Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroRootKit on PC, F8-Safe Mode Disabled


  • This topic is locked This topic is locked
23 replies to this topic

#1 farrah7031

farrah7031

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 27 February 2012 - 08:35 PM

Attached File  ark.txt   6.87KB   3 downloadsAttached File  attach.txt   22.35KB   0 downloads I've also ran SuperAntiSpyware. It says it's cleaning it but after the reboot it's back. Combofix says there's a zero rootkit and has to reboot. I can't log into Safemode via F8, but I can with using the app Bootsafe.exe. Sometimes I can get to the internet, sometimes I can't. I tried to disable system restore, but it keeps turning itself back on. Here's my DDS file: . DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23 Run by Owner at 19:21:37 on 2012-02-27 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1778 [GMT -5:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE . ============== Pseudo HJT Report =============== . uStart Page = hxxp://my.yahoo.com/ uInternet Settings,ProxyOverride = *.local BHO: Shareaza Web Download Hook: {0eedb912-c5fa-486f-8334-57288578c627} - c:\program files\shareaza\RazaWebHook32.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.2.0.13\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.2.0.13\ips\IPSBHO.DLL BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - c:\program files\constant guard protection suite\NativeBHO.dll BHO: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - No File BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.2.0.13\coIEPlg.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [lxdemon.exe] "c:\program files\lexmark 4800 series\lxdemon.exe" mRun: [lxdeamon] "c:\program files\lexmark 4800 series\lxdeamon.exe" mRun: [QuickTime Task] "c:\program files\quicktime alternative\qttask.exe" -atboottime dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\consta~1.lnk - c:\program files\constant guard protection suite\IDVault.exe mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1) mPolicies-explorer: MaxRecentDocs = 18 (0x12) mPolicies-explorer: NoSMConfigurePrograms = 1 (0x1) mPolicies-explorer: NoRecentDocsNetHood = 1 (0x1) mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1) IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 TCP: Interfaces\{1265ED06-1814-4AF3-93F5-8A75959594E0} : DhcpNameServer = 68.87.74.166 68.87.68.166 192.168.1.1 TCP: Interfaces\{5F4B4795-67D7-44AF-BF17-3C3F3976819A} : DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\owner.anonymous\application data\mozilla\firefox\profiles\te78xe6u.default\ FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/ FF - prefs.js: network.proxy.type - 0 FF - component: c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\coffplgn_2011_7_5_2\components\coFFPlgn.dll FF - component: c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\ipsffplgn\components\IPSFFPl.dll FF - component: c:\documents and settings\all users.windows\application data\white sky, inc\id vault\xpcom3\components\IdVault.XPCOM3.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin.dll FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin2.dll FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin3.dll FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin4.dll FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin5.dll FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin6.dll FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin7.dll FF - plugin: c:\program files\veetle\player\npvlc.dll FF - plugin: c:\program files\veetle\plugins\npVeetle.dll FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Symantec Intrusion Prevention: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\IPSFFPlgn FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\DivXHTML5 FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\coFFPlgn_2011_7_5_2 FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: vShare: vshareus@toolbar - %profile%\extensions\vshareus@toolbar . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502000.00d\symds.sys [2012-2-7 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502000.00d\symefa.sys [2012-2-7 744568] S0 84918203;84918203;c:\windows\system32\drivers\25786353.sys --> c:\windows\system32\drivers\25786353.sys [?] S0 qqjo;qqjo;c:\windows\system32\drivers\dymhuc.sys --> c:\windows\system32\drivers\dymhuc.sys [?] S1 BHDrvx86;BHDrvx86;c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120215.001\BHDrvx86.sys [2012-2-15 820344] S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [2010-2-10 9472] S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys [2012-2-7 136312] S2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-27 136176] S2 IDVaultSvc;CGPS Service;c:\program files\constant guard protection suite\IDVaultSvc.exe [2012-2-15 65096] S2 lxde_device;lxde_device;c:\windows\system32\lxdecoms.exe -service --> c:\windows\system32\lxdecoms.exe -service [?] S2 lxdeCATSCustConnectService;lxdeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdeserv.exe [2012-1-11 99248] S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-6-26 652360] S2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.0.13\ccsvchst.exe [2012-2-7 130008] S2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688] S3 68781906;68781906; [x] S3 78491750;78491750; [x] S3 88291404;88291404; [x] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-6-26 1684736] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2011-10-15 79360] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-9 106104] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-27 136176] S3 IDSxpx86;IDSxpx86;c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120217.003\IDSXpx86.sys [2012-2-17 356280] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-6-26 20464] S3 NAVENG;NAVENG;c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120220.001\NAVENG.SYS [2012-2-20 86136] S3 NAVEX15;NAVEX15;c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120220.001\NAVEX15.SYS [2012-2-20 1576312] S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files\common files\creative labs shared\service\XMBLicensing.exe [2011-10-15 79360] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2010-2-10 14848] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408] . =============== Created Last 30 ================ . 2012-02-27 23:04:01 -------- d-s---w- C:\ComboFix 2012-02-26 22:11:24 4420481 ----a-w- C:\ComboFix.ex 2012-02-26 20:48:03 549840 ----a-w- c:\windows\system32\PerfStringBackup.TMP 2012-02-26 20:46:56 -------- d-----w- C:\d4fbdb8576bf9246aab08d722c 2012-02-26 20:46:16 3072 ------w- c:\windows\system32\iacenc.dll 2012-02-26 20:46:16 3072 ------w- c:\windows\system32\dllcache\iacenc.dll 2012-02-20 01:48:34 138496 ----a-w- c:\windows\system32\drivers\afd.sys 2012-02-20 01:04:50 -------- d-----w- C:\TDSSKiller_Quarantine 2012-02-19 22:27:01 57600 ----a-w- c:\windows\system32\drivers\redbook.sys 2012-02-19 22:27:01 57600 ----a-w- c:\windows\system32\dllcache\redbook.sys 2012-02-19 19:32:00 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-02-19 19:32:00 361600 ----a-w- c:\windows\system32\dllcache\tcpip.sys 2012-02-19 17:29:15 91720 ----a-w- c:\program files\mozilla firefox\IdVaultCore.XmlSerializers.dll 2012-02-19 17:29:15 8007680 ----a-w- c:\program files\mozilla firefox\Microsoft.mshtml.dll 2012-02-19 17:29:15 1644616 ----a-w- c:\program files\mozilla firefox\IdVaultCore.dll 2012-02-19 17:29:15 136264 ----a-w- c:\program files\mozilla firefox\CommonDotNET.dll 2012-02-19 14:27:09 -------- d-----w- c:\documents and settings\owner.anonymous\application data\CDisplayEx 2012-02-18 21:54:58 0 --sha-w- c:\windows\system32\dds_trash_log.cmd 2012-02-16 03:10:50 -------- d-----w- c:\program files\CDisplayEx 2012-02-07 22:35:56 744568 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symefa.sys 2012-02-07 22:35:56 516216 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\srtsp.sys 2012-02-07 22:35:56 50168 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\srtspx.sys 2012-02-07 22:35:56 369784 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symtdi.sys 2012-02-07 22:35:56 340088 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symds.sys 2012-02-07 22:35:56 331384 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symtdiv.sys 2012-02-07 22:35:56 299640 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symnets.sys 2012-02-07 22:35:56 136312 ----a-r- c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys 2012-02-07 22:35:44 -------- d-----w- c:\windows\system32\drivers\n360\0502000.00D . ==================== Find3M ==================== . 2012-02-26 20:31:22 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys 2012-02-19 14:26:46 23624 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys 2012-02-18 20:53:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-01-12 00:51:17 309320 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys 2012-01-09 04:30:02 348160 ----a-w- c:\windows\system32\msvcr71.dll 2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys . ============= FINISH: 19:22:04.43 ===============

BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:04:03 AM

Posted 29 February 2012 - 01:58 AM

Hello farrah7031 and welcome to BC.


:step1: Download OTL to your Desktop.
  • Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Copy and Paste the following code into the Custom Scan/Fixes box.

    c:\windows\*. /SL
    c:\windows\*. /RP 
    netsvcs
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav 
    %systemroot%\system32\drivers\*.sys /90
    
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them when you reply.



:step2: Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
Note: Do not install Avast anti virus when offered.



:step3: Please download Listparts
Run the tool, click Scan and post the log (Result.txt) it makes.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 farrah7031

farrah7031
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 29 February 2012 - 10:41 PM

OTL Extras logfile created on: 2/29/2012 10:31:07 PM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Owner.ANONYMOUS\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 86.77% Memory free
3.85 Gb Paging File | 3.77 Gb Available in Paging File | 97.97% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 156.25 Gb Total Space | 124.67 Gb Free Space | 79.79% Space Free | Partition Type: NTFS
Drive D: | 141.83 Gb Total Space | 103.30 Gb Free Space | 72.83% Space Free | Partition Type: NTFS

Computer Name: ANONYMOUS | User Name: Owner | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\odbcconf32.exe" = C:\WINDOWS\system32\odbcconf32.exe:*:Enabled:Windows Update Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\WINDOWS\system32\lxdecoms.exe" = C:\WINDOWS\system32\lxdecoms.exe:*:Enabled:4800 Series Server -- ( )
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdepswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdepswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdejswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdejswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdetime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdetime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe" = C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Shareaza\Shareaza.exe" = C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza -- (Shareaza Development Team)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Lexmark 4800 Series\frun.exe" = C:\Program Files\Lexmark 4800 Series\frun.exe:*:Enabled:Printing Application -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdewbgw.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdewbgw.exe:*:Enabled:Lexmark Web Gateway -- ()
"C:\Program Files\Lexmark 4800 Series\lxdemon.exe" = C:\Program Files\Lexmark 4800 Series\lxdemon.exe:*:Enabled:Printer Device Monitor -- ()
"C:\Documents and Settings\Owner.ANONYMOUS\Local Settings\temp\lxde\wireless\ENGLISH\lxdewpss.exe" = C:\Documents and Settings\Owner.ANONYMOUS\Local Settings\temp\lxde\wireless\ENGLISH\lxdewpss.exe:*:Enabled:


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 23
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62BFB4C2-8C4E-4D91-BD7D-81C06EAAC3C0}" = Windows Rights Management Client with Service Pack 2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D166051-2C3B-4BF3-A68D-B11D45F3E1B6}" = User Profile Helper Cleanup Service
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A0A20753-92DF-4631-82B4-9CACE2FCED6A}" = Oblivion - The Fighter's Stronghold
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93762E6-8EA6-4E7F-9557-64E51AA3AB84}" = CASIO USB Driver V1.0.8003.1229
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 Service Pack 1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 Service Pack 1
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.10 beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ASRock IES_is1" = ASRock IES v2.0.85
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.23
"ASRock OC Tuner_is1" = ASRock OC Tuner v2.3.83
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"CDisplayEx_is1" = CDisplayEx 1.8
"CmdOpen Shell Extension" = Open Command Prompt Shell Extension (x86-32)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"DivX Setup" = DivX Setup
"FileZilla Client" = FileZilla Client 3.5.0
"HashCheck Shell Extension" = HashCheck Shell Extension (x86-32)
"HitmanPro36" = HitmanPro 3.6
"ID Vault" = Constant Guard Protection Suite
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.7.0
"Lexmark 4800 Series" = Lexmark 4800 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"N360" = Norton Security Suite
"NSS" = Norton Security Scan
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Picasa 3" = Picasa 3
"QuicktimeAlt_is1" = QuickTime Alternative 3.1.0
"Shareaza_is1" = Shareaza 2.5.5.0
"SuperMegaSpoof_is1" = SuperMegaSpoof 2.0
"SystemRequirementsLab" = System Requirements Lab
"Unlocker" = Unlocker 1.8.8
"Veetle TV" = Veetle TV 0.9.18
"vShare" = vShare Plugin
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/26/2012 4:35:12 PM | Computer Name = ANONYMOUS | Source = JavaQuickStarterService | ID = 1
Description =

Error - 2/26/2012 4:36:19 PM | Computer Name = ANONYMOUS | Source = IDVault | ID = 0
Description = Display Flag Error Call was canceled by the message filter. (Exception
from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))

Error - 2/26/2012 4:36:19 PM | Computer Name = ANONYMOUS | Source = IDVault | ID = 0
Description = Interaction with the desktop is required. Enable desktop interaction
flag in Properties->Log On.

Error - 2/26/2012 4:41:49 PM | Computer Name = ANONYMOUS | Source = JavaQuickStarterService | ID = 1
Description =

Error - 2/26/2012 4:54:34 PM | Computer Name = ANONYMOUS | Source = JavaQuickStarterService | ID = 1
Description =

Error - 2/26/2012 5:00:25 PM | Computer Name = ANONYMOUS | Source = JavaQuickStarterService | ID = 1
Description =

Error - 2/26/2012 5:21:08 PM | Computer Name = ANONYMOUS | Source = JavaQuickStarterService | ID = 1
Description =

Error - 2/26/2012 5:28:40 PM | Computer Name = ANONYMOUS | Source = JavaQuickStarterService | ID = 1
Description =

Error - 2/27/2012 7:57:51 PM | Computer Name = ANONYMOUS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 2/27/2012 7:57:51 PM | Computer Name = ANONYMOUS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

[ System Events ]
Error - 2/27/2012 7:51:36 PM | Computer Name = ANONYMOUS | Source = Print | ID = 23
Description = Printer Microsoft XPS Document Writer failed to initialize because
a suitable Microsoft XPS Document Writer driver could not be found.

Error - 2/27/2012 8:20:48 PM | Computer Name = ANONYMOUS | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 2/27/2012 8:20:55 PM | Computer Name = ANONYMOUS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/27/2012 8:22:13 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AmdK8 BHDrvx86 eeCtrl Fips SASDIFSV SASKUTIL sptd SRTSPX SymIRON SYMTDI

Error - 2/27/2012 9:31:04 PM | Computer Name = ANONYMOUS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2/27/2012 9:37:16 PM | Computer Name = ANONYMOUS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/29/2012 11:20:56 PM | Computer Name = ANONYMOUS | Source = Print | ID = 23
Description = Printer Microsoft XPS Document Writer failed to initialize because
a suitable Microsoft XPS Document Writer driver could not be found.

Error - 2/29/2012 11:28:09 PM | Computer Name = ANONYMOUS | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 2/29/2012 11:28:16 PM | Computer Name = ANONYMOUS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/29/2012 11:29:35 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AmdK8 BHDrvx86 eeCtrl Fips SASDIFSV SASKUTIL sptd SRTSPX SymIRON SYMTDI

[ Windows PowerShel Events ]
Error - 2/26/2012 4:35:12 PM | Computer Name = ANONYMOUS | Source = JavaQuickStarterService | ID = 1
Description =

Error - 2/26/2012 4:36:19 PM | Computer Name = ANONYMOUS | Source = IDVault | ID = 0
Description =

Error - 2/26/2012 4:36:19 PM | Computer Name = ANONYMOUS | Source = IDVault | ID = 0
Description =

Error - 2/26/2012 4:41:49 PM | Computer Name = ANONYMOUS | Source = JavaQuickStarterService | ID = 1
Description =

Error - 2/26/2012 4:54:34 PM | Computer Name = ANONYMOUS | Source = JavaQuickStarterService | ID = 1
Description =

Error - 2/26/2012 5:00:25 PM | Computer Name = ANONYMOUS | Source = JavaQuickStarterService | ID = 1
Description =

Error - 2/26/2012 5:21:08 PM | Computer Name = ANONYMOUS | Source = JavaQuickStarterService | ID = 1
Description =

Error - 2/26/2012 5:28:40 PM | Computer Name = ANONYMOUS | Source = JavaQuickStarterService | ID = 1
Description =

Error - 2/27/2012 7:57:51 PM | Computer Name = ANONYMOUS | Source = crypt32 | ID = 131080
Description =

Error - 2/27/2012 7:57:51 PM | Computer Name = ANONYMOUS | Source = crypt32 | ID = 131080
Description =


< End of report >

OTL logfile created on: 2/29/2012 10:31:07 PM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Owner.ANONYMOUS\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 86.77% Memory free
3.85 Gb Paging File | 3.77 Gb Available in Paging File | 97.97% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 156.25 Gb Total Space | 124.67 Gb Free Space | 79.79% Space Free | Partition Type: NTFS
Drive D: | 141.83 Gb Total Space | 103.30 Gb Free Space | 72.83% Space Free | Partition Type: NTFS

Computer Name: ANONYMOUS | User Name: Owner | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/29 22:29:52 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.ANONYMOUS\Desktop\OTL.exe
PRC - [2010/02/10 22:55:59 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (purendis)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (EU3_USB)
SRV - [2012/02/15 17:08:26 | 000,065,096 | ---- | M] (White Sky, Inc.) [Auto | Stopped] -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe -- (IDVaultSvc)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/15 08:43:45 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011/10/15 08:43:14 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Stopped] -- C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe -- (N360)
SRV - [2009/12/23 16:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/06/17 12:49:44 | 000,616,408 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
SRV - [2009/02/22 22:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/10/31 16:33:46 | 000,276,480 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Auto | Stopped] -- C:\Program Files\UPHClean\uphclean.dll -- (UPHClean)
SRV - [2007/05/29 08:07:58 | 000,598,960 | ---- | M] ( ) [Auto | Stopped] -- C:\WINDOWS\System32\lxdecoms.exe -- (lxde_device)
SRV - [2007/05/29 08:06:44 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdeserv.exe -- (lxdeCATSCustConnectService)


========== Driver Services (SafeList) ==========

DRV - [2012/02/03 22:05:24 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/03 22:05:24 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/15 18:33:22 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120217.003\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/30 21:25:03 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120215.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/10/15 11:40:25 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/10/14 00:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120220.001\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/10/14 00:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120220.001\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/04/20 20:37:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0502000.00D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/30 22:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0502000.00D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 22:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\N360\0502000.00D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/14 21:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 01:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMDS.SYS -- (SymDS)
DRV - [2010/11/15 20:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\N360\0502000.00D\Ironx86.SYS -- (SymIRON)
DRV - [2010/08/14 15:27:04 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/02/10 23:01:06 | 000,009,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\dumpdrv.sys -- (DumpDrv)
DRV - [2009/08/18 04:32:00 | 005,884,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/03/25 13:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/10/30 08:14:20 | 000,117,888 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/08/05 07:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/04/16 20:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/07/01 21:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/01/04 02:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2001/08/17 11:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: vshareus@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:10.1.0.68 - 1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.5.2
FF - prefs.js..extensions.enabledItems: idvaultaddin@whitesky:1.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/09 22:38:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_5_2 [2012/02/29 22:21:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/18 13:29:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/08 23:28:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/08 23:29:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/11/28 19:26:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/11/28 19:26:34 | 000,000,000 | ---D | M]

[2010/11/28 02:03:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Mozilla\Extensions
[2012/02/27 19:23:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Mozilla\Firefox\Profiles\te78xe6u.default\extensions
[2010/11/28 02:10:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Mozilla\Firefox\Profiles\te78xe6u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/01 22:06:46 | 000,000,000 | ---D | M] (vShare) -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Mozilla\Firefox\Profiles\te78xe6u.default\extensions\vshareus@toolbar
[2012/02/26 18:32:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/28 02:15:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/22 19:35:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2012/02/29 22:21:44 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS.WINDOWS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\COFFPLGN_2011_7_5_2
[2012/02/09 22:38:11 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\DOCUMENTS AND SETTINGS\ALL USERS.WINDOWS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPLGN
[2012/02/19 12:29:15 | 000,000,000 | ---D | M] (XFINITY Constant Guard Protection Suite) -- C:\DOCUMENTS AND SETTINGS\ALL USERS.WINDOWS\APPLICATION DATA\WHITE SKY, INC\ID VAULT\XPCOM3
[2011/12/18 13:29:54 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2010/11/28 02:14:56 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/07/11 16:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

Hosts file not found
O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Constant Guard Protection Suite (COM)) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files\Constant Guard Protection Suite\NativeBHO.dll (WhiteSky)
O2 - BHO: (no name) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [lxdeamon] C:\Program Files\Lexmark 4800 Series\lxdeamon.exe ()
O4 - HKLM..\Run: [lxdemon.exe] C:\Program Files\Lexmark 4800 Series\lxdemon.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\qttask.exe (Apple Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Constant Guard.lnk = C:\Program Files\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 18
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1265ED06-1814-4AF3-93F5-8A75959594E0}: DhcpNameServer = 68.87.74.166 68.87.68.166 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F4B4795-67D7-44AF-BF17-3C3F3976819A}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O18 - Protocol\Handler\vsharechrome - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner.ANONYMOUS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner.ANONYMOUS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/26 16:47:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: EU3_USB - File not found
NetSvcs: mbackmonitor - File not found
NetSvcs: websenseuserservice - File not found
NetSvcs: BUFADPT - File not found
NetSvcs: purendis - File not found
NetSvcs: WmdmPmSp - File not found

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} -
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIEActiveSetup SIGNUP
ActiveX: >{99820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\WINDOWS\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.HFYU - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.i263 - C:\WINDOWS\System32\I263_32.drv (Intel Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP70 - C:\WINDOWS\System32\vp7vfw.dll (On2.com)
Drivers32: VIDC.X264 - C:\WINDOWS\System32\x264vfw.dll ()
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012/02/29 22:29:52 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.ANONYMOUS\Desktop\OTL.exe
[2012/02/27 19:00:18 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner.ANONYMOUS\Desktop\dds.scr
[2012/02/27 18:04:01 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/02/26 18:32:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner.ANONYMOUS\Recent
[2012/02/26 17:11:24 | 004,420,481 | ---- | C] (Swearware) -- C:\ComboFix.ex
[2012/02/26 17:11:01 | 004,420,481 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner.ANONYMOUS\Desktop\ComboFix.exe
[2012/02/26 16:31:18 | 000,122,168 | ---- | C] (SuperAdBlocker.com) -- C:\Documents and Settings\Owner.ANONYMOUS\Desktop\BootSafe.exe
[2012/02/26 15:46:56 | 000,000,000 | ---D | C] -- C:\d4fbdb8576bf9246aab08d722c
[2012/02/19 20:04:50 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/19 20:03:25 | 002,062,896 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner.ANONYMOUS\Desktop\TDSSKiller.exe
[2012/02/19 17:27:01 | 000,057,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\redbook.sys
[2012/02/19 14:32:00 | 000,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip.sys
[2012/02/19 09:27:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\CDisplayEx
[2012/02/15 22:10:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\CDisplayEx
[2012/02/15 22:10:50 | 000,000,000 | ---D | C] -- C:\Program Files\CDisplayEx
[2012/02/09 22:36:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/29 22:29:52 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.ANONYMOUS\Desktop\OTL.exe
[2012/02/29 22:27:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/29 22:22:10 | 000,000,241 | -H-- | M] () -- C:\boot.ini
[2012/02/29 22:20:53 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/29 22:20:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/27 19:08:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/27 19:01:46 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Owner.ANONYMOUS\Desktop\hu76wzgi.exe
[2012/02/27 19:00:01 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner.ANONYMOUS\Desktop\dds.scr
[2012/02/27 18:58:51 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Owner.ANONYMOUS\defogger_reenable
[2012/02/27 18:58:09 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Owner.ANONYMOUS\Desktop\Defogger.exe
[2012/02/27 18:10:18 | 000,079,623 | ---- | M] () -- C:\Documents and Settings\Owner.ANONYMOUS\Desktop\Junction.zip
[2012/02/27 18:10:11 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\Owner.ANONYMOUS\Desktop\Win32kDiag.exe
[2012/02/26 18:29:41 | 002,044,183 | ---- | M] () -- C:\Documents and Settings\Owner.ANONYMOUS\Desktop\tdsskiller.zip
[2012/02/26 17:26:53 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Owner.job
[2012/02/26 16:53:40 | 004,420,481 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner.ANONYMOUS\Desktop\ComboFix.exe
[2012/02/26 16:53:40 | 004,420,481 | ---- | M] (Swearware) -- C:\ComboFix.ex
[2012/02/26 16:52:18 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/26 16:12:38 | 000,122,168 | ---- | M] (SuperAdBlocker.com) -- C:\Documents and Settings\Owner.ANONYMOUS\Desktop\BootSafe.exe
[2012/02/26 15:48:03 | 000,462,446 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/26 15:48:03 | 000,075,832 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/26 15:46:50 | 000,734,764 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0502000.00D\Cat.DB
[2012/02/26 15:17:26 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/02/22 16:55:20 | 002,062,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner.ANONYMOUS\Desktop\TDSSKiller.exe
[2012/02/19 12:28:57 | 000,001,962 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Constant Guard.lnk
[2012/02/19 12:28:57 | 000,001,950 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Constant Guard.lnk
[2012/02/19 09:26:46 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro36.sys
[2012/02/18 16:40:59 | 000,096,768 | ---- | M] () -- C:\Documents and Settings\Owner.ANONYMOUS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/18 16:09:57 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/18 15:53:02 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/02/15 22:10:53 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Microsoft\Internet Explorer\Quick Launch\CDisplayEx.lnk
[2012/02/15 22:10:53 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Owner.ANONYMOUS\Desktop\CDisplayEx.lnk
[2012/02/13 14:48:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/02/09 22:38:02 | 000,002,021 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Norton Security Suite.LNK
[2012/02/02 16:51:07 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0502000.00D\isolate.ini
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/29 22:22:10 | 000,000,223 | -H-- | C] () -- C:\boot.ini.SAB
[2012/02/27 19:02:13 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Owner.ANONYMOUS\Desktop\hu76wzgi.exe
[2012/02/27 19:00:18 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Owner.ANONYMOUS\Desktop\Defogger.exe
[2012/02/27 18:58:42 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Owner.ANONYMOUS\defogger_reenable
[2012/02/27 18:10:18 | 000,079,623 | ---- | C] () -- C:\Documents and Settings\Owner.ANONYMOUS\Desktop\Junction.zip
[2012/02/27 18:10:11 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\Owner.ANONYMOUS\Desktop\Win32kDiag.exe
[2012/02/26 18:29:35 | 002,044,183 | ---- | C] () -- C:\Documents and Settings\Owner.ANONYMOUS\Desktop\tdsskiller.zip
[2012/02/26 15:46:16 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/26 15:46:16 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/19 12:28:57 | 000,001,962 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Constant Guard.lnk
[2012/02/19 12:28:57 | 000,001,956 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Constant Guard.lnk
[2012/02/19 12:28:57 | 000,001,950 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Constant Guard.lnk
[2012/02/18 16:54:58 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/02/15 22:10:53 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Microsoft\Internet Explorer\Quick Launch\CDisplayEx.lnk
[2012/02/15 22:10:52 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Owner.ANONYMOUS\Desktop\CDisplayEx.lnk
[2012/01/11 22:18:30 | 000,015,076 | -HS- | C] () -- C:\Documents and Settings\Owner.ANONYMOUS\Local Settings\Application Data\gfy7j1h4inpa
[2012/01/11 22:18:30 | 000,015,076 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\gfy7j1h4inpa
[2012/01/11 19:59:38 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdevs.dll
[2012/01/11 19:59:32 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdecoin.dll
[2012/01/11 19:59:12 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdedrs.dll
[2012/01/11 19:59:12 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdecnv4.dll
[2012/01/11 19:59:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdecaps.dll
[2012/01/11 19:58:32 | 001,200,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdeserv.dll
[2012/01/11 19:58:32 | 000,950,272 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdeusb1.dll
[2012/01/11 19:58:32 | 000,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdecomc.dll
[2012/01/11 19:58:32 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdehbn3.dll
[2012/01/11 19:58:32 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdepmui.dll
[2012/01/11 19:58:32 | 000,598,960 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdecoms.exe
[2012/01/11 19:58:32 | 000,565,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdelmpm.dll
[2012/01/11 19:58:32 | 000,434,176 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdehcp.dll
[2012/01/11 19:58:32 | 000,365,488 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdecfg.exe
[2012/01/11 19:58:32 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdecomm.dll
[2012/01/11 19:58:32 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdeinpa.dll
[2012/01/11 19:58:32 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdeinst.dll
[2012/01/11 19:58:32 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdeiesc.dll
[2012/01/11 19:58:32 | 000,320,432 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdeih.exe
[2012/01/11 19:58:32 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdegrd.dll
[2012/01/11 19:58:32 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdeprox.dll
[2012/01/11 19:43:57 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro36.sys
[2012/01/09 20:28:05 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/09 20:28:05 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/09 20:28:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/09 20:28:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/09 20:28:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/15 08:43:15 | 000,014,040 | ---- | C] () -- C:\WINDOWS\System32\CiFilter.ini
[2011/10/15 08:43:15 | 000,005,288 | ---- | C] () -- C:\WINDOWS\xFi_MiddleLayerKey32.ini
[2011/05/12 13:31:32 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Owner.ANONYMOUS\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/11/28 02:03:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/14 15:57:37 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2010/06/28 18:32:49 | 000,038,772 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/27 10:43:21 | 000,096,768 | ---- | C] () -- C:\Documents and Settings\Owner.ANONYMOUS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/26 23:02:07 | 000,217,180 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/06/26 23:02:04 | 000,217,180 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/06/26 23:02:04 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/06/26 17:04:42 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/26 16:57:23 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2010/06/26 16:56:40 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/06/26 16:56:40 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/06/26 16:56:39 | 002,378,752 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2010/06/26 16:56:38 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/06/26 16:56:38 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/06/26 16:56:37 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010/06/26 16:56:34 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/06/26 16:48:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/06/26 16:44:17 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/06/26 16:43:13 | 000,052,836 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2010/06/26 16:43:07 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\libpng13.dll
[2010/06/26 16:43:06 | 000,394,752 | ---- | C] () -- C:\WINDOWS\System32\cygwinb19.dll
[2010/06/26 11:30:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/26 11:26:23 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/06/26 11:26:07 | 000,188,200 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Custom Scans ==========


< c:\windows\*. /SL >

< c:\windows\*. /RP >

< %ALLUSERSPROFILE%\Application Data\*. >
[2011/06/19 20:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
[2010/06/27 11:47:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
[2010/06/26 23:23:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
[2011/10/15 08:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Creative
[2011/12/18 13:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DivX
[2012/01/11 19:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\HitmanPro
[2011/10/15 10:19:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\IsolatedStorage
[2010/06/26 23:20:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2011/08/11 19:08:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
[2011/10/15 10:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton
[2011/01/18 15:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NortonInstaller
[2012/01/11 20:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NVIDIA
[2010/06/26 19:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NVIDIA Corporation
[2011/05/29 19:54:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Real
[2010/06/26 16:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
[2012/01/12 17:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
[2010/07/09 09:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
[2011/10/15 10:17:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\White Sky, Inc
[2010/06/26 16:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage
[2010/06/26 23:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009/02/04 13:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DifXInstall32.exe
[2012/01/03 02:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe\ARM\Reader_10.1.1\24073\AcrobatUpdater.exe
[2012/01/03 02:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe\ARM\Reader_10.1.1\24073\AdobeARM.exe
[2012/01/03 02:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe\ARM\Reader_10.1.1\24073\AdobeARMHelper.exe
[2012/01/03 02:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe\ARM\Reader_10.1.1\24073\ReaderUpdater.exe
[2011/11/28 19:17:21 | 000,073,584 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\iTunes 10.5.1.42\SetupAdmin.exe
[2010/11/23 20:47:09 | 000,072,488 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\Safari 5.33.19.4\SetupAdmin.exe
[2011/03/14 16:28:33 | 000,072,488 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\Safari 5.33.20.27\SetupAdmin.exe
[2011/04/24 19:45:43 | 000,072,488 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\Safari 5.33.21.1\SetupAdmin.exe
[2011/08/04 20:31:07 | 000,073,584 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\Safari 5.34.50.0\SetupAdmin.exe
[2011/10/17 18:10:28 | 000,073,584 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\Safari 5.34.51.22\SetupAdmin.exe
[2010/06/27 17:19:32 | 000,056,969 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DivX\ASPEncoder\Uninstaller.exe
[2011/10/23 22:01:31 | 000,057,591 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DivX\ControlPanel\Uninstaller.exe
[2010/06/27 17:19:49 | 000,054,128 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DivX\Converter\Uninstaller.exe
[2011/12/18 13:29:23 | 000,063,144 | ---- | M] (DivX, LLC) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DivX\DesktopService\Uninstaller.exe
[2011/12/18 13:29:22 | 000,062,857 | ---- | M] (DivX, LLC) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DivX\DFXPlugin\Uninstaller.exe
[2010/06/27 17:19:52 | 000,056,458 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
[2011/12/18 13:29:59 | 000,064,957 | ---- | M] (DivX, LLC) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
[2011/10/23 22:01:32 | 000,062,879 | ---- | M] (DivX, LLC) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DivX\DSAACDecoder\Uninstaller.exe
[2011/10/23 22:01:33 | 000,057,275 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DivX\DSASPDecoder\Uninstaller.exe
[2010/06/27 17:19:54 | 000,054,166 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
[2011/10/23 22:01:35 | 000,057,037 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
[2010/06/27 17:19:44 | 000,054,101 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
[2011/10/23 22:01:29 | 000,061,667 | ---- | M] (DivX, LLC) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
[2011/10/23 22:01:30 | 000,063,228 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DivX\OVSHelper\Uninstaller.exe
[2011/12/18 13:29:52 | 000,065,896 | ---- | M] (DivX, LLC) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DivX\Player\Uninstaller.exe
[2010/06/27 17:19:36 | 000,054,073 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DivX\Qt4.5\Uninstaller.exe
[2010/11/14 00:23:56 | 000,144,696 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
[2011/12/18 13:27:46 | 000,927,072 | ---- | M] (DivX, LLC) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DivX\Setup\DivXSetup.exe
[2011/12/18 13:35:19 | 000,305,024 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DivX\Setup\RunAsUser\RUNASUSERPROCESS.exe
[2010/06/27 17:19:48 | 000,054,644 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DivX\TranscodeEngine\Uninstaller.exe
[2011/12/18 13:29:27 | 000,092,231 | ---- | M] (DivX, LLC) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DivX\TransferWizard\Uninstaller.exe
[2011/10/23 22:01:57 | 000,061,792 | ---- | M] (DivX, LLC) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DivX\Update\Uninstaller.exe
[2011/12/18 13:29:57 | 000,066,441 | ---- | M] (DivX, LLC) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DivX\WebPlayer\Uninstaller.exe
[2012/02/16 11:36:22 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
[2011/04/05 13:19:16 | 002,692,024 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\NUA.exe

< %APPDATA%\*. >
[2012/01/09 20:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Adobe
[2011/12/28 23:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Apple Computer
[2012/02/19 09:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\BitTorrent
[2011/10/15 14:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\CallingID
[2012/02/19 09:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\CDisplayEx
[2011/10/15 10:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\comcasttb
[2012/01/21 02:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\DDMSettings
[2010/06/28 17:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\DivX
[2012/01/09 21:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\ElevatedDiagnostics
[2011/08/10 20:49:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\FileZilla
[2010/06/26 16:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Foxit
[2010/06/27 11:23:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Google
[2012/02/19 12:29:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\ID Vault
[2010/06/27 14:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Identities
[2011/10/15 08:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\InstallShield
[2011/11/23 20:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Lexmark Productivity Studio
[2011/04/16 07:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Macromedia
[2010/06/26 23:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Malwarebytes
[2011/10/15 10:19:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Microsoft
[2010/11/28 02:03:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Mozilla
[2010/06/27 20:35:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\OpenOffice.org
[2012/01/08 23:29:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Real
[2010/08/15 16:48:06 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\SecuROM
[2010/08/04 17:35:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Shareaza
[2010/06/26 16:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Sun
[2012/01/12 17:33:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\SUPERAntiSpyware.com
[2011/08/11 19:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Thunderbird
[2011/01/01 22:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\vShare
[2012/02/26 18:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Winamp
[2010/11/28 01:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Windows Search

< %APPDATA%\*.exe /s >
[2010/11/22 18:34:46 | 005,146,416 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connectaddin.exe
[2010/06/26 16:56:05 | 000,025,214 | R--- | M] () -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Microsoft\Installer\{8D166051-2C3B-4BF3-A68D-B11D45F3E1B6}\_6FEFF9B68218417F98F549.exe
[2011/08/13 10:36:12 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Microsoft\Installer\{A93762E6-8EA6-4E7F-9557-64E51AA3AB84}\ARPPRODUCTICON.exe
[2012/01/02 12:17:05 | 000,315,512 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Real\Update\UpgradeHelper\RealPlayer\9.01\rnupgagent.exe
[2012/01/02 23:40:53 | 026,927,552 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Real\Update\UpgradeHelper\RealPlayer\9.01\stub_data\RealPlayer.exe
[2012/01/02 23:31:17 | 000,713,472 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Owner.ANONYMOUS\Application Data\Real\Update\UpgradeHelper\RealPlayer\9.01\stub_exe\RealPlayer.exe

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2010/06/26 11:25:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010/06/26 11:25:10 | 001,073,152 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010/06/26 11:25:10 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2012/02/26 16:38:38 | 000,138,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\afd.sys
[2012/02/19 09:26:46 | 000,023,624 | ---- | M] () -- C:\WINDOWS\system32\drivers\hitmanpro36.sys
[2012/02/26 15:31:22 | 000,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipsec.sys
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2012/02/19 20:05:36 | 000,057,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\redbook.sys
[2012/01/11 19:51:17 | 000,309,320 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\system32\drivers\TrufosAlt.sys
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]

========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Owner.ANONYMOUS\My Documents\Shareaza Downloads:Shareaza.GUID

< End of report >

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-29 22:36:53
-----------------------------
22:36:53.078 OS Version: Windows 5.1.2600 Service Pack 3
22:36:53.078 Number of processors: 2 586 0x6B02
22:36:53.078 ComputerName: ANONYMOUS UserName: Owner
22:36:53.718 Initialize success
22:37:06.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5
22:37:06.531 Disk 0 Vendor: WDC_WD3200AAKS-00UU3A0 01.03B01 Size: 305245MB BusType: 3
22:37:06.578 Disk 0 MBR read successfully
22:37:06.593 Disk 0 MBR scan
22:37:06.625 Disk 0 Windows XP default MBR code
22:37:06.640 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 159998 MB offset 63
22:37:06.671 Disk 0 Partition - 00 0F Extended LBA 145236 MB offset 327677805
22:37:06.734 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 145236 MB offset 327677868
22:37:06.765 Disk 0 scanning sectors +625121280
22:37:06.875 Disk 0 scanning C:\WINDOWS\system32\drivers
22:37:14.203 Service scanning
22:37:30.687 Modules scanning
22:37:44.656 Disk 0 trace - called modules:
22:37:44.750 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
22:37:44.781 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a764ab8]
22:37:45.093 3 CLASSPNP.SYS[f7647fd7] -> nt!IofCallDriver -> \Device\00000074[0x8a7514e8]
22:37:45.406 5 ACPI.sys[f786f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-5[0x8a750d98]
22:37:45.718 Scan finished successfully
22:39:11.875 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner.ANONYMOUS\Desktop\MBR.dat"
22:39:11.921 The log file has been saved successfully to "C:\Documents and Settings\Owner.ANONYMOUS\Desktop\aswMBR.txt"

ListParts by Farbar Version: 29-02-2012
Ran by Owner (administrator) on 29-02-2012 at 22:40:22
Windows XP (X86)
Running From: C:\Documents and Settings\Owner.ANONYMOUS\Local Settings\Temporary Internet Files\Content.IE5\2FM2JJSX
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 17%
Total physical RAM: 2047.16 MB
Available physical RAM: 1690.84 MB
Total Pagefile: 3942.06 MB
Available Pagefile: 3780.78 MB
Total Virtual: 2047.88 MB
Available Virtual: 2000.05 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:156.25 GB) (Free:124.66 GB) NTFS ==>[Drive with boot components (Windows XP)]
2 Drive d: () (Fixed) (Total:141.83 GB) (Free:103.3 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 156 GB 32 KB
Partition 2 Extended 142 GB 156 GB
Partition 3 Logical 142 GB 156 GB
======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C NTFS Partition 156 GB Healthy System (partition with boot components)
======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D NTFS Partition 142 GB Healthy
======================================================================================================

****** End Of Log ******





#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:04:03 AM

Posted 29 February 2012 - 11:41 PM

Did you run OTL in safe mode? Why?

Please delete the copy of Combofix that you have and then download and run a new copy.


Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.

Link 1
Link 2

  • It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.

  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.

Posted Image


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:

  • Leave your computer alone while ComboFix is running.
  • ComboFix will restart your computer if malware is found; allow it to do so.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Please do not mouseclick combofix's window while its running because it may call it to stall.
  • ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 farrah7031

farrah7031
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 01 March 2012 - 09:02 PM

It won't let me copy and paste so I've attached it.
Attached File  ComboFix.txt   188.61KB   3 downloads



#6 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:04:03 AM

Posted 01 March 2012 - 11:58 PM

We need to execute a ComboFix script.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy-paste the text in the code box below into it:

File::
c:\windows\system32\drivers\dymhuc.sys
c:\windows\system32\drivers\25786353.sys
C:\Documents and Settings\Owner.ANONYMOUS\Local Settings\Application Data\gfy7j1h4inpa
C:\Documents and Settings\All Users.WINDOWS\Application Data\gfy7j1h4inpa

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-
"FirewallOverride"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"=-

Driver::
68781906
78491750
88291404
qqjo
84918203

ClearJavaCache::


4. Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

5. Refering to the picture above, drag CFScript into ComboFix.exe

6. When finished, it shall produce a log for you which I will require in your next reply.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#7 farrah7031

farrah7031
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 02 March 2012 - 06:33 PM

ComboFix 12-03-01.02 - Owner 03/02/2012 18:22:16.4.2 - x86 NETWORK
Running from: c:\documents and settings\Owner.ANONYMOUS\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner.ANONYMOUS\Desktop\CFScript.txt
.
FILE ::
"c:\documents and settings\All Users.WINDOWS\Application Data\gfy7j1h4inpa"
"c:\documents and settings\Owner.ANONYMOUS\Local Settings\Application Data\gfy7j1h4inpa"
"c:\windows\system32\drivers\25786353.sys"
"c:\windows\system32\drivers\dymhuc.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.WINDOWS\Application Data\gfy7j1h4inpa
c:\documents and settings\Owner.ANONYMOUS\Local Settings\Application Data\gfy7j1h4inpa
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_68781906
-------\Legacy_78491750
-------\Legacy_88291404
-------\Service_68781906
-------\Service_78491750
-------\Service_84918203
-------\Service_88291404
-------\Service_qqjo
.
.
((((((((((((((((((((((((( Files Created from 2012-02-02 to 2012-03-02 )))))))))))))))))))))))))))))))
.
.
2012-03-02 02:05 . 2012-03-02 02:05 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-26 20:48 . 2012-02-26 20:48 549840 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-02-26 20:46 . 2012-02-26 20:46 -------- d-----w- C:\d4fbdb8576bf9246aab08d722c
2012-02-26 20:46 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-26 20:46 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-02-20 01:48 . 2012-02-26 21:38 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-20 01:04 . 2012-02-20 01:04 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-19 22:27 . 2012-02-20 01:05 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-02-19 22:27 . 2008-04-14 04:10 57600 ----a-w- c:\windows\system32\dllcache\redbook.sys
2012-02-19 19:32 . 2008-06-20 11:59 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-02-19 19:32 . 2008-06-20 11:59 361600 ----a-w- c:\windows\system32\dllcache\tcpip.sys
2012-02-19 17:29 . 2012-02-15 22:08 91720 ----a-w- c:\program files\Mozilla Firefox\IdVaultCore.XmlSerializers.dll
2012-02-19 17:29 . 2012-02-15 22:08 1644616 ----a-w- c:\program files\Mozilla Firefox\IdVaultCore.dll
2012-02-19 17:29 . 2012-02-15 22:08 136264 ----a-w- c:\program files\Mozilla Firefox\CommonDotNET.dll
2012-02-19 17:29 . 2012-02-15 21:26 8007680 ----a-w- c:\program files\Mozilla Firefox\Microsoft.mshtml.dll
2012-02-19 14:27 . 2012-02-19 14:27 -------- d-----w- c:\documents and settings\Owner.ANONYMOUS\Application Data\CDisplayEx
2012-02-18 21:54 . 2012-02-26 20:17 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-16 03:10 . 2012-02-16 03:10 -------- d-----w- c:\program files\CDisplayEx
2012-02-07 22:35 . 2012-02-10 03:36 -------- d-----w- c:\windows\system32\drivers\N360\0502000.00D
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-26 20:31 . 2008-04-14 11:00 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-02-19 14:26 . 2012-01-12 00:43 23624 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-02-18 20:53 . 2011-06-08 00:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 00:51 . 2012-01-12 00:51 309320 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-01-09 04:30 . 2010-06-26 21:43 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-12-10 20:24 . 2010-06-27 04:20 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2012-03-02_01.55.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-26 21:47 . 2012-03-02 02:28 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2010-06-26 21:47 . 2012-02-18 21:54 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-06-26 21:47 . 2012-03-02 02:28 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-06-26 21:47 . 2012-02-18 21:54 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-03-02 02:28 . 2012-03-02 02:28 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2012-02-18 21:57 . 2012-02-18 21:54 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-03-02 02:28 . 2012-03-02 03:47 262144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-02-10 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-06-03 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-06-07 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-06-07 13902440]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-14 18702336]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"lxdemon.exe"="c:\program files\Lexmark 4800 Series\lxdemon.exe" [2010-02-15 455336]
"lxdeamon"="c:\program files\Lexmark 4800 Series\lxdeamon.exe" [2010-02-15 25256]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2011-10-24 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2010-02-11 128512]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files\Constant Guard Protection Suite\IDVault.exe [2012-2-15 4720200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 18 (0x12)
"NoSMConfigurePrograms"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-11-15 09:42 33120 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-06 06:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 11:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ComcastAntispyClient]
2009-08-19 17:25 1589208 ----a-w- c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncService]
2009-07-08 19:32 1233195 ------w- c:\program files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 11:00 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-13 05:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdeamon]
2010-02-15 18:58 25256 ----a-w- c:\program files\Lexmark 4800 Series\lxdeamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdemon.exe]
2010-02-15 18:58 455336 ----a-w- c:\program files\Lexmark 4800 Series\lxdemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 11:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 11:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime Alternative\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\lxdecoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdepswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdejswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdetime.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Lexmark 4800 Series\\frun.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdewbgw.exe"=
"c:\\Program Files\\Lexmark 4800 Series\\lxdemon.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502000.00D\symds.sys [2/7/2012 5:35 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502000.00D\symefa.sys [2/7/2012 5:35 PM 744568]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/14/2010 3:27 PM 691696]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120215.001\BHDrvx86.sys [2/15/2012 8:06 PM 820344]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [2/10/2010 11:01 PM 9472]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502000.00D\ironx86.sys [2/7/2012 5:35 PM 136312]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/27/2010 11:21 AM 136176]
S2 IDVaultSvc;CGPS Service;c:\program files\Constant Guard Protection Suite\IDVaultSvc.exe [2/15/2012 4:26 PM 65096]
S2 lxde_device;lxde_device;c:\windows\system32\lxdecoms.exe -service --> c:\windows\system32\lxdecoms.exe -service [?]
S2 lxdeCATSCustConnectService;lxdeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdeserv.exe [1/11/2012 7:59 PM 99248]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/26/2010 11:20 PM 652360]
S2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.2.0.13\ccsvchst.exe [2/7/2012 5:35 PM 130008]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/26/2010 10:55 PM 1684736]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [10/15/2011 8:43 AM 79360]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/9/2012 7:51 PM 106104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/27/2010 11:21 AM 136176]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120217.003\IDSXpx86.sys [2/17/2012 11:25 PM 356280]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/26/2010 11:20 PM 20464]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [3/1/2012 9:05 PM 40776]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [10/15/2011 8:43 AM 79360]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2/10/2010 10:58 PM 14848]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
S4 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [6/17/2009 12:49 PM 616408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
UPHClean REG_MULTI_SZ UPHClean
WINRM REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
EU3_USB
mbackmonitor
websenseuserservice
BUFADPT
purendis
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-27 16:21]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-27 16:21]
.
2012-02-26 c:\windows\Tasks\Norton Security Scan for Owner.job
- c:\progra~1\NORTON~3\Engine\301~1.8\Nss.exe [2011-01-18 04:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
FF - ProfilePath - c:\documents and settings\Owner.ANONYMOUS\Application Data\Mozilla\Firefox\Profiles\te78xe6u.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Symantec Intrusion Prevention: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_5_2
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: vShare: vshareus@toolbar - %profile%\extensions\vshareus@toolbar
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-02 18:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(616)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(1104)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2012-03-02 18:32:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-02 23:32
ComboFix2.txt 2012-03-02 01:57
ComboFix3.txt 2012-01-10 02:00
.
Pre-Run: 134,713,118,720 bytes free
Post-Run: 134,751,354,880 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer /safeboot:network
.
- - End Of File - - 319B30933701C0BCDEA3E2926BE65A56

#8 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:04:03 AM

Posted 02 March 2012 - 09:30 PM

Please tell me how's the computer running after doing the instructions below.


:step1: Please run Malwarebytes Anti-Malware. Go to update tab and download all updates and then perform a "Quick Scan".
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



:step2: ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, but make sure you copy the logfile first.
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#9 farrah7031

farrah7031
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 02 March 2012 - 09:33 PM

Is it OK to run these in safe mode? I can't connect to the internet in normal mode.

#10 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:04:03 AM

Posted 02 March 2012 - 09:39 PM

OK thanks for letting me know. Please disregard the above instructions and let first fix the internet issue.


Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#11 farrah7031

farrah7031
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 02 March 2012 - 09:46 PM

Farbar Service Scanner Version: 01-03-2012
Ran by Owner (administrator) on 02-03-2012 at 21:44:49
Running from "C:\Documents and Settings\Owner.ANONYMOUS\Local Settings\Temporary Internet Files\Content.IE5\9S404WQB"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Nerwork
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2010-02-10 22:55] - [2010-02-10 22:55] - 0126976 ____A (Microsoft Corporation) C51DE19619D50CBD03708647ACA10E70

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll
[2010-02-10 22:55] - [2010-02-10 22:55] - 0045568 ____A (Microsoft Corporation) FE120AC2244572B2FA4023B7270E956E

C:\WINDOWS\system32\ipnathlp.dll
[2010-02-10 22:56] - [2010-02-10 22:56] - 0330752 ____A (Microsoft Corporation) 4F10A2FA76B5BD54CD68AFA94E8ADB39

C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll
[2012-01-11 19:26] - [2004-08-04 00:56] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2010-06-26 16:45] - [2010-02-10 22:59] - 0022744 ____A (Microsoft Corporation) 02E4055488047729B333F99D93877038

C:\WINDOWS\system32\qmgr.dll
[2010-06-26 16:45] - [2010-02-10 22:57] - 0408576 ____A (Microsoft Corporation) F13D1AA04F1F02399EB87F011584B7C0

C:\WINDOWS\system32\es.dll
[2010-02-10 22:55] - [2010-02-10 22:55] - 0253952 ____A (Microsoft Corporation) F17F6226BDC0CD5F0BEF0DAF84D29BEC

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe
[2010-02-10 22:58] - [2010-02-10 22:58] - 0014848 ____A (Microsoft Corporation) 67E38B4A549833E02D4D1617B5DBC318

C:\WINDOWS\system32\rpcss.dll
[2010-02-10 22:57] - [2010-02-10 22:57] - 0401408 ____A (Microsoft Corporation) 9222562D44021B988B9F9F62207FB6F2

C:\WINDOWS\system32\services.exe
[2010-02-10 22:57] - [2010-02-10 22:57] - 0110592 ____A (Microsoft Corporation) 020CEAAEDC8EB655B6506B8C70D53BB6


Extra List:
=======
Gpc(6) IPSec(4) irda(9) NetBT(5) PSched(7) SYMTDI(8) Tcpip(3)
0x09000000040000000100000002000000030000000800000005000000060000000700000009000000
IpSec Tag value is correct.

**** End of log ****



Sorry, did you want me to run that in safe mode or run it in normal mode?

#12 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:04:03 AM

Posted 02 March 2012 - 09:52 PM

No it's OK, can you please double check that you can't access the internet in normal mode.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#13 farrah7031

farrah7031
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 02 March 2012 - 10:05 PM

I can now get to the internet in normal mode - but only with firefox. I'm resetting all IE settings to see if I can eventually get in that way also.

#14 farrah7031

farrah7031
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 02 March 2012 - 10:22 PM

In normal mode I am unable to do the following: Reset IE settings, launch malwarebytes, launch task manager, get into network connections. I can only right click the Norton Security Suite once to disable the anti-virus, it will not allow me to right click it again after that.

#15 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:04:03 AM

Posted 02 March 2012 - 10:37 PM

OK, please proceed with the MBAM scan and then use Firefox to run a scan with ESET. Post the resulting log afterward. Thanks.

Edited by sempai, 02 March 2012 - 10:38 PM.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users