:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Folder::
c:\windows\$NtUninstallKB46$\1269123979
c:\program files\38E3A
c:\documents and settings\Paul\Application Data\44B38
c:\windows\$NtUninstallKB46$

FCopy::
c:\windows\system32\dllcache\i8042prt.sys | c:\windows\system32\drivers\i8042prt.sys 

DDS::
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\www.update
Trusted Zone: windowsupdate.com\download

FireFox::
FF - ProfilePath - c:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\zlzkuuyo.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 52889
FF - prefs.js: network.proxy.type - 4

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 howard sprague jr

howard sprague jr
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 11 February 2012 - 10:04 AM

I ran TDSS once without changing parameters and once with detect TDLFS fil system, and I didn't see the entries you listed. Should I go ahead and do combofix?

Here is TDSS log

09:57:38.0062 3100 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
09:57:38.0437 3100 ============================================================
09:57:38.0437 3100 Current date / time: 2012/02/11 09:57:38.0437
09:57:38.0437 3100 SystemInfo:
09:57:38.0437 3100
09:57:38.0437 3100 OS Version: 5.1.2600 ServicePack: 3.0
09:57:38.0437 3100 Product type: Workstation
09:57:38.0437 3100 ComputerName: D2J5BZK1
09:57:38.0437 3100 UserName: Paul
09:57:38.0437 3100 Windows directory: C:\WINDOWS
09:57:38.0437 3100 System windows directory: C:\WINDOWS
09:57:38.0437 3100 Processor architecture: Intel x86
09:57:38.0437 3100 Number of processors: 2
09:57:38.0437 3100 Page size: 0x1000
09:57:38.0437 3100 Boot type: Normal boot
09:57:38.0437 3100 ============================================================
09:57:38.0625 3100 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
09:57:38.0625 3100 \Device\Harddisk0\DR0:
09:57:38.0625 3100 MBR used
09:57:38.0625 3100 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2738A, BlocksNum 0x129DDD72
09:57:38.0687 3100 Initialize success
09:57:38.0687 3100 ============================================================
09:57:52.0421 2408 ============================================================
09:57:52.0421 2408 Scan started
09:57:52.0421 2408 Mode: Manual; TDLFS;
09:57:52.0421 2408 ============================================================
09:57:52.0625 2408 06219725 (58169ffb207940d4d84b4e85db02cc1e) C:\WINDOWS\system32\drivers\29680782.sys
09:57:52.0625 2408 Abiosdsk - ok
09:57:52.0687 2408 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
09:57:52.0687 2408 abp480n5 - ok
09:57:52.0718 2408 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:57:52.0718 2408 ACPI - ok
09:57:52.0765 2408 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:57:52.0765 2408 ACPIEC - ok
09:57:52.0828 2408 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
09:57:52.0828 2408 adpu160m - ok
09:57:52.0890 2408 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:57:52.0890 2408 aec - ok
09:57:52.0937 2408 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
09:57:52.0937 2408 Afc - ok
09:57:52.0968 2408 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:57:52.0968 2408 AFD - ok
09:57:53.0000 2408 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
09:57:53.0000 2408 agp440 - ok
09:57:53.0000 2408 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
09:57:53.0000 2408 agpCPQ - ok
09:57:53.0031 2408 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
09:57:53.0031 2408 Aha154x - ok
09:57:53.0062 2408 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
09:57:53.0062 2408 aic78u2 - ok
09:57:53.0078 2408 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
09:57:53.0078 2408 aic78xx - ok
09:57:53.0125 2408 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
09:57:53.0125 2408 AliIde - ok
09:57:53.0156 2408 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
09:57:53.0156 2408 alim1541 - ok
09:57:53.0171 2408 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
09:57:53.0171 2408 amdagp - ok
09:57:53.0218 2408 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
09:57:53.0218 2408 AmdK8 - ok
09:57:53.0250 2408 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
09:57:53.0250 2408 amsint - ok
09:57:53.0343 2408 APL531 (1fc8a7e5c3aed31f00940c6ab2fd9b49) C:\WINDOWS\system32\Drivers\ov550i.sys
09:57:53.0343 2408 APL531 - ok
09:57:53.0375 2408 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
09:57:53.0375 2408 asc - ok
09:57:53.0421 2408 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
09:57:53.0421 2408 asc3350p - ok
09:57:53.0468 2408 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
09:57:53.0468 2408 asc3550 - ok
09:57:53.0515 2408 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:57:53.0515 2408 AsyncMac - ok
09:57:53.0562 2408 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:57:53.0562 2408 atapi - ok
09:57:53.0562 2408 Atdisk - ok
09:57:53.0625 2408 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:57:53.0625 2408 Atmarpc - ok
09:57:53.0656 2408 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:57:53.0656 2408 audstub - ok
09:57:53.0718 2408 b57w2k (d0692f7b8217e3b82d2bfac535816117) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
09:57:53.0718 2408 b57w2k - ok
09:57:53.0796 2408 BASFND (3d87b0484be1093c6614062701f375c5) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
09:57:53.0796 2408 BASFND - ok
09:57:53.0859 2408 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:57:53.0859 2408 Beep - ok
09:57:53.0906 2408 catchme - ok
09:57:53.0937 2408 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
09:57:53.0937 2408 cbidf - ok
09:57:53.0937 2408 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:57:53.0937 2408 cbidf2k - ok
09:57:53.0984 2408 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:57:54.0000 2408 CCDECODE - ok
09:57:54.0031 2408 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
09:57:54.0031 2408 cd20xrnt - ok
09:57:54.0046 2408 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:57:54.0046 2408 Cdaudio - ok
09:57:54.0109 2408 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:57:54.0109 2408 Cdfs - ok
09:57:54.0187 2408 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:57:54.0187 2408 Cdrom - ok
09:57:54.0187 2408 cerc6 - ok
09:57:54.0203 2408 Changer - ok
09:57:54.0265 2408 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
09:57:54.0265 2408 CmdIde - ok
09:57:54.0312 2408 COH_Mon (6186b6b953bdc884f0f379b84b3e3a98) C:\WINDOWS\system32\Drivers\COH_Mon.sys
09:57:54.0312 2408 COH_Mon - ok
09:57:54.0390 2408 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
09:57:54.0390 2408 Cpqarray - ok
09:57:54.0453 2408 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
09:57:54.0453 2408 dac2w2k - ok
09:57:54.0484 2408 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
09:57:54.0484 2408 dac960nt - ok
09:57:54.0546 2408 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:57:54.0546 2408 Disk - ok
09:57:54.0625 2408 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:57:54.0625 2408 dmboot - ok
09:57:54.0640 2408 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
09:57:54.0640 2408 dmio - ok
09:57:54.0671 2408 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:57:54.0671 2408 dmload - ok
09:57:54.0781 2408 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:57:54.0781 2408 DMusic - ok
09:57:54.0812 2408 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
09:57:54.0812 2408 dpti2o - ok
09:57:54.0843 2408 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:57:54.0843 2408 drmkaud - ok
09:57:54.0953 2408 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
09:57:54.0968 2408 eeCtrl - ok
09:57:55.0000 2408 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
09:57:55.0000 2408 EraserUtilRebootDrv - ok
09:57:55.0078 2408 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:57:55.0078 2408 Fastfat - ok
09:57:55.0140 2408 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:57:55.0140 2408 Fdc - ok
09:57:55.0187 2408 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:57:55.0187 2408 Fips - ok
09:57:55.0203 2408 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:57:55.0203 2408 Flpydisk - ok
09:57:55.0203 2408 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
09:57:55.0203 2408 FltMgr - ok
09:57:55.0265 2408 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:57:55.0265 2408 Fs_Rec - ok
09:57:55.0265 2408 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:57:55.0265 2408 Ftdisk - ok
09:57:55.0296 2408 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:57:55.0296 2408 Gpc - ok
09:57:55.0312 2408 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:57:55.0312 2408 HDAudBus - ok
09:57:55.0328 2408 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:57:55.0328 2408 hidusb - ok
09:57:55.0359 2408 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
09:57:55.0359 2408 hpn - ok
09:57:55.0406 2408 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:57:55.0406 2408 HTTP - ok
09:57:55.0421 2408 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
09:57:55.0421 2408 i2omgmt - ok
09:57:55.0453 2408 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
09:57:55.0453 2408 i2omp - ok
09:57:55.0500 2408 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:57:55.0500 2408 Imapi - ok
09:57:55.0531 2408 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
09:57:55.0531 2408 ini910u - ok
09:57:55.0546 2408 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:57:55.0546 2408 IntelIde - ok
09:57:55.0593 2408 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:57:55.0593 2408 intelppm - ok
09:57:55.0625 2408 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
09:57:55.0625 2408 Ip6Fw - ok
09:57:55.0656 2408 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:57:55.0656 2408 IpFilterDriver - ok
09:57:55.0671 2408 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:57:55.0671 2408 IpInIp - ok
09:57:55.0703 2408 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:57:55.0703 2408 IpNat - ok
09:57:55.0718 2408 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:57:55.0718 2408 IPSec - ok
09:57:55.0734 2408 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:57:55.0750 2408 IRENUM - ok
09:57:55.0796 2408 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:57:55.0796 2408 isapnp - ok
09:57:55.0843 2408 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:57:55.0843 2408 Kbdclass - ok
09:57:55.0906 2408 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:57:55.0906 2408 kbdhid - ok
09:57:55.0953 2408 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:57:55.0953 2408 kmixer - ok
09:57:55.0984 2408 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:57:55.0984 2408 KSecDD - ok
09:57:56.0000 2408 lbrtfdc - ok
09:57:56.0015 2408 MBAMSwissArmy - ok
09:57:56.0046 2408 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:57:56.0046 2408 mnmdd - ok
09:57:56.0093 2408 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:57:56.0093 2408 Modem - ok
09:57:56.0109 2408 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:57:56.0109 2408 Mouclass - ok
09:57:56.0125 2408 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:57:56.0125 2408 mouhid - ok
09:57:56.0125 2408 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:57:56.0125 2408 MountMgr - ok
09:57:56.0140 2408 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
09:57:56.0140 2408 mraid35x - ok
09:57:56.0187 2408 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:57:56.0187 2408 MRxDAV - ok
09:57:56.0234 2408 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:57:56.0234 2408 MRxSmb - ok
09:57:56.0250 2408 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:57:56.0250 2408 Msfs - ok
09:57:56.0281 2408 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:57:56.0281 2408 MSKSSRV - ok
09:57:56.0312 2408 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:57:56.0312 2408 MSPCLOCK - ok
09:57:56.0328 2408 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:57:56.0328 2408 MSPQM - ok
09:57:56.0359 2408 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:57:56.0359 2408 mssmbios - ok
09:57:56.0390 2408 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
09:57:56.0406 2408 MSTEE - ok
09:57:56.0421 2408 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:57:56.0421 2408 Mup - ok
09:57:56.0453 2408 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:57:56.0453 2408 NABTSFEC - ok
09:57:56.0578 2408 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120210.021\NAVENG.SYS
09:57:56.0578 2408 NAVENG - ok
09:57:56.0625 2408 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120210.021\NAVEX15.SYS
09:57:56.0640 2408 NAVEX15 - ok
09:57:56.0750 2408 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:57:56.0750 2408 NDIS - ok
09:57:56.0796 2408 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:57:56.0796 2408 NdisIP - ok
09:57:56.0828 2408 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:57:56.0828 2408 NdisTapi - ok
09:57:56.0875 2408 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:57:56.0875 2408 Ndisuio - ok
09:57:56.0890 2408 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:57:56.0890 2408 NdisWan - ok
09:57:56.0921 2408 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:57:56.0921 2408 NDProxy - ok
09:57:56.0937 2408 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:57:56.0937 2408 NetBIOS - ok
09:57:56.0968 2408 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\drivers\tskF.tmp
09:57:56.0968 2408 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\tskF.tmp. md5: 74b2b2f5bea5e9a3dc021d685551bd3d
09:57:57.0000 2408 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:57:57.0000 2408 Npfs - ok
09:57:57.0062 2408 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:57:57.0062 2408 Ntfs - ok
09:57:57.0125 2408 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:57:57.0125 2408 Null - ok
09:57:57.0296 2408 nv (a1129753f45b79e29cb0766713087d4e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:57:57.0343 2408 nv - ok
09:57:57.0484 2408 nvatabus (6b37162e91a7005baa753cb611acea2d) C:\WINDOWS\system32\drivers\nvatabus.sys
09:57:57.0484 2408 nvatabus - ok
09:57:57.0515 2408 nvgts (a0b3f3a5049931657164f0ffcf0b208e) C:\WINDOWS\system32\DRIVERS\nvgts.sys
09:57:57.0515 2408 nvgts - ok
09:57:57.0546 2408 nvraid (3f98f15fca7420396bd2b1aa205c7247) C:\WINDOWS\system32\drivers\nvraid.sys
09:57:57.0546 2408 nvraid - ok
09:57:57.0593 2408 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:57:57.0593 2408 NwlnkFlt - ok
09:57:57.0640 2408 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:57:57.0640 2408 NwlnkFwd - ok
09:57:57.0687 2408 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:57:57.0687 2408 Parport - ok
09:57:57.0703 2408 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:57:57.0703 2408 PartMgr - ok
09:57:57.0734 2408 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:57:57.0734 2408 ParVdm - ok
09:57:57.0750 2408 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:57:57.0750 2408 PCI - ok
09:57:57.0750 2408 PCIDump - ok
09:57:57.0765 2408 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:57:57.0765 2408 PCIIde - ok
09:57:57.0812 2408 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:57:57.0812 2408 Pcmcia - ok
09:57:57.0828 2408 PDCOMP - ok
09:57:57.0828 2408 PDFRAME - ok
09:57:57.0843 2408 PDRELI - ok
09:57:57.0843 2408 PDRFRAME - ok
09:57:57.0875 2408 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
09:57:57.0875 2408 perc2 - ok
09:57:57.0906 2408 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
09:57:57.0906 2408 perc2hib - ok
09:57:57.0937 2408 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:57:57.0937 2408 PptpMiniport - ok
09:57:57.0953 2408 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
09:57:57.0953 2408 Processor - ok
09:57:57.0984 2408 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:57:57.0984 2408 PSched - ok
09:57:58.0015 2408 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:57:58.0015 2408 Ptilink - ok
09:57:58.0046 2408 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:57:58.0062 2408 PxHelp20 - ok
09:57:58.0078 2408 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
09:57:58.0093 2408 ql1080 - ok
09:57:58.0109 2408 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
09:57:58.0109 2408 Ql10wnt - ok
09:57:58.0156 2408 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
09:57:58.0156 2408 ql12160 - ok
09:57:58.0218 2408 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
09:57:58.0218 2408 ql1240 - ok
09:57:58.0265 2408 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
09:57:58.0265 2408 ql1280 - ok
09:57:58.0281 2408 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:57:58.0296 2408 RasAcd - ok
09:57:58.0343 2408 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:57:58.0343 2408 Rasl2tp - ok
09:57:58.0359 2408 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:57:58.0359 2408 RasPppoe - ok
09:57:58.0406 2408 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:57:58.0406 2408 Raspti - ok
09:57:58.0437 2408 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:57:58.0437 2408 Rdbss - ok
09:57:58.0453 2408 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:57:58.0453 2408 RDPCDD - ok
09:57:58.0468 2408 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:57:58.0468 2408 rdpdr - ok
09:57:58.0515 2408 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
09:57:58.0515 2408 RDPWD - ok
09:57:58.0546 2408 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:57:58.0546 2408 redbook - ok
09:57:58.0593 2408 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:57:58.0593 2408 Secdrv - ok
09:57:58.0625 2408 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:57:58.0625 2408 Serenum - ok
09:57:58.0640 2408 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:57:58.0640 2408 Serial - ok
09:57:58.0656 2408 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:57:58.0656 2408 Sfloppy - ok
09:57:58.0671 2408 Simbad - ok
09:57:58.0703 2408 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
09:57:58.0703 2408 sisagp - ok
09:57:58.0734 2408 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:57:58.0734 2408 SLIP - ok
09:57:58.0781 2408 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
09:57:58.0781 2408 Sparrow - ok
09:57:58.0875 2408 SPBBCDrv (38c030777dabfc771dac7873443cfcba) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
09:57:58.0875 2408 SPBBCDrv - ok
09:57:58.0937 2408 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:57:58.0937 2408 splitter - ok
09:57:58.0984 2408 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:57:58.0984 2408 sr - ok
09:57:59.0000 2408 SRTSP (11564fd80e0d2fc80b904a5bcbf8d761) C:\WINDOWS\system32\Drivers\SRTSP.SYS
09:57:59.0000 2408 SRTSP - ok
09:57:59.0015 2408 SRTSPL (c668edee729925635c254b04e70f9493) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
09:57:59.0031 2408 SRTSPL - ok
09:57:59.0031 2408 SRTSPX (73d9add286baebdbf636eb53acf64e12) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
09:57:59.0031 2408 SRTSPX - ok
09:57:59.0062 2408 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:57:59.0062 2408 Srv - ok
09:57:59.0078 2408 STHDA - ok
09:57:59.0109 2408 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:57:59.0109 2408 streamip - ok
09:57:59.0156 2408 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:57:59.0156 2408 swenum - ok
09:57:59.0203 2408 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:57:59.0203 2408 swmidi - ok
09:57:59.0234 2408 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
09:57:59.0234 2408 symc810 - ok
09:57:59.0281 2408 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
09:57:59.0281 2408 symc8xx - ok
09:57:59.0296 2408 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
09:57:59.0312 2408 SymEvent - ok
09:57:59.0359 2408 SYMREDRV (9181892e5af5df8d2ac3d9d2cea48afd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
09:57:59.0359 2408 SYMREDRV - ok
09:57:59.0375 2408 SYMTDI (d539f317e6caaa4e08911a84c2180938) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
09:57:59.0375 2408 SYMTDI - ok
09:57:59.0406 2408 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
09:57:59.0406 2408 sym_hi - ok
09:57:59.0468 2408 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
09:57:59.0468 2408 sym_u3 - ok
09:57:59.0500 2408 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:57:59.0500 2408 sysaudio - ok
09:57:59.0515 2408 SysPlant (47e40b633e93f5b8d4e16b60cb972c7b) C:\WINDOWS\system32\Drivers\SysPlant.sys
09:57:59.0515 2408 SysPlant - ok
09:57:59.0578 2408 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:57:59.0578 2408 Tcpip - ok
09:57:59.0593 2408 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:57:59.0593 2408 TDPIPE - ok
09:57:59.0625 2408 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:57:59.0625 2408 TDTCP - ok
09:57:59.0625 2408 Teefer2 (94fb26d72326851e914b9fd988e1aa47) C:\WINDOWS\system32\DRIVERS\teefer2.sys
09:57:59.0640 2408 Teefer2 - ok
09:57:59.0671 2408 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:57:59.0671 2408 TermDD - ok
09:57:59.0734 2408 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
09:57:59.0734 2408 TosIde - ok
09:57:59.0781 2408 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:57:59.0781 2408 Udfs - ok
09:57:59.0843 2408 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
09:57:59.0843 2408 ultra - ok
09:57:59.0859 2408 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:57:59.0859 2408 Update - ok
09:57:59.0906 2408 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:57:59.0906 2408 usbccgp - ok
09:57:59.0937 2408 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:57:59.0937 2408 usbehci - ok
09:57:59.0953 2408 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:57:59.0953 2408 usbhub - ok
09:58:00.0000 2408 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
09:58:00.0000 2408 usbohci - ok
09:58:00.0015 2408 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:58:00.0015 2408 USBSTOR - ok
09:58:00.0031 2408 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:58:00.0031 2408 usbuhci - ok
09:58:00.0046 2408 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:58:00.0046 2408 VgaSave - ok
09:58:00.0078 2408 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
09:58:00.0078 2408 viaagp - ok
09:58:00.0109 2408 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
09:58:00.0109 2408 ViaIde - ok
09:58:00.0140 2408 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:58:00.0140 2408 VolSnap - ok
09:58:00.0171 2408 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:58:00.0171 2408 Wanarp - ok
09:58:00.0171 2408 WDICA - ok
09:58:00.0218 2408 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:58:00.0218 2408 wdmaud - ok
09:58:00.0312 2408 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
09:58:00.0312 2408 WpdUsb - ok
09:58:00.0328 2408 WPS (b0c73e3c023e4014866966a615d7db5e) C:\WINDOWS\system32\drivers\wpsdrvnt.sys
09:58:00.0328 2408 WPS - ok
09:58:00.0359 2408 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\WINDOWS\system32\drivers\WpsHelper.sys
09:58:00.0359 2408 WpsHelper - ok
09:58:00.0390 2408 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:58:00.0390 2408 WS2IFSL - ok
09:58:00.0437 2408 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:58:00.0437 2408 WSTCODEC - ok
09:58:00.0437 2408 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:58:00.0437 2408 WudfPf - ok
09:58:00.0468 2408 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:58:00.0484 2408 WudfRd - ok
09:58:00.0515 2408 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
09:58:00.0625 2408 \Device\Harddisk0\DR0 - ok
09:58:00.0625 2408 Boot (0x1200) (a87f46538e71e70aa51f1ee124125ea5) \Device\Harddisk0\DR0\Partition0
09:58:00.0625 2408 \Device\Harddisk0\DR0\Partition0 - ok
09:58:00.0625 2408 ============================================================
09:58:00.0625 2408 Scan finished
09:58:00.0625 2408 ============================================================
09:58:00.0640 1732 Detected object count: 0
09:58:00.0640 1732 Actual detected object count: 0
09:58:06.0046 3020 Deinitialize success

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:31 PM

Posted 11 February 2012 - 03:01 PM

Hi,

Yes please, it looks as though TDSSKiller did look after it after all,

please run ComboFix

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 howard sprague jr

howard sprague jr
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 11 February 2012 - 04:01 PM

ComboFix 12-02-10.03 - Paul 02/11/2012 15:37:55.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2572 [GMT -5:00]
Running from: c:\documents and settings\Paul\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Paul\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Paul\Application Data\44B38
c:\documents and settings\Paul\Application Data\44B38\8E3A.4B3
c:\program files\38E3A
c:\windows\$NtUninstallKB46$\1269123979\@
c:\windows\$NtUninstallKB46$\1269123979\cfg.ini
c:\windows\$NtUninstallKB46$\1269123979\Desktop.ini
c:\windows\$NtUninstallKB46$\1269123979\L\hzzfmgjn
c:\windows\$NtUninstallKB46$\1269123979\oemid
c:\windows\$NtUninstallKB46$\1269123979\U\00000001.@
c:\windows\$NtUninstallKB46$\1269123979\U\00000002.@
c:\windows\$NtUninstallKB46$\1269123979\U\00000004.@
c:\windows\$NtUninstallKB46$\1269123979\U\80000000.@
c:\windows\$NtUninstallKB46$\1269123979\U\80000004.@
c:\windows\$NtUninstallKB46$\1269123979\U\80000032.@
c:\windows\$NtUninstallKB46$\1269123979\version
c:\windows\$NtUninstallKB46$\3872004075
c:\windows\$NtUninstallKB46$ . . . . Failed to delete
.
c:\windows\system32\drivers\afd.sys was missing
Restored copy from - c:\windows\system32\dllcache\afd.sys
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2012-01-11 to 2012-02-11 )))))))))))))))))))))))))))))))
.
.
2012-02-11 20:46 . 2011-08-17 13:49 138496 -c--a-w- c:\windows\system32\dllcache\afd.sys
2012-02-11 20:46 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-11 06:09 . 2012-02-11 14:57 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-08 04:41 . 2012-02-08 04:41 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-02-08 02:05 . 2012-02-11 20:52 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-08 02:04 . 2012-02-08 02:04 -------- d-----w- c:\documents and settings\Paul\Local Settings\Application Data\SanctionedMedia
2012-01-15 21:01 . 2012-01-15 21:01 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-15 21:01 . 2012-01-15 21:01 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-15 21:01 . 2012-01-15 21:01 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-15 21:01 . 2012-01-15 21:01 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-11 18:57 . 2008-04-13 23:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-12-12 03:01 . 2011-05-29 21:30 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 20:24 . 2009-10-20 00:07 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2008-04-13 23:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2008-04-13 23:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2008-04-13 23:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2008-04-13 23:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2008-04-13 23:00 152064 ----a-w- c:\windows\system32\schannel.dll
2011-08-25 00:28 . 2011-08-25 00:28 294712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-01-15 21:01 . 2011-05-08 00:53 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-11_07.17.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-11 20:51 . 2012-02-11 20:51 16384 c:\windows\Temp\Perflib_Perfdata_2a8.dat
+ 2012-02-11 14:49 . 2012-02-11 14:49 3947520 c:\windows\Installer\363c5.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}]
2011-06-24 15:04 81920 ----a-w- c:\program files\freecordertoolbar\vmntemplateX.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}"= "c:\program files\freecordertoolbar\vmntemplateX.dll" [2011-06-24 81920]
.
[HKEY_CLASSES_ROOT\clsid\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-27 13529088]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-01 115560]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"SigmatelSysTrayApp"="stsystra.exe" [2007-12-02 282624]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe" [2010-03-24 243544]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-12-19 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\documents and settings\Paul\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
.
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [3/17/2006 4:25 PM 65536]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/7/2012 9:01 PM 106104]
S0 cerc6;cerc6; [x]
S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [7/31/2006 7:44 AM 580992]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/29/2007 12:55 PM 23888]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
googledesktopmanager
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.daz3d.com/i.x/software/studio/-/sreg?regid=116B988CB00FF4A81257B210BB56E0D9&s=W
LSP: mswsock.dll
TCP: DhcpNameServer = 24.247.15.53 66.189.0.100 24.178.162.3
FF - ProfilePath - c:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\zlzkuuyo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.wmich.edu/library
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q=
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-06219725.sys
SafeBoot-08622362.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-11 15:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\$NtUninstallKB46$:SummaryInformation 0 bytes hidden from API
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\ *U**``*_*a*u*t*o*_*f*i*l*e*\shell]
@="open"
.
[HKEY_LOCAL_MACHINE\software\Classes\ *U**``*_*a*u*t*o*_*f*i*l*e*\shell\open]
@="&Open"
.
[HKEY_LOCAL_MACHINE\software\Classes\ *U**``*_*a*u*t*o*_*f*i*l*e*\shell\open\command]
@="c:\\Program Files\\Windows Media Player\\wmplayer.exe /Open \"%L\""
.
[HKEY_LOCAL_MACHINE\software\Classes\ *U**``*_*a*u*t*o*_*f*i*l*e*\shell\play]
@="&Play"
.
[HKEY_LOCAL_MACHINE\software\Classes\ *U**``*_*a*u*t*o*_*f*i*l*e*\shell\play\command]
@="c:\\Program Files\\Windows Media Player\\wmplayer.exe /Play \"%L\""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3088)
c:\windows\system32\WININET.dll
c:\documents and settings\Paul\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\windows\system32\wscntfy.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Completion time: 2012-02-11 15:57:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-11 20:57
ComboFix2.txt 2012-02-11 07:24
.
Pre-Run: 63,293,513,728 bytes free
Post-Run: 63,527,919,616 bytes free
.
- - End Of File - - A307AC7A1EA3EE75E191876BB3AD98E4

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:31 PM

Posted 11 February 2012 - 04:55 PM

Hi

Please do the following:


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /rp /s
    %SYSTEMDRIVE%\i8042prt.* /s
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

Edited by CatByte, 12 February 2012 - 12:21 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 howard sprague jr

howard sprague jr
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 12 February 2012 - 12:20 PM

OK, sorry for delay in responding but computer totally messed up now.
Ran OTL and tried to post logs but could not go through, said unable to connect to server. Everything else worked online for me so figured it was on your end. Tried rebooting and then computer would not boot up at all. It starts to come up then a blue screen with writing on it flashes on for just a second and then it turns off and tries to boot all over again. What seems to work is if I start in safe mode first it will come up, then if I restart normally it usually works. BUT, I am not able to get on to the internet. Icon says acquiring network address. Also, task bar is now white instead of blue. Volume control icon is gone and the pop up that used to come up saying Windows auto update is off, click this baloon to fix does not come up. Other than those things it works fine except for the things it was doing before (can't turn on Symantec AV, can't put on stand by or hibernate.) I am on a different computer now.
Tried going to system restore but it went to c:/Windows prompt and I don't know what it needs from there. Tried to boot from last configuration that worked but that did not work.
Anyway, for what it's worth, here are the OTL logs.
What to do next?

OTL logfile created on: 2/11/2012 5:43:14 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Paul\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 75.50% Memory free
5.09 Gb Paging File | 4.51 Gb Available in Paging File | 88.64% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.93 Gb Total Space | 59.01 Gb Free Space | 39.62% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 48.78 Gb Free Space | 16.37% Space Free | Partition Type: NTFS

Computer Name: D2J5BZK1 | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/11 17:25:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
PRC - [2011/03/24 02:11:25 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/08/19 09:23:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 09:23:22 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/02/04 20:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/05/09 16:07:02 | 001,660,288 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008/05/09 16:07:00 | 002,479,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2008/04/13 18:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/01 00:25:38 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/02/01 00:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2006/03/17 16:25:16 | 000,065,536 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe


========== Modules (No Company Name) ==========

MOD - [2009/08/18 14:54:22 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/05/11 23:38:14 | 000,288,136 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/05/09 16:59:02 | 002,240,944 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/05/09 16:07:00 | 002,479,488 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008/04/13 18:00:00 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\WINDOWS\system32\lvprcsrv.dll -- (googledesktopmanager)
SRV - [2008/02/01 00:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/02/01 00:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/08/11 19:05:27 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2006/03/17 16:25:16 | 000,065,536 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - File not found [Kernel | System | Running] -- -- (AFD)
DRV - [2012/02/03 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/03 04:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/14 11:35:34 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120210.021\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/12/14 11:35:34 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120210.021\NAVENG.SYS -- (NAVENG)
DRV - [2010/09/10 22:32:20 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2009/10/10 13:46:18 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/07/30 16:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/05/09 16:09:58 | 000,091,520 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2008/05/09 16:08:14 | 000,040,832 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2008/03/30 18:33:04 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008/03/21 18:14:24 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/03/21 18:14:24 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/03/21 18:14:24 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/03/12 14:19:50 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2008/01/21 00:15:22 | 000,102,400 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2008/01/17 17:24:44 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/12/19 18:25:40 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2007/10/30 19:55:38 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/10/30 19:55:34 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/07/31 07:44:00 | 000,580,992 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov550i.sys -- (APL531)
DRV - [2006/07/01 09:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2003/04/24 15:21:50 | 000,006,025 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USREL/1


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3917219874-4178528306-2004532722-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
IE - HKU\S-1-5-21-3917219874-4178528306-2004532722-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.wmich.edu/library"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Animeeple.com/Animeeple,version=1.0: C:\Program Files\Animeeple\npanimeep.dll (Animate Me)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Paul\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010/12/16 22:08:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/12/16 22:08:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/15 16:01:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/11 09:48:53 | 000,000,000 | ---D | M]

[2009/10/11 00:33:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Extensions
[2011/10/28 22:01:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\zlzkuuyo.default\extensions
[2009/10/19 19:22:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\zlzkuuyo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/27 18:52:43 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\zlzkuuyo.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}
[2010/12/19 01:39:38 | 000,001,840 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\zlzkuuyo.default\searchplugins\bing.xml
[2011/11/10 18:53:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/15 16:01:08 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/24 19:28:49 | 000,294,712 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2011/08/24 19:28:40 | 000,175,416 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/02 01:38:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 18:52:06 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/11 15:52:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Freecorder Toolbar) - {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files\freecordertoolbar\vmntemplateX.dll ()
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files\freecordertoolbar\vmntemplateX.dll ()
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - Startup: C:\Documents and Settings\Paul\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3917219874-4178528306-2004532722-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3917219874-4178528306-2004532722-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3917219874-4178528306-2004532722-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3917219874-4178528306-2004532722-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1259021722343 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.247.15.53 66.189.0.100 24.178.162.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17A8ADBC-5311-40BC-AD31-ADA70130B135}: DhcpNameServer = 24.247.15.53 66.189.0.100 24.178.162.3
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 16:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: googledesktopmanager - C:\WINDOWS\system32\lvprcsrv.dll (Oak Technology Inc.)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/11 17:25:43 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
[2012/02/11 16:11:15 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/02/11 09:48:24 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/02/11 01:30:15 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/11 01:27:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/11 01:27:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/11 01:27:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/11 01:27:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/11 01:27:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/11 01:20:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/11 01:09:06 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/10 22:26:18 | 004,400,207 | R--- | C] (Swearware) -- C:\Documents and Settings\Paul\Desktop\ComboFix.exe
[2012/02/10 22:15:34 | 002,059,824 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Paul\Desktop\TDSSKiller.exe
[2012/02/08 01:01:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Paul\Start Menu\Programs\Administrative Tools
[2012/02/08 01:00:52 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Paul\Desktop\dds.scr
[2012/02/08 00:10:42 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Paul\Desktop\HijackThis.exe
[2012/02/08 00:07:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/02/07 21:04:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\SanctionedMedia
[2009/11/21 23:47:18 | 000,121,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2007/10/14 20:35:00 | 000,040,960 | ---- | C] ( ) -- C:\WINDOWS\OMNIUNS.EXE
[2004/11/24 13:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/11 17:25:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
[2012/02/11 15:55:35 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/02/11 15:53:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/11 15:52:19 | 000,184,337 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/02/11 15:52:05 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/11 15:51:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/11 15:51:23 | 3488,010,240 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/11 10:12:09 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/11 01:30:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/02/11 01:07:52 | 000,219,136 | ---- | M] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/10 22:26:23 | 004,400,207 | R--- | M] (Swearware) -- C:\Documents and Settings\Paul\Desktop\ComboFix.exe
[2012/02/09 10:15:24 | 002,059,824 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Paul\Desktop\TDSSKiller.exe
[2012/02/08 01:00:53 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Paul\Desktop\dds.scr
[2012/02/08 00:59:38 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Paul\defogger_reenable
[2012/02/08 00:58:56 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Defogger.exe
[2012/02/08 00:10:53 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Paul\Desktop\HijackThis.exe
[2012/02/07 22:24:37 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/07 20:42:45 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\1.avs
[2012/02/02 17:25:23 | 000,000,303 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\bw.avs
[2012/02/01 00:08:54 | 000,114,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/31 22:37:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/31 22:37:00 | 000,465,710 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/31 22:37:00 | 000,080,266 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/26 23:33:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/11 09:48:53 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/02/11 01:30:26 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/02/11 01:30:21 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/02/11 01:27:52 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/11 01:27:51 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/11 01:27:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/11 01:27:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/11 01:27:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/08 18:35:01 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\gmer.exe
[2012/02/08 00:59:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paul\defogger_reenable
[2012/02/08 00:58:56 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Defogger.exe
[2012/02/07 21:05:36 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/01/28 16:51:07 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/05/16 16:37:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/30 16:14:03 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\ptj.exe
[2011/01/30 16:14:03 | 001,103,360 | ---- | C] () -- C:\WINDOWS\System32\cidfont.dll
[2011/01/30 16:14:01 | 004,369,408 | ---- | C] () -- C:\WINDOWS\System32\pdftk.exe
[2010/09/18 10:12:26 | 000,000,025 | ---- | C] () -- C:\WINDOWS\System32\sysogg.dll
[2009/12/12 14:26:28 | 000,000,085 | ---- | C] () -- C:\WINDOWS\lagarith.ini
[2009/11/21 23:47:18 | 000,695,642 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2009/11/21 23:47:18 | 000,001,785 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2009/10/11 00:33:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/10/06 15:56:10 | 000,860,211 | --S- | C] () -- C:\WINDOWS\System32\XSIFtk-3.6.2.1.dll
[2009/09/30 17:54:43 | 000,219,136 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/25 02:44:47 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2009/09/25 02:43:49 | 000,001,154 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/09/24 23:07:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/12/19 09:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/12/17 11:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/12/17 11:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/12/17 11:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/12/17 10:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/25 16:31:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/25 16:27:18 | 000,023,444 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/25 11:16:22 | 000,465,710 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/25 11:16:22 | 000,080,266 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/25 11:16:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/04/25 04:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/25 04:21:52 | 000,114,968 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/13 18:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/13 18:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/13 18:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/13 18:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/13 18:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/13 18:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/13 18:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/11/02 10:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2005/04/14 22:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/04/14 22:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/10/05 17:37:20 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll
[2004/10/03 11:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2003/08/07 14:01:50 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

========== LOP Check ==========

[2009/09/24 22:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2009/10/11 13:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OptiTex
[2009/09/24 23:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2010/05/30 23:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/01/16 00:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{9E3A8735-9ABB-468A-A982-A50862FC9AB3}
[2009/09/24 22:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Windows Desktop Search
[2009/09/24 22:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ellen\Application Data\Windows Desktop Search
[2009/10/11 12:53:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\DAZ 3D
[2011/10/27 18:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\freecordertoolbar
[2010/03/27 15:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Helios
[2009/12/20 16:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Leadertech
[2010/03/27 15:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Notepad++
[2010/03/26 23:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\NoteTab Light
[2009/10/19 18:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\OpenOffice.org
[2010/01/16 00:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Seven Zip
[2010/03/26 23:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\TextPad
[2010/08/07 19:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\UltimateZip
[2010/07/25 19:41:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Unity
[2011/10/27 18:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\vmntemplate
[2011/08/24 19:29:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\webex
[2009/09/24 22:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Windows Desktop Search
[2009/09/30 19:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Windows Search

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 18:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 18:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 18:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 18:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 18:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/13 18:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/13 18:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 18:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/13 18:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 18:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 18:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/13 18:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /rp /s >

< %SYSTEMDRIVE%\i8042prt.* /s >
[2004/08/03 23:14:38 | 000,026,025 | ---- | M] () -- C:\cmdcons\I8042PRT.SY_
[2008/04/14 07:00:00 | 000,026,045 | ---- | M] () -- C:\I386\I8042PRT.SY_

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB46$] -> Error: Cannot create file handle -> Unknown point type
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction

< End of report >

OTL Extras logfile created on: 2/11/2012 5:43:14 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Paul\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 75.50% Memory free
5.09 Gb Paging File | 4.51 Gb Available in Paging File | 88.64% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.93 Gb Total Space | 59.01 Gb Free Space | 39.62% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 48.78 Gb Free Space | 16.37% Space Free | Partition Type: NTFS

Computer Name: D2J5BZK1 | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3917219874-4178528306-2004532722-1005\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{063E409E-3D7C-4A4A-95AB-2F124B9224B3}" = ArcSoft PhotoImpression 6
"{071B9AFA-EBE8-4ABF-8F4A-9F92612F517E}" = Broadcom ASF Management Applications
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{232FDC0C-12DE-41F2-9701-27EFCA18BEF9}" = MediaJoin
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 26
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{2E2966EA-2169-4E42-8A8A-CC1749D80088}" = Symantec Endpoint Protection
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A6A34D3-37EE-40F3-BF81-EC7A4BF7F24D}" = Photo to Cartoon
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{5E4B86E5-CD0E-4D3D-BE21-45A30326850A}" = Microsoft Search Enhancement Pack
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6B566EFE-DC1D-471F-93DD-84832663F140}" = OVT Scanner X86
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{92FD71D5-ED7E-40B2-8DF3-4B5E6F684367}" = Dell ETS Factory Installation
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1" = Free YouTube Downloader 3.1.61
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.20)
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Animeeple_is1" = Animeeple 0.2.16
"AviSynth" = AviSynth 2.5
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DAZ Studio 3 3.0.1.144" = DAZ Studio 3
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"FastStone Capture" = FastStone Capture 6.9
"Freecorder5.07" = Freecorder 5
"freecordertoolbar" = Freecorder Toolbar
"ie8" = Windows Internet Explorer 8
"Lightscreen" = Lightscreen
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"MediaJoin" = MediaJoin
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MP3 Converter Simple" = MP3 Converter Simple
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NaturalMotion endorphin_is1" = NaturalMotion endorphin 2.7.1
"NVIDIA Drivers" = NVIDIA Drivers
"office Convert Pdf to Jpg Jpeg Tiff Free_is1" = office Convert Pdf to Jpg Jpeg Tiff Free 6.4
"Prism" = Prism Video Converter
"UltimateZip_is1" = UltimateZip
"Unrealty Client" = Unrealty Client
"Victoria 4.2 Base ps_pe069_Victoria4" = Victoria 4.2 Base
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"XP Codec Pack" = XP Codec Pack
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3917219874-4178528306-2004532722-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/7/2012 10:19:55 PM | Computer Name = D2J5BZK1 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Infostealer in File: c:\Documents and Settings\All
Users\Application Data\Symantec\SRTSP\Quarantine\APQ579.tmp by: Manual scan. Action:
Clean succeeded. Action Description: The file was repaired successfully.

Error - 2/8/2012 12:32:38 AM | Computer Name = D2J5BZK1 | Source = Broadcom ASF IP Monitor | ID = 0
Description = !ERROR 53 Refreshing BMAPI data

Error - 2/8/2012 12:37:37 AM | Computer Name = D2J5BZK1 | Source = Application Hang | ID = 1002
Description = Hanging application SymCorpUI.exe, version 11.0.2010.7, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/8/2012 1:28:10 AM | Computer Name = D2J5BZK1 | Source = Application Hang | ID = 1002
Description = Hanging application DAZStudio.exe, version 3.0.1.144, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/8/2012 11:19:12 PM | Computer Name = D2J5BZK1 | Source = Broadcom ASF IP Monitor | ID = 0
Description = !ERROR 53 Refreshing BMAPI data

Error - 2/9/2012 7:57:03 AM | Computer Name = D2J5BZK1 | Source = Broadcom ASF IP Monitor | ID = 0
Description = !ERROR 53 Refreshing BMAPI data

Error - 2/9/2012 5:22:13 PM | Computer Name = D2J5BZK1 | Source = Broadcom ASF IP Monitor | ID = 0
Description = !ERROR 53 Refreshing BMAPI data

Error - 2/9/2012 7:51:37 PM | Computer Name = D2J5BZK1 | Source = Broadcom ASF IP Monitor | ID = 0
Description = !ERROR 53 Refreshing BMAPI data

Error - 2/11/2012 4:36:05 PM | Computer Name = D2J5BZK1 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 2/11/2012 4:53:07 PM | Computer Name = D2J5BZK1 | Source = Broadcom ASF IP Monitor | ID = 0
Description = !ERROR 53 Refreshing BMAPI data

[ System Events ]
Error - 2/11/2012 4:53:22 PM | Computer Name = D2J5BZK1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Symantec Endpoint Protection
service to connect.

Error - 2/11/2012 4:53:22 PM | Computer Name = D2J5BZK1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Symantec Endpoint Protection
service to connect.

Error - 2/11/2012 4:53:22 PM | Computer Name = D2J5BZK1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service Symantec AntiVirus
with arguments "" in order to run the server: {98694799-6891-4FD7-A91D-FB43B78AEC8C}

Error - 2/11/2012 4:53:22 PM | Computer Name = D2J5BZK1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Symantec Endpoint Protection
service to connect.

Error - 2/11/2012 5:03:09 PM | Computer Name = D2J5BZK1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service Symantec AntiVirus
with arguments "" in order to run the server: {98694799-6891-4FD7-A91D-FB43B78AEC8C}

Error - 2/11/2012 5:03:09 PM | Computer Name = D2J5BZK1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Symantec Endpoint Protection
service to connect.

Error - 2/11/2012 5:03:09 PM | Computer Name = D2J5BZK1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Symantec Endpoint Protection
service to connect.

Error - 2/11/2012 5:03:11 PM | Computer Name = D2J5BZK1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service Symantec AntiVirus
with arguments "" in order to run the server: {98694799-6891-4FD7-A91D-FB43B78AEC8C}

Error - 2/11/2012 5:03:11 PM | Computer Name = D2J5BZK1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Symantec Endpoint Protection
service to connect.

Error - 2/11/2012 5:03:11 PM | Computer Name = D2J5BZK1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Symantec Endpoint Protection
service to connect.


< End of report >

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:31 PM

Posted 12 February 2012 - 01:21 PM

Hi

Please run the following:

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
    MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
    SRV - [2008/04/13 18:00:00 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\WINDOWS\system32\lvprcsrv.dll -- (googledesktopmanager)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    NetSvcs: googledesktopmanager - C:\WINDOWS\system32\lvprcsrv.dll (Oak Technology Inc.)
    
    :files
    expand C:\I386\I8042PRT.SY_ c:\windows\system32\drivers\i8042prt.sys /c
    rmdir C:\WINDOWS\$NtUninstallKB46$ /c
    ipconfig /flushdns /c
    
    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL log

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 howard sprague jr

howard sprague jr
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 12 February 2012 - 05:21 PM

S e r v i c e g o o g l e d e s k t o p m a n a g e r s t o p p e d s u c c e s s f u l l y !

S e r v i c e g o o g l e d e s k t o p m a n a g e r d e l e t e d s u c c e s s f u l l y !

C : \ W I N D O W S \ s y s t e m 3 2 \ l v p r c s r v . d l l m o v e d s u c c e s s f u l l y .

R e g i s t r y k e y H K E Y _ L O C A L _ M A C H I N E \ S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ E x p l o r e r \ B r o w s e r H e l p e r O b j e c t s \ { 5 C 2 5 5 C 8 A - E 6 0 4 - 4 9 b 4 - 9 D 6 4 - 9 0 9 8 8 5 7 1 C E C B } \ d e l e t e d s u c c e s s f u l l y .

R e g i s t r y k e y H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ C l a s s e s \ C L S I D \ { 5 C 2 5 5 C 8 A - E 6 0 4 - 4 9 b 4 - 9 D 6 4 - 9 0 9 8 8 5 7 1 C E C B } \ n o t f o u n d .

g o o g l e d e s k t o p m a n a g e r r e m o v e d f r o m N e t S v c s v a l u e s u c c e s s f u l l y !

S e r v i c e g o o g l e d e s k t o p m a n a g e r s t o p p e d s u c c e s s f u l l y !

R e g i s t r y k e y H K E Y _ L O C A L _ M A C H I N E \ S Y S T E M \ C u r r e n t C o n t r o l S e t \ S e r v i c e s \ g o o g l e d e s k t o p m a n a g e r d e l e t e d s u c c e s s f u l l y .

F i l e C : \ W I N D O W S \ s y s t e m 3 2 \ l v p r c s r v . d l l n o t f o u n d .

= = = = = = = = = = F I L E S = = = = = = = = = =

[ c o l o r = # A 2 3 B E C ] < e x p a n d C : \ I 3 8 6 \ I 8 0 4 2 P R T . S Y _ c : \ w i n d o w s \ s y s t e m 3 2 \ d r i v e r s \ i 8 0 4 2 p r t . s y s / c > [ / c o l o r ]

M i c r o s o f t ( R ) F i l e E x p a n s i o n U t i l i t y V e r s i o n 5 . 1 . 2 6 0 0 . 0

C o p y r i g h t ( C ) M i c r o s o f t C o r p 1 9 9 0 - 1 9 9 9 . A l l r i g h t s r e s e r v e d .

E x p a n d i n g c : \ i 3 8 6 \ i 8 0 4 2 p r t . s y _ t o c : \ w i n d o w s \ s y s t e m 3 2 \ d r i v e r s \ i 8 0 4 2 p r t . s y s .

c : \ i 3 8 6 \ i 8 0 4 2 p r t . s y _ : 2 6 0 4 5 b y t e s e x p a n d e d t o 5 2 4 8 0 b y t e s , 1 0 1 % i n c r e a s e .

C : \ D o c u m e n t s a n d S e t t i n g s \ P a u l \ D e s k t o p \ c m d . b a t d e l e t e d s u c c e s s f u l l y .

C : \ D o c u m e n t s a n d S e t t i n g s \ P a u l \ D e s k t o p \ c m d . t x t d e l e t e d s u c c e s s f u l l y .

[ c o l o r = # A 2 3 B E C ] < r m d i r C : \ W I N D O W S \ $ N t U n i n s t a l l K B 4 6 $ / c > [ / c o l o r ]

C : \ D o c u m e n t s a n d S e t t i n g s \ P a u l \ D e s k t o p \ c m d . b a t d e l e t e d s u c c e s s f u l l y .

C : \ D o c u m e n t s a n d S e t t i n g s \ P a u l \ D e s k t o p \ c m d . t x t d e l e t e d s u c c e s s f u l l y .

[ c o l o r = # A 2 3 B E C ] < i p c o n f i g / f l u s h d n s / c > [ / c o l o r ]

W i n d o w s I P C o n f i g u r a t i o n

S u c c e s s f u l l y f l u s h e d t h e D N S R e s o l v e r C a c h e .

C : \ D o c u m e n t s a n d S e t t i n g s \ P a u l \ D e s k t o p \ c m d . b a t d e l e t e d s u c c e s s f u l l y .

C : \ D o c u m e n t s a n d S e t t i n g s \ P a u l \ D e s k t o p \ c m d . t x t d e l e t e d s u c c e s s f u l l y .

= = = = = = = = = = C O M M A N D S = = = = = = = = = =

C : \ W I N D O W S \ S y s t e m 3 2 \ d r i v e r s \ e t c \ H o s t s m o v e d s u c c e s s f u l l y .

H O S T S f i l e r e s e t s u c c e s s f u l l y



[ E M P T Y T E M P ]



U s e r : A d m i n i s t r a t o r

- > T e m p f o l d e r e m p t i e d : 0 b y t e s

- > T e m p o r a r y I n t e r n e t F i l e s f o l d e r e m p t i e d : 6 7 b y t e s

- > F i r e F o x c a c h e e m p t i e d : 4 4 4 0 1 4 5 4 b y t e s

- > F l a s h c a c h e e m p t i e d : 1 3 5 9 b y t e s



U s e r : A l l U s e r s



U s e r : D e f a u l t U s e r

- > T e m p f o l d e r e m p t i e d : 0 b y t e s

- > T e m p o r a r y I n t e r n e t F i l e s f o l d e r e m p t i e d : 6 7 b y t e s

- > F l a s h c a c h e e m p t i e d : 4 1 4 1 1 b y t e s



U s e r : E l l e n

- > T e m p f o l d e r e m p t i e d : 0 b y t e s

- > T e m p o r a r y I n t e r n e t F i l e s f o l d e r e m p t i e d : 6 7 b y t e s



U s e r : L o c a l S e r v i c e

- > T e m p f o l d e r e m p t i e d : 6 6 0 1 6 b y t e s

- > T e m p o r a r y I n t e r n e t F i l e s f o l d e r e m p t i e d : 2 4 5 8 9 4 b y t e s



U s e r : N e t w o r k S e r v i c e

- > T e m p f o l d e r e m p t i e d : 0 b y t e s

- > T e m p o r a r y I n t e r n e t F i l e s f o l d e r e m p t i e d : 2 2 0 0 5 2 7 3 7 b y t e s

- > J a v a c a c h e e m p t i e d : 0 b y t e s

- > F l a s h c a c h e e m p t i e d : 2 4 8 3 b y t e s



U s e r : P a u l

- > T e m p f o l d e r e m p t i e d : 1 6 0 7 8 b y t e s

- > T e m p o r a r y I n t e r n e t F i l e s f o l d e r e m p t i e d : 4 3 7 6 2 0 3 b y t e s

- > J a v a c a c h e e m p t i e d : 0 b y t e s

- > F i r e F o x c a c h e e m p t i e d : 5 3 9 7 7 5 2 5 b y t e s

- > F l a s h c a c h e e m p t i e d : 4 2 0 3 2 b y t e s



% s y s t e m d r i v e % . t m p f i l e s r e m o v e d : 0 b y t e s

% s y s t e m r o o t % . t m p f i l e s r e m o v e d : 4 8 0 4 0 8 8 b y t e s

% s y s t e m r o o t % \ S y s t e m 3 2 . t m p f i l e s r e m o v e d : 2 5 7 7 b y t e s

% s y s t e m r o o t % \ S y s t e m 3 2 \ d l l c a c h e . t m p f i l e s r e m o v e d : 0 b y t e s

% s y s t e m r o o t % \ S y s t e m 3 2 \ d r i v e r s . t m p f i l e s r e m o v e d : 0 b y t e s

W i n d o w s T e m p f o l d e r e m p t i e d : 3 3 2 5 1 b y t e s

% s y s t e m r o o t % \ s y s t e m 3 2 \ c o n f i g \ s y s t e m p r o f i l e \ L o c a l S e t t i n g s \ T e m p f o l d e r e m p t i e d : 0 b y t e s

% s y s t e m r o o t % \ s y s t e m 3 2 \ c o n f i g \ s y s t e m p r o f i l e \ L o c a l S e t t i n g s \ T e m p o r a r y I n t e r n e t F i l e s f o l d e r e m p t i e d : 3 2 9 0 2 b y t e s

R e c y c l e B i n e m p t i e d : 1 1 5 6 3 2 5 b y t e s



T o t a l F i l e s C l e a n e d = 3 1 4 . 0 0 m b





O T L b y O l d T i m e r - V e r s i o n 3 . 2 . 3 1 . 0 l o g c r e a t e d o n 0 2 1 2 2 0 1 2 _ 1 7 0 5 3 5



F i l e s \ F o l d e r s m o v e d o n R e b o o t . . .



R e g i s t r y e n t r i e s d e l e t e d o n R e b o o t . . .


SORRY THIS IS MESSY - I AN USING A MAC AND TOOK SOME DOING TO GET THIS TO POST RIGHT.

Edited by howard sprague jr, 12 February 2012 - 05:39 PM.


#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:31 PM

Posted 12 February 2012 - 05:40 PM

That looks good

Please re-run ComboFix > allow it to update is it asks to do so > remember to disable your security programs > post the resulting log


then run a fresh OTL log with the original settings I first gave you in this post here

Please post both the ComboFix and OTL logs

thanks

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 howard sprague jr

howard sprague jr
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 12 February 2012 - 05:51 PM

I am still not able to connect to the internet. As I recall, doesn't combofix require an internet connection? Anyway, the combofix seems to have disappeared from my desktop. I will try to download here and transfer to my computer.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users