TechSpot

Firefox and Google keep redirecting

Solved
By EM0
Feb 18, 2012
  1. Thanks for helping!

    Here are the logs you requested.

    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.18.02

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Owner :: 0X10K0D30X1X1X0 [administrator]

    Protection: Enabled

    2/17/2012 9:43:12 PM
    mbam-log-2012-02-17 (21-43-12).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 234849
    Time elapsed: 21 minute(s), 5 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 1
    C:\Users\Owner\AppData\Roaming\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.

    Files Detected: 0
    (No malicious items detected)

    (end)
    =============================

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-02-18 08:56:13
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000019 ST336032 rev.3.CH
    Running: gmer.exe; Driver: C:\Users\Owner\AppData\Local\Temp\awlorkob.sys


    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\system32\svchost.exe[836] kernel32.dll!WriteFile 75CFABE1 5 Bytes JMP 000C000C
    .text C:\Windows\system32\svchost.exe[836] USER32.dll!WindowFromPoint 76C4884F 5 Bytes JMP 00F1000A
    .text C:\Windows\system32\svchost.exe[836] USER32.dll!GetForegroundWindow 76C532C4 5 Bytes JMP 0112000A
    .text C:\Windows\system32\svchost.exe[836] USER32.dll!GetCursorPos 76C60B88 5 Bytes JMP 009F000A
    .text C:\Windows\system32\svchost.exe[836] ole32.dll!CoCreateInstance 76DF9F3E 5 Bytes JMP 002D000A

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 MBR read error
    Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

    ---- EOF - GMER 1.0.15 ----

    =========================

    .
    DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
    Internet Explorer: 9.0.8112.16421
    Run by Owner at 8:56:37 on 2012-02-18
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.2038 [GMT -5:00]
    .
    AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\Explorer.EXE
    C:\Users\Owner\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.7.0.13\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.7.0.13\ips\IPSBHO.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.7.0.13\coIEPlg.dll
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    mRun: [KBD] c:\hp\kbd\KbdStub.EXE
    mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
    mRun: [<NO NAME>]
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [V0510Mon.exe] c:\windows\V0510Mon.exe
    mRun: [c:\windows\system32\v0510ext.ax] c:\windows\system32\regsvr32.exe /s c:\windows\system32\V0510Ext.ax
    mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    StartupFolder: c:\users\owner\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish picture mover\SnapfishMediaDetector.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    LSP: c:\windows\system32\wpclsp.dll
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
    DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
    TCP: Interfaces\{10D287B8-8D6C-48E8-830C-DAED1AAFD3E8} : DhcpNameServer = 65.32.5.111 65.32.5.112
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\8gcasubu.default\
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
    FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
    FF - plugin: c:\users\owner\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\users\owner\appdata\roaming\facebook\npfbplugin_1_0_1.dll
    FF - plugin: c:\users\owner\appdata\roaming\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\users\owner\appdata\roaming\mozilla\plugins\npicaN.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1207000.00d\symds.sys [2012-1-30 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1207000.00d\symefa.sys [2012-1-30 744568]
    S1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20120215.001\BHDrvx86.sys [2012-2-15 820344]
    S1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20120214.003\IDSvix86.sys [2012-2-14 368248]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1207000.00d\ironx86.sys [2012-1-30 136312]
    S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1207000.00d\symtdiv.sys [2012-1-30 331384]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-16 652360]
    S2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.7.0.13\ccsvchst.exe [2012-1-30 130008]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-7-3 2214504]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-1-7 378984]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-16 20464]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-2-10 122984]
    S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2007-4-19 99200]
    S3 V0510Dev;Rocketfish Webcam VF0510 Driver;c:\windows\system32\drivers\V0510Vid.sys [2009-6-17 254080]
    S3 V0510Vfx;Rocketfish Webcam VF0510 Video VFX Driver;c:\windows\system32\drivers\V0510Vfx.sys [2009-6-17 7424]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-02-17 04:26:36 -------- d-----w- c:\users\owner\appdata\roaming\Auslogics
    2012-02-17 02:12:26 -------- d-----w- c:\users\owner\appdata\roaming\Malwarebytes
    2012-02-17 02:12:20 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-17 02:12:20 -------- d-----w- c:\programdata\Malwarebytes
    2012-02-17 02:12:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-17 00:36:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2012-02-17 00:36:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2012-02-16 03:01:04 139776 ----a-w- c:\programdata\microsoft\windows\drm\4BCF.tmp
    2012-02-08 03:39:56 -------- d-----w- c:\users\owner\appdata\local\BigHugeEngine
    2012-02-08 03:39:53 -------- d-----w- c:\programdata\EA Core
    2012-02-08 03:39:52 -------- d-----w- c:\programdata\EA Logs
    2012-02-08 03:17:14 -------- d--h--w- c:\program files\common files\EAInstaller
    2012-02-08 02:53:12 -------- d-----w- c:\program files\Origin Games
    2012-02-08 02:44:51 -------- d-----w- c:\users\owner\appdata\roaming\Origin
    2012-02-08 02:44:49 -------- d-----w- c:\users\owner\appdata\local\Origin
    2012-02-08 02:43:20 -------- d-----w- c:\programdata\Origin
    2012-02-08 02:43:20 -------- d-----w- c:\programdata\Electronic Arts
    2012-02-04 21:18:42 -------- d-----w- c:\users\owner\appdata\local\THQ
    2012-02-04 14:45:09 -------- d-----w- c:\users\owner\appdata\roaming\DarknessIIDemo
    2012-01-31 03:17:00 331384 ----a-w- c:\windows\system32\drivers\nis\1207000.00d\symtdiv.sys
    2012-01-31 03:16:59 744568 ----a-w- c:\windows\system32\drivers\nis\1207000.00d\symefa.sys
    2012-01-31 03:16:59 516216 ----a-w- c:\windows\system32\drivers\nis\1207000.00d\srtsp.sys
    2012-01-31 03:16:59 50168 ----a-w- c:\windows\system32\drivers\nis\1207000.00d\srtspx.sys
    2012-01-31 03:16:59 340088 ----a-w- c:\windows\system32\drivers\nis\1207000.00d\symds.sys
    2012-01-31 03:16:59 299640 ----a-w- c:\windows\system32\drivers\nis\1207000.00d\symnets.sys
    2012-01-31 03:16:59 136312 ----a-w- c:\windows\system32\drivers\nis\1207000.00d\ironx86.sys
    2012-01-31 03:16:46 -------- d-----w- c:\windows\system32\drivers\nis\1207000.00D
    2012-01-30 00:16:00 -------- d-----w- c:\users\owner\appdata\local\Mozilla
    2012-01-25 00:25:19 -------- d-----w- c:\program files\iPod
    2012-01-25 00:25:16 -------- d-----w- c:\program files\iTunes
    .
    ==================== Find3M ====================
    .
    2012-01-30 00:18:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
    2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
    2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-11-25 15:59:48 376320 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.0.6002 Disk: ST336032 rev.3.CH -> Harddisk0\DR0 ->
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8741249F]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x87419738]; MOV EAX, [0x874198ac]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x82E5A912] -> \Device\Harddisk0\DR0[0x87021030]
    3 CLASSPNP[0x807348B3] -> ntkrnlpa!IofCallDriver[0x82E5A912] -> [0x866136C0]
    5 acpi[0x806116BC] -> ntkrnlpa!IofCallDriver[0x82E5A912] -> [0x86613C90]
    \Driver\nvstor32[0x873AE300] -> IRP_MJ_CREATE -> 0x8741249F
    kernel: MBR read successfully
    _asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5d; }
    detected disk devices:
    \Device\0000005c -> \??\SCSI#Disk&Ven_ST336032&Prod_0AS#4&121cf98f&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !
    .
    ============= FINISH: 8:57:13.63 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/7/2008 7:50:39 PM
    System Uptime: 2/17/2012 11:30:11 PM (9 hours ago)
    .
    Motherboard: ECS | | Nettle3
    Processor: AMD Phenom(tm) 9500 Quad-Core Processor | Socket AM2 | 2210/201mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 326 GiB total, 53.501 GiB free.
    D: is FIXED (NTFS) - 9 GiB total, 1.268 GiB free.
    E: is FIXED (NTFS) - 335 GiB total, 89.1 GiB free.
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Acrobat.com
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Linguistics CS3
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Photoshop Lightroom 2.1
    Adobe Reader 9.5.0
    Adobe Setup
    Adobe Shockwave Player 11.5
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    Advanced Video FX Engine
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bonjour
    Cards_Calendar_OrderGift_DoMorePlugout
    Citrix XenApp Web Plugin
    Compatibility Pack for the 2007 Office system
    Coupon Printer for Windows
    Crystal Reports Basic for Visual Studio 2008
    Curse Client
    CyberLink DVD Suite Deluxe
    D3DX10
    DVD Decrypter (Remove Only)
    DVDFab 8.1.3.3 (12/11/2011) Qt Beta
    Enhanced Multimedia Keyboard Solution
    Facebook Plug-In
    Flickr Uploadr 3.2.1
    HandBrake 0.9.5
    Hardware Diagnostic Tools
    Hewlett-Packard Active Check
    Hewlett-Packard Asset Agent for Health Check
    HijackThis 1.99.0
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)
    Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)
    HP Customer Experience Enhancements
    HP Customer Feedback
    HP Easy Setup - Frontend
    HP On-Screen Cap/Num/Scroll Lock Indicator
    HP Photosmart Essential 2.5
    HP Picasso Media Center Add-In
    HP Total Care Advisor
    HP Update
    HPPhotoSmartPhotobookWebPack1
    iCloud
    iPhone Configuration Utility
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 26
    Java(TM) SE Runtime Environment 6 Update 1
    Kingdoms of Amalur: Reckoning
    Kingdoms of Amalur: Reckoning Demo
    LabelPrint
    LightScribe System Software 1.10.23.1
    LightScribeTemplateLabeler
    Luminance HDR 2.1.0
    Malwarebytes Anti-Malware version 1.60.1.1000
    MetaFrame Presentation Server Web Client for Win32
    Microsoft .NET Compact Framework 2.0 SP2
    Microsoft .NET Compact Framework 3.5
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft Device Emulator version 3.0 - ENU
    Microsoft Document Explorer 2008
    Microsoft Expression Blend 3
    Microsoft Expression Blend 3 SDK
    Microsoft Expression Blend 4
    Microsoft Expression Blend SDK for .NET 4
    Microsoft Expression Blend SDK for Silverlight 4
    Microsoft Expression Design 3
    Microsoft Expression Design 4
    Microsoft Expression Encoder 3
    Microsoft Expression Encoder 4
    Microsoft Expression Encoder 4 Screen Capture Codec
    Microsoft Expression Studio 3
    Microsoft Expression Studio 4
    Microsoft Expression Web 3
    Microsoft Expression Web 3 SP1
    Microsoft Expression Web 4
    Microsoft Expression Web 4 Service Pack 2
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 60 day trial
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional Edition 2003
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
    Microsoft Office Visual Web Developer 2007
    Microsoft Office Visual Web Developer MUI (English) 2007
    Microsoft Silverlight
    Microsoft Silverlight 3 SDK
    Microsoft Silverlight 4 SDK
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server Compact 3.5 Design Tools ENU
    Microsoft SQL Server Compact 3.5 ENU
    Microsoft SQL Server Compact 3.5 for Devices ENU
    Microsoft SQL Server Database Publishing Wizard 1.2
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual Studio 2005 Tools for Office Runtime
    Microsoft Visual Studio 2008 Professional Edition - ENU
    Microsoft Visual Studio Web Authoring Component
    Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
    Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
    Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
    Microsoft Windows SDK for Visual Studio 2008 Tools
    Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
    Microsoft Works
    Mobile Broadband Drivers
    MobileMe Control Panel
    Mozilla Firefox 9.0.1 (x86 en-US)
    MSDN Library for Visual Studio 2008 - ENU
    MSVCRT
    muvee autoProducer 6.1
    My HP Games
    Norton Internet Security
    NVIDIA 3D Vision Driver 266.58
    NVIDIA Control Panel 275.33
    NVIDIA Drivers
    NVIDIA Graphics Driver 275.33
    NVIDIA HD Audio Driver 1.1.13.1
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.10.0514
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.3.5
    NVIDIA Update Components
    OGA Notifier 2.0.0048.0
    Origin
    PDF Settings
    PeerGuardian 2.0
    Picasa 3
    Power2Go
    PowerDirector
    PSSWCORE
    Python 2.5
    QuickTime
    Realtek High Definition Audio Driver
    Rocketfish 2MP AF Webcam Driver (1.00.06.00)
    Rocketfish Webcam User's Guide
    Safari
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Segoe UI
    Snapfish Picture Mover
    Soft Data Fax Modem with SmartCP
    Spelling Dictionaries Support For Adobe Reader 9
    Spybot - Search & Destroy 1.3
    Steam
    System Requirements Lab
    TeamSpeak 2 RC2
    Unity Web Player
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221)
    VC Runtimes MSI
    Ventrilo Client
    VideoToolkit01
    Vista Codec Package
    Visual Studio 2005 Tools for Office Second Edition Runtime
    Visual Studio Tools for the Office system 3.0 Runtime
    VZAccess Manager
    WeatherBug Gadget
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Messenger
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Mobile 5.0 SDK R2 for Pocket PC
    Windows Mobile 5.0 SDK R2 for Smartphone
    World of Warcraft
    WPF Toolkit February 2010 (Version 3.5.50211.1)
    Yahoo! Messenger
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/17/2012 9:38:24 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.
    2/17/2012 9:33:55 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
    2/17/2012 11:33:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    2/17/2012 11:33:04 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 DfsC eeCtrl i8042prt IDSVix86 NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr SRTSPX SymIM SymIRON SYMTDIv tdx Wanarpv6 ws2ifsl
    2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
    2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
    2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    2/17/2012 11:32:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    2/17/2012 11:32:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    2/17/2012 11:32:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2/17/2012 11:32:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    2/17/2012 11:31:46 PM, Error: EventLog [6008] - The previous system shutdown at 11:28:10 PM on 2/17/2012 was unexpected.
    2/17/2012 11:15:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    2/17/2012 11:14:52 PM, Error: EventLog [6008] - The previous system shutdown at 11:11:48 PM on 2/17/2012 was unexpected.
    2/16/2012 7:30:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    2/16/2012 7:11:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    2/16/2012 7:09:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
    2/16/2012 7:07:37 PM, Error: EventLog [6008] - The previous system shutdown at 7:02:22 PM on 2/16/2012 was unexpected.
    2/16/2012 7:00:43 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/16/2012 7:00:35 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the NVIDIA Update Service Daemon service to connect.
    2/16/2012 6:58:32 PM, Error: Service Control Manager [7022] - The KtmRm for Distributed Transaction Coordinator service hung on starting.
    2/16/2012 6:53:16 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 i8042prt
    2/14/2012 8:49:43 PM, Error: nvstor32 [5] - A parity error was detected on \Device\RaidPort0.
    2/14/2012 8:19:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    2/14/2012 8:19:05 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
  2. Broni

    Broni Malware Annihilator Posts: 46,492   +252

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================================================

    Any particular reason why DDS was run from safe mode?

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  3. EM0

    EM0 Newcomer, in training Topic Starter

    Thanks for the help on this

    I was in safe mode from the GMER scan which would not run in normal and I also needed to disable devices in safe mode to get it to run.

    Here are the DDS scans again from a regular logon. Below that is the TDSKiller logs.

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by Owner at 18:33:41 on 2012-02-18
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1709 [GMT -5:00]
    .
    AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k apphost
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k iissvcs
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\WINDOWS\RtHDVCpl.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\WINDOWS\V0510Mon.exe
    C:\WINDOWS\System32\wpcumi.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Users\Owner\AppData\Local\Apps\2.0\2X0M414B.TGA\RKB1QPBO.K3G\curs..tion_eee711038731a406_0004.0000_2ad57791d5c42008\CurseClient.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\hp\kbd\kbd.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.7.0.13\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.7.0.13\ips\IPSBHO.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.7.0.13\coIEPlg.dll
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    mRun: [KBD] c:\hp\kbd\KbdStub.EXE
    mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
    mRun: [<NO NAME>]
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [V0510Mon.exe] c:\windows\V0510Mon.exe
    mRun: [c:\windows\system32\v0510ext.ax] c:\windows\system32\regsvr32.exe /s c:\windows\system32\V0510Ext.ax
    mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    StartupFolder: c:\users\owner\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish picture mover\SnapfishMediaDetector.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    LSP: c:\windows\system32\wpclsp.dll
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
    DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
    TCP: Interfaces\{10D287B8-8D6C-48E8-830C-DAED1AAFD3E8} : DhcpNameServer = 65.32.5.111 65.32.5.112
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\8gcasubu.default\
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
    FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
    FF - plugin: c:\users\owner\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\users\owner\appdata\roaming\facebook\npfbplugin_1_0_1.dll
    FF - plugin: c:\users\owner\appdata\roaming\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\users\owner\appdata\roaming\mozilla\plugins\npicaN.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1207000.00d\symds.sys [2012-1-30 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1207000.00d\symefa.sys [2012-1-30 744568]
    R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20120215.001\BHDrvx86.sys [2012-2-15 820344]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20120214.003\IDSvix86.sys [2012-2-14 368248]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1207000.00d\ironx86.sys [2012-1-30 136312]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1207000.00d\symtdiv.sys [2012-1-30 331384]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-16 652360]
    R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.7.0.13\ccsvchst.exe [2012-1-30 130008]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-7-3 2214504]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-1-7 378984]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-16 20464]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-2-10 122984]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2007-4-19 99200]
    S3 V0510Dev;Rocketfish Webcam VF0510 Driver;c:\windows\system32\drivers\V0510Vid.sys [2009-6-17 254080]
    S3 V0510Vfx;Rocketfish Webcam VF0510 Video VFX Driver;c:\windows\system32\drivers\V0510Vfx.sys [2009-6-17 7424]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-02-17 04:26:36 -------- d-----w- c:\users\owner\appdata\roaming\Auslogics
    2012-02-17 02:12:26 -------- d-----w- c:\users\owner\appdata\roaming\Malwarebytes
    2012-02-17 02:12:20 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-17 02:12:20 -------- d-----w- c:\programdata\Malwarebytes
    2012-02-17 02:12:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-17 00:36:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2012-02-17 00:36:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2012-02-16 03:01:04 139776 ----a-w- c:\programdata\microsoft\windows\drm\4BCF.tmp
    2012-02-08 03:39:56 -------- d-----w- c:\users\owner\appdata\local\BigHugeEngine
    2012-02-08 03:39:53 -------- d-----w- c:\programdata\EA Core
    2012-02-08 03:39:52 -------- d-----w- c:\programdata\EA Logs
    2012-02-08 03:17:14 -------- d--h--w- c:\program files\common files\EAInstaller
    2012-02-08 02:53:12 -------- d-----w- c:\program files\Origin Games
    2012-02-08 02:44:51 -------- d-----w- c:\users\owner\appdata\roaming\Origin
    2012-02-08 02:44:49 -------- d-----w- c:\users\owner\appdata\local\Origin
    2012-02-08 02:43:20 -------- d-----w- c:\programdata\Origin
    2012-02-08 02:43:20 -------- d-----w- c:\programdata\Electronic Arts
    2012-02-04 21:18:42 -------- d-----w- c:\users\owner\appdata\local\THQ
    2012-02-04 14:45:09 -------- d-----w- c:\users\owner\appdata\roaming\DarknessIIDemo
    2012-01-31 03:17:00 331384 ----a-w- c:\windows\system32\drivers\nis\1207000.00d\symtdiv.sys
    2012-01-31 03:16:59 744568 ----a-w- c:\windows\system32\drivers\nis\1207000.00d\symefa.sys
    2012-01-31 03:16:59 516216 ----a-w- c:\windows\system32\drivers\nis\1207000.00d\srtsp.sys
    2012-01-31 03:16:59 50168 ----a-w- c:\windows\system32\drivers\nis\1207000.00d\srtspx.sys
    2012-01-31 03:16:59 340088 ----a-w- c:\windows\system32\drivers\nis\1207000.00d\symds.sys
    2012-01-31 03:16:59 299640 ----a-w- c:\windows\system32\drivers\nis\1207000.00d\symnets.sys
    2012-01-31 03:16:59 136312 ----a-w- c:\windows\system32\drivers\nis\1207000.00d\ironx86.sys
    2012-01-31 03:16:46 -------- d-----w- c:\windows\system32\drivers\nis\1207000.00D
    2012-01-30 00:16:00 -------- d-----w- c:\users\owner\appdata\local\Mozilla
    2012-01-25 00:25:19 -------- d-----w- c:\program files\iPod
    2012-01-25 00:25:16 -------- d-----w- c:\program files\iTunes
    .
    ==================== Find3M ====================
    .
    2012-01-30 00:18:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
    2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
    2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-11-25 15:59:48 376320 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.0.6002 Disk: ST336032 rev.3.CH -> Harddisk0\DR0 ->
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8802949F]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x88030738]; MOV EAX, [0x880308ac]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x82E90912] -> \Device\Harddisk0\DR0[0x8759A668]
    3 CLASSPNP[0x807378B3] -> ntkrnlpa!IofCallDriver[0x82E90912] -> [0x857D9660]
    5 acpi[0x806146BC] -> ntkrnlpa!IofCallDriver[0x82E90912] -> [0x865FF888]
    \Driver\nvstor32[0x880DF690] -> IRP_MJ_CREATE -> 0x8802949F
    kernel: MBR read successfully
    _asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5d; }
    detected disk devices:
    \Device\0000005c -> \??\SCSI#Disk&Ven_ST336032&Prod_0AS#4&121cf98f&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !
    .
    ============= FINISH: 18:34:47.55 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/7/2008 7:50:39 PM
    System Uptime: 2/18/2012 6:03:40 PM (0 hours ago)
    .
    Motherboard: ECS | | Nettle3
    Processor: AMD Phenom(tm) 9500 Quad-Core Processor | Socket AM2 | 2200/201mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 326 GiB total, 50.414 GiB free.
    D: is FIXED (NTFS) - 9 GiB total, 1.268 GiB free.
    E: is FIXED (NTFS) - 335 GiB total, 89.1 GiB free.
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Acrobat.com
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Linguistics CS3
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Photoshop Lightroom 2.1
    Adobe Reader 9.5.0
    Adobe Setup
    Adobe Shockwave Player 11.5
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    Advanced Video FX Engine
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bonjour
    Cards_Calendar_OrderGift_DoMorePlugout
    Citrix XenApp Web Plugin
    Compatibility Pack for the 2007 Office system
    Coupon Printer for Windows
    Crystal Reports Basic for Visual Studio 2008
    Curse Client
    CyberLink DVD Suite Deluxe
    D3DX10
    DVD Decrypter (Remove Only)
    DVDFab 8.1.3.3 (12/11/2011) Qt Beta
    Enhanced Multimedia Keyboard Solution
    Facebook Plug-In
    Flickr Uploadr 3.2.1
    HandBrake 0.9.5
    Hardware Diagnostic Tools
    Hewlett-Packard Active Check
    Hewlett-Packard Asset Agent for Health Check
    HijackThis 1.99.0
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)
    Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)
    HP Customer Experience Enhancements
    HP Customer Feedback
    HP Easy Setup - Frontend
    HP On-Screen Cap/Num/Scroll Lock Indicator
    HP Photosmart Essential 2.5
    HP Picasso Media Center Add-In
    HP Total Care Advisor
    HP Update
    HPPhotoSmartPhotobookWebPack1
    iCloud
    iPhone Configuration Utility
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 26
    Java(TM) SE Runtime Environment 6 Update 1
    Kingdoms of Amalur: Reckoning
    Kingdoms of Amalur: Reckoning Demo
    LabelPrint
    LightScribe System Software 1.10.23.1
    LightScribeTemplateLabeler
    Luminance HDR 2.1.0
    Malwarebytes Anti-Malware version 1.60.1.1000
    MetaFrame Presentation Server Web Client for Win32
    Microsoft .NET Compact Framework 2.0 SP2
    Microsoft .NET Compact Framework 3.5
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft Device Emulator version 3.0 - ENU
    Microsoft Document Explorer 2008
    Microsoft Expression Blend 3
    Microsoft Expression Blend 3 SDK
    Microsoft Expression Blend 4
    Microsoft Expression Blend SDK for .NET 4
    Microsoft Expression Blend SDK for Silverlight 4
    Microsoft Expression Design 3
    Microsoft Expression Design 4
    Microsoft Expression Encoder 3
    Microsoft Expression Encoder 4
    Microsoft Expression Encoder 4 Screen Capture Codec
    Microsoft Expression Studio 3
    Microsoft Expression Studio 4
    Microsoft Expression Web 3
    Microsoft Expression Web 3 SP1
    Microsoft Expression Web 4
    Microsoft Expression Web 4 Service Pack 2
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 60 day trial
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional Edition 2003
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
    Microsoft Office Visual Web Developer 2007
    Microsoft Office Visual Web Developer MUI (English) 2007
    Microsoft Silverlight
    Microsoft Silverlight 3 SDK
    Microsoft Silverlight 4 SDK
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server Compact 3.5 Design Tools ENU
    Microsoft SQL Server Compact 3.5 ENU
    Microsoft SQL Server Compact 3.5 for Devices ENU
    Microsoft SQL Server Database Publishing Wizard 1.2
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual Studio 2005 Tools for Office Runtime
    Microsoft Visual Studio 2008 Professional Edition - ENU
    Microsoft Visual Studio Web Authoring Component
    Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
    Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
    Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
    Microsoft Windows SDK for Visual Studio 2008 Tools
    Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
    Microsoft Works
    Mobile Broadband Drivers
    MobileMe Control Panel
    Mozilla Firefox 9.0.1 (x86 en-US)
    MSDN Library for Visual Studio 2008 - ENU
    MSVCRT
    muvee autoProducer 6.1
    My HP Games
    Norton Internet Security
    NVIDIA 3D Vision Driver 266.58
    NVIDIA Control Panel 275.33
    NVIDIA Drivers
    NVIDIA Graphics Driver 275.33
    NVIDIA HD Audio Driver 1.1.13.1
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.10.0514
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.3.5
    NVIDIA Update Components
    OGA Notifier 2.0.0048.0
    Origin
    PDF Settings
    PeerGuardian 2.0
    Picasa 3
    Power2Go
    PowerDirector
    PSSWCORE
    Python 2.5
    QuickTime
    Realtek High Definition Audio Driver
    Rocketfish 2MP AF Webcam Driver (1.00.06.00)
    Rocketfish Webcam User's Guide
    Safari
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Segoe UI
    Snapfish Picture Mover
    Soft Data Fax Modem with SmartCP
    Spelling Dictionaries Support For Adobe Reader 9
    Spybot - Search & Destroy 1.3
    Steam
    System Requirements Lab
    TeamSpeak 2 RC2
    Unity Web Player
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221)
    VC Runtimes MSI
    Ventrilo Client
    VideoToolkit01
    Vista Codec Package
    Visual Studio 2005 Tools for Office Second Edition Runtime
    Visual Studio Tools for the Office system 3.0 Runtime
    VZAccess Manager
    WeatherBug Gadget
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Messenger
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Mobile 5.0 SDK R2 for Pocket PC
    Windows Mobile 5.0 SDK R2 for Smartphone
    World of Warcraft
    WPF Toolkit February 2010 (Version 3.5.50211.1)
    Yahoo! Messenger
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/18/2012 6:05:41 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
    2/17/2012 9:38:24 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.
    2/17/2012 11:33:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    2/17/2012 11:33:04 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 DfsC eeCtrl i8042prt IDSVix86 NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr SRTSPX SymIM SymIRON SYMTDIv tdx Wanarpv6 ws2ifsl
    2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
    2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
    2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    2/17/2012 11:32:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    2/17/2012 11:32:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    2/17/2012 11:32:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2/17/2012 11:32:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    2/17/2012 11:31:46 PM, Error: EventLog [6008] - The previous system shutdown at 11:28:10 PM on 2/17/2012 was unexpected.
    2/17/2012 11:15:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    2/17/2012 11:14:52 PM, Error: EventLog [6008] - The previous system shutdown at 11:11:48 PM on 2/17/2012 was unexpected.
    2/16/2012 7:30:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    2/16/2012 7:11:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    2/16/2012 7:09:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
    2/16/2012 7:07:37 PM, Error: EventLog [6008] - The previous system shutdown at 7:02:22 PM on 2/16/2012 was unexpected.
    2/16/2012 7:00:43 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/16/2012 7:00:35 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the NVIDIA Update Service Daemon service to connect.
    2/16/2012 6:58:32 PM, Error: Service Control Manager [7022] - The KtmRm for Distributed Transaction Coordinator service hung on starting.
    2/16/2012 6:53:16 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 i8042prt
    2/14/2012 8:49:43 PM, Error: nvstor32 [5] - A parity error was detected on \Device\RaidPort0.
    2/14/2012 8:19:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    2/14/2012 8:19:05 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================



    Thanks again for your help
  4. EM0

    EM0 Newcomer, in training Topic Starter

    Here is the TDSKiller log

    18:39:52.0180 4356 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
    18:39:52.0284 4356 ============================================================
    18:39:52.0284 4356 Current date / time: 2012/02/18 18:39:52.0284
    18:39:52.0284 4356 SystemInfo:
    18:39:52.0284 4356
    18:39:52.0284 4356 OS Version: 6.0.6002 ServicePack: 2.0
    18:39:52.0284 4356 Product type: Workstation
    18:39:52.0284 4356 ComputerName: 0X10K0D30X1X1X0
    18:39:52.0284 4356 UserName: Owner
    18:39:52.0284 4356 Windows directory: C:\Windows
    18:39:52.0284 4356 System windows directory: C:\Windows
    18:39:52.0284 4356 Processor architecture: Intel x86
    18:39:52.0284 4356 Number of processors: 4
    18:39:52.0284 4356 Page size: 0x1000
    18:39:52.0285 4356 Boot type: Normal boot
    18:39:52.0285 4356 ============================================================
    18:39:53.0065 4356 Drive \Device\Harddisk0\DR0 - Size: 0x53D67B6000 (335.35 Gb), SectorSize: 0x200, Cylinders: 0xAB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    18:39:53.0086 4356 Drive \Device\Harddisk1\DR1 - Size: 0x53D67B6000 (335.35 Gb), SectorSize: 0x200, Cylinders: 0xAB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    18:39:53.0089 4356 \Device\Harddisk0\DR0:
    18:39:53.0098 4356 MBR used
    18:39:53.0098 4356 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x28C114C2
    18:39:53.0098 4356 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x28C11501, BlocksNum 0x12A14C0
    18:39:53.0098 4356 \Device\Harddisk1\DR1:
    18:39:53.0102 4356 MBR used
    18:39:53.0102 4356 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x29EB2982
    18:39:53.0175 4356 Initialize success
    18:39:53.0175 4356 ============================================================
    18:42:51.0518 4460 ============================================================
    18:42:51.0518 4460 Scan started
    18:42:51.0518 4460 Mode: Manual;
    18:42:51.0518 4460 ============================================================
    18:42:51.0863 4460 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    18:42:51.0868 4460 ACPI - ok
    18:42:51.0932 4460 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    18:42:51.0938 4460 adp94xx - ok
    18:42:51.0992 4460 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    18:42:51.0996 4460 adpahci - ok
    18:42:52.0037 4460 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    18:42:52.0039 4460 adpu160m - ok
    18:42:52.0086 4460 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    18:42:52.0088 4460 adpu320 - ok
    18:42:52.0184 4460 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
    18:42:52.0204 4460 AFD - ok
    18:42:52.0259 4460 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    18:42:52.0260 4460 agp440 - ok
    18:42:52.0295 4460 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    18:42:52.0296 4460 aic78xx - ok
    18:42:52.0323 4460 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
    18:42:52.0323 4460 aliide - ok
    18:42:52.0344 4460 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    18:42:52.0345 4460 amdagp - ok
    18:42:52.0380 4460 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
    18:42:52.0381 4460 amdide - ok
    18:42:52.0406 4460 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    18:42:52.0407 4460 AmdK7 - ok
    18:42:52.0424 4460 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
    18:42:52.0425 4460 AmdK8 - ok
    18:42:52.0457 4460 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    18:42:52.0458 4460 arc - ok
    18:42:52.0486 4460 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    18:42:52.0487 4460 arcsas - ok
    18:42:52.0520 4460 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    18:42:52.0521 4460 AsyncMac - ok
    18:42:52.0568 4460 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    18:42:52.0569 4460 atapi - ok
    18:42:52.0598 4460 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    18:42:52.0599 4460 Beep - ok
    18:42:52.0780 4460 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120215.001\BHDrvx86.sys
    18:42:52.0814 4460 BHDrvx86 - ok
    18:42:52.0910 4460 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    18:42:52.0911 4460 blbdrive - ok
    18:42:52.0949 4460 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
    18:42:52.0950 4460 bowser - ok
    18:42:52.0976 4460 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    18:42:52.0977 4460 BrFiltLo - ok
    18:42:52.0993 4460 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    18:42:52.0994 4460 BrFiltUp - ok
    18:42:53.0021 4460 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    18:42:53.0022 4460 Brserid - ok
    18:42:53.0049 4460 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    18:42:53.0049 4460 BrSerWdm - ok
    18:42:53.0071 4460 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    18:42:53.0072 4460 BrUsbMdm - ok
    18:42:53.0100 4460 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    18:42:53.0101 4460 BrUsbSer - ok
    18:42:53.0127 4460 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    18:42:53.0128 4460 BTHMODEM - ok
    18:42:53.0163 4460 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    18:42:53.0164 4460 cdfs - ok
    18:42:53.0217 4460 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    18:42:53.0218 4460 cdrom - ok
    18:42:53.0243 4460 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
    18:42:53.0244 4460 circlass - ok
    18:42:53.0309 4460 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    18:42:53.0314 4460 CLFS - ok
    18:42:53.0356 4460 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
    18:42:53.0357 4460 cmdide - ok
    18:42:53.0378 4460 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
    18:42:53.0379 4460 Compbatt - ok
    18:42:53.0392 4460 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    18:42:53.0393 4460 crcdisk - ok
    18:42:53.0413 4460 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    18:42:53.0414 4460 Crusoe - ok
    18:42:53.0478 4460 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
    18:42:53.0480 4460 DfsC - ok
    18:42:53.0542 4460 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    18:42:53.0543 4460 disk - ok
    18:42:53.0577 4460 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    18:42:53.0577 4460 drmkaud - ok
    18:42:53.0636 4460 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    18:42:53.0647 4460 DXGKrnl - ok
    18:42:53.0664 4460 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    18:42:53.0665 4460 E1G60 - ok
    18:42:53.0721 4460 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    18:42:53.0723 4460 Ecache - ok
    18:42:53.0788 4460 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    18:42:53.0795 4460 eeCtrl - ok
    18:42:53.0915 4460 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    18:42:53.0920 4460 elxstor - ok
    18:42:54.0009 4460 EraserUtilRebootDrv - ok
    18:42:54.0084 4460 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
    18:42:54.0085 4460 ErrDev - ok
    18:42:54.0158 4460 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    18:42:54.0160 4460 exfat - ok
    18:42:54.0214 4460 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    18:42:54.0216 4460 fastfat - ok
    18:42:54.0247 4460 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    18:42:54.0248 4460 fdc - ok
    18:42:54.0285 4460 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    18:42:54.0286 4460 FileInfo - ok
    18:42:54.0309 4460 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    18:42:54.0309 4460 Filetrace - ok
    18:42:54.0337 4460 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    18:42:54.0338 4460 flpydisk - ok
    18:42:54.0381 4460 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    18:42:54.0383 4460 FltMgr - ok
    18:42:54.0412 4460 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    18:42:54.0413 4460 Fs_Rec - ok
    18:42:54.0436 4460 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    18:42:54.0437 4460 gagp30kx - ok
    18:42:54.0479 4460 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    18:42:54.0480 4460 GEARAspiWDM - ok
    18:42:54.0548 4460 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
    18:42:54.0552 4460 HdAudAddService - ok
    18:42:54.0597 4460 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    18:42:54.0607 4460 HDAudBus - ok
    18:42:54.0655 4460 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    18:42:54.0656 4460 HidBth - ok
    18:42:54.0673 4460 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    18:42:54.0674 4460 HidIr - ok
    18:42:54.0721 4460 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    18:42:54.0721 4460 HidUsb - ok
    18:42:54.0788 4460 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
    18:42:54.0789 4460 HpCISSs - ok
    18:42:54.0850 4460 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
    18:42:54.0910 4460 HSF_DP - ok
    18:42:55.0018 4460 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
    18:42:55.0022 4460 HSXHWBS2 - ok
    18:42:55.0088 4460 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    18:42:55.0095 4460 HTTP - ok
    18:42:55.0128 4460 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    18:42:55.0128 4460 i2omp - ok
    18:42:55.0146 4460 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    18:42:55.0147 4460 i8042prt - ok
    18:42:55.0177 4460 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    18:42:55.0181 4460 iaStorV - ok
    18:42:55.0418 4460 IDSVix86 (b6662611e8fa3a71473c4a9bd0d23755) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120214.003\IDSvix86.sys
    18:42:55.0424 4460 IDSVix86 - ok
    18:42:55.0512 4460 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    18:42:55.0513 4460 iirsp - ok
    18:42:55.0685 4460 IntcAzAudAddService (3914ea9111dbeffaf1c68200817768ad) C:\Windows\system32\drivers\RTKVHDA.sys
    18:42:55.0759 4460 IntcAzAudAddService - ok
    18:42:55.0787 4460 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    18:42:55.0788 4460 intelide - ok
    18:42:55.0853 4460 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    18:42:55.0854 4460 intelppm - ok
    18:42:55.0877 4460 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    18:42:55.0878 4460 IpFilterDriver - ok
    18:42:55.0912 4460 IpInIp - ok
    18:42:55.0958 4460 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
    18:42:55.0959 4460 IPMIDRV - ok
    18:42:56.0003 4460 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    18:42:56.0004 4460 IPNAT - ok
    18:42:56.0036 4460 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    18:42:56.0037 4460 IRENUM - ok
    18:42:56.0061 4460 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    18:42:56.0062 4460 isapnp - ok
    18:42:56.0214 4460 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    18:42:56.0219 4460 iScsiPrt - ok
    18:42:56.0293 4460 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    18:42:56.0294 4460 iteatapi - ok
    18:42:56.0360 4460 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    18:42:56.0361 4460 iteraid - ok
    18:42:56.0417 4460 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    18:42:56.0417 4460 kbdclass - ok
    18:42:56.0515 4460 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
    18:42:56.0516 4460 kbdhid - ok
    18:42:56.0583 4460 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
    18:42:56.0590 4460 KSecDD - ok
    18:42:56.0637 4460 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    18:42:56.0639 4460 lltdio - ok
    18:42:56.0676 4460 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
    18:42:56.0677 4460 LSI_FC - ok
    18:42:56.0717 4460 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
    18:42:56.0719 4460 LSI_SAS - ok
    18:42:56.0830 4460 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
    18:42:56.0832 4460 LSI_SCSI - ok
    18:42:57.0052 4460 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    18:42:57.0054 4460 luafv - ok
    18:42:57.0107 4460 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
    18:42:57.0107 4460 MBAMProtector - ok
    18:42:57.0145 4460 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    18:42:57.0146 4460 mdmxsdk - ok
    18:42:57.0178 4460 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
    18:42:57.0179 4460 megasas - ok
    18:42:57.0206 4460 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
    18:42:57.0211 4460 MegaSR - ok
    18:42:57.0224 4460 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    18:42:57.0225 4460 Modem - ok
    18:42:57.0262 4460 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    18:42:57.0263 4460 monitor - ok
    18:42:57.0297 4460 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    18:42:57.0298 4460 mouclass - ok
    18:42:57.0321 4460 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    18:42:57.0322 4460 mouhid - ok
    18:42:57.0340 4460 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    18:42:57.0341 4460 MountMgr - ok
    18:42:57.0371 4460 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
    18:42:57.0374 4460 mpio - ok
    18:42:57.0401 4460 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    18:42:57.0402 4460 mpsdrv - ok
    18:42:57.0428 4460 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    18:42:57.0428 4460 Mraid35x - ok
    18:42:57.0471 4460 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    18:42:57.0473 4460 MRxDAV - ok
    18:42:57.0523 4460 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    18:42:57.0525 4460 mrxsmb - ok
    18:42:57.0589 4460 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    18:42:57.0592 4460 mrxsmb10 - ok
    18:42:57.0612 4460 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    18:42:57.0613 4460 mrxsmb20 - ok
    18:42:57.0653 4460 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
    18:42:57.0654 4460 msahci - ok
    18:42:57.0680 4460 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
    18:42:57.0682 4460 msdsm - ok
    18:42:57.0712 4460 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    18:42:57.0713 4460 Msfs - ok
    18:42:57.0733 4460 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    18:42:57.0734 4460 msisadrv - ok
    18:42:57.0764 4460 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    18:42:57.0765 4460 MSKSSRV - ok
    18:42:57.0780 4460 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    18:42:57.0781 4460 MSPCLOCK - ok
    18:42:57.0803 4460 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    18:42:57.0804 4460 MSPQM - ok
    18:42:57.0852 4460 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    18:42:57.0855 4460 MsRPC - ok
    18:42:57.0875 4460 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    18:42:57.0876 4460 mssmbios - ok
    18:42:57.0900 4460 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    18:42:57.0900 4460 MSTEE - ok
    18:42:57.0957 4460 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    18:42:57.0958 4460 Mup - ok
    18:42:58.0006 4460 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    18:42:58.0008 4460 NativeWifiP - ok
    18:42:58.0228 4460 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120215.036\NAVENG.SYS
    18:42:58.0231 4460 NAVENG - ok
    18:42:58.0297 4460 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120215.036\NAVEX15.SYS
    18:42:58.0347 4460 NAVEX15 - ok
    18:42:58.0452 4460 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    18:42:58.0460 4460 NDIS - ok
    18:42:58.0503 4460 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    18:42:58.0503 4460 NdisTapi - ok
    18:42:58.0535 4460 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    18:42:58.0536 4460 Ndisuio - ok
    18:42:58.0577 4460 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    18:42:58.0579 4460 NdisWan - ok
    18:42:58.0599 4460 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    18:42:58.0600 4460 NDProxy - ok
    18:42:58.0619 4460 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    18:42:58.0620 4460 NetBIOS - ok
    18:42:58.0667 4460 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    18:42:58.0670 4460 netbt - ok
    18:42:58.0721 4460 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    18:42:58.0722 4460 nfrd960 - ok
    18:42:58.0769 4460 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    18:42:58.0769 4460 Npfs - ok
    18:42:58.0825 4460 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    18:42:58.0826 4460 nsiproxy - ok
    18:42:58.0892 4460 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    18:42:58.0945 4460 Ntfs - ok
    18:42:59.0042 4460 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    18:42:59.0043 4460 ntrigdigi - ok
    18:42:59.0064 4460 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    18:42:59.0065 4460 Null - ok
    18:42:59.0123 4460 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
    18:42:59.0158 4460 NVENETFD - ok
    18:42:59.0207 4460 NVHDA (92cfe8964b3a6da0692331fa66630db3) C:\Windows\system32\drivers\nvhda32v.sys
    18:42:59.0208 4460 NVHDA - ok
    18:42:59.0473 4460 nvlddmkm (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    18:42:59.0710 4460 nvlddmkm - ok
    18:42:59.0951 4460 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
    18:42:59.0954 4460 nvraid - ok
    18:42:59.0981 4460 nvrd32 (6f5bb0b40d251351a913b61ba9d64b3f) C:\Windows\system32\drivers\nvrd32.sys
    18:42:59.0983 4460 nvrd32 - ok
    18:43:00.0013 4460 nvsmu (c44ee36dd84fa95eb81d79c374756003) C:\Windows\system32\drivers\nvsmu.sys
    18:43:00.0014 4460 nvsmu - ok
    18:43:00.0038 4460 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
    18:43:00.0039 4460 nvstor - ok
    18:43:00.0074 4460 nvstor32 (1a649b87a7b7c1220a2b16b121f2198e) C:\Windows\system32\drivers\nvstor32.sys
    18:43:00.0075 4460 nvstor32 - ok
    18:43:00.0122 4460 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
    18:43:00.0123 4460 nv_agp - ok
    18:43:00.0166 4460 NWADI (67fb86eeb94059177642050718d57460) C:\Windows\system32\DRIVERS\NWADIenum.sys
    18:43:00.0169 4460 NWADI - ok
    18:43:00.0179 4460 NwlnkFlt - ok
    18:43:00.0197 4460 NwlnkFwd - ok
    18:43:00.0245 4460 NWUSBModem (4e651808b35656ac88a4dcdaf6cc1169) C:\Windows\system32\DRIVERS\nwusbmdm.sys
    18:43:00.0246 4460 NWUSBModem - ok
    18:43:00.0301 4460 NWUSBPort (4e651808b35656ac88a4dcdaf6cc1169) C:\Windows\system32\DRIVERS\nwusbser.sys
    18:43:00.0302 4460 NWUSBPort - ok
    18:43:00.0323 4460 NWUSBPort2 (4e651808b35656ac88a4dcdaf6cc1169) C:\Windows\system32\DRIVERS\nwusbser2.sys
    18:43:00.0324 4460 NWUSBPort2 - ok
    18:43:00.0364 4460 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
    18:43:00.0365 4460 ohci1394 - ok
    18:43:00.0422 4460 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    18:43:00.0423 4460 Parport - ok
    18:43:00.0488 4460 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    18:43:00.0489 4460 partmgr - ok
    18:43:00.0514 4460 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    18:43:00.0515 4460 Parvdm - ok
    18:43:00.0567 4460 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    18:43:00.0571 4460 pci - ok
    18:43:00.0649 4460 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
    18:43:00.0650 4460 pciide - ok
    18:43:00.0743 4460 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    18:43:00.0745 4460 pcmcia - ok
    18:43:00.0806 4460 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
    18:43:00.0807 4460 pcouffin - ok
    18:43:00.0874 4460 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    18:43:00.0917 4460 PEAUTH - ok
    18:43:00.0977 4460 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    18:43:00.0978 4460 PptpMiniport - ok
    18:43:00.0998 4460 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
    18:43:00.0999 4460 Processor - ok
    18:43:01.0031 4460 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
    18:43:01.0032 4460 Ps2 - ok
    18:43:01.0099 4460 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    18:43:01.0101 4460 PSched - ok
    18:43:01.0136 4460 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
    18:43:01.0137 4460 PxHelp20 - ok
    18:43:01.0189 4460 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
    18:43:01.0214 4460 ql2300 - ok
    18:43:01.0242 4460 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    18:43:01.0243 4460 ql40xx - ok
    18:43:01.0282 4460 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    18:43:01.0283 4460 QWAVEdrv - ok
    18:43:01.0301 4460 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    18:43:01.0302 4460 RasAcd - ok
    18:43:01.0324 4460 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    18:43:01.0326 4460 Rasl2tp - ok
    18:43:01.0378 4460 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    18:43:01.0379 4460 RasPppoe - ok
    18:43:01.0408 4460 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    18:43:01.0409 4460 RasSstp - ok
    18:43:01.0447 4460 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    18:43:01.0451 4460 rdbss - ok
    18:43:01.0479 4460 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    18:43:01.0480 4460 RDPCDD - ok
    18:43:01.0514 4460 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
    18:43:01.0518 4460 rdpdr - ok
    18:43:01.0529 4460 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    18:43:01.0530 4460 RDPENCDD - ok
    18:43:01.0604 4460 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    18:43:01.0606 4460 RDPWD - ok
    18:43:01.0719 4460 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\Windows\system32\Drivers\RimUsb.sys
    18:43:01.0720 4460 RimUsb - ok
    18:43:01.0814 4460 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    18:43:01.0815 4460 rspndr - ok
    18:43:01.0857 4460 RTSTOR (52532a4ca8b251775decc87c4813abfb) C:\Windows\system32\drivers\RTSTOR.SYS
    18:43:01.0858 4460 RTSTOR - ok
    18:43:01.0896 4460 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    18:43:01.0897 4460 sbp2port - ok
    18:43:01.0932 4460 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    18:43:01.0932 4460 secdrv - ok
    18:43:01.0962 4460 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    18:43:01.0963 4460 Serenum - ok
    18:43:01.0987 4460 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    18:43:01.0989 4460 Serial - ok
    18:43:02.0017 4460 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    18:43:02.0018 4460 sermouse - ok
    18:43:02.0057 4460 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
    18:43:02.0058 4460 sffdisk - ok
    18:43:02.0082 4460 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
    18:43:02.0082 4460 sffp_mmc - ok
    18:43:02.0101 4460 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
    18:43:02.0102 4460 sffp_sd - ok
    18:43:02.0129 4460 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    18:43:02.0130 4460 sfloppy - ok
    18:43:02.0174 4460 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
    18:43:02.0175 4460 sisagp - ok
    18:43:02.0219 4460 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
    18:43:02.0220 4460 SiSRaid2 - ok
    18:43:02.0248 4460 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
    18:43:02.0249 4460 SiSRaid4 - ok
    18:43:02.0314 4460 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    18:43:02.0315 4460 Smb - ok
    18:43:02.0353 4460 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    18:43:02.0354 4460 spldr - ok
    18:43:02.0462 4460 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\NIS\1207000.00D\SRTSP.SYS
    18:43:02.0496 4460 SRTSP - ok
    18:43:02.0515 4460 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\NIS\1207000.00D\SRTSPX.SYS
    18:43:02.0517 4460 SRTSPX - ok
    18:43:02.0575 4460 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
    18:43:02.0579 4460 srv - ok
    18:43:02.0720 4460 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
    18:43:02.0722 4460 srv2 - ok
    18:43:02.0788 4460 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
    18:43:02.0790 4460 srvnet - ok
    18:43:02.0844 4460 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    18:43:02.0845 4460 swenum - ok
    18:43:02.0880 4460 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    18:43:02.0881 4460 Symc8xx - ok
    18:43:02.0984 4460 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\NIS\1207000.00D\SYMDS.SYS
    18:43:02.0990 4460 SymDS - ok
    18:43:03.0024 4460 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\NIS\1207000.00D\SYMEFA.SYS
    18:43:03.0058 4460 SymEFA - ok
    18:43:03.0094 4460 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
    18:43:03.0095 4460 SymEvent - ok
    18:43:03.0105 4460 SYMFW - ok
    18:43:03.0158 4460 SymIM (8d49cdbb93c3e58e1bfc39fb29444c0a) C:\Windows\system32\DRIVERS\SymIMv.sys
    18:43:03.0159 4460 SymIM - ok
    18:43:03.0176 4460 SymIMMP - ok
    18:43:03.0254 4460 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\NIS\1207000.00D\Ironx86.SYS
    18:43:03.0257 4460 SymIRON - ok
    18:43:03.0266 4460 SYMNDISV - ok
    18:43:03.0312 4460 SYMTDIv (d42a7229e333af725f1445f785e4658d) C:\Windows\System32\Drivers\NIS\1207000.00D\SYMTDIV.SYS
    18:43:03.0318 4460 SYMTDIv - ok
    18:43:03.0362 4460 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    18:43:03.0363 4460 Sym_hi - ok
    18:43:03.0376 4460 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    18:43:03.0377 4460 Sym_u3 - ok
    18:43:03.0447 4460 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
    18:43:03.0473 4460 Tcpip - ok
    18:43:03.0531 4460 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
    18:43:03.0538 4460 Tcpip6 - ok
    18:43:03.0583 4460 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    18:43:03.0584 4460 tcpipreg - ok
    18:43:03.0671 4460 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    18:43:03.0672 4460 TDPIPE - ok
    18:43:03.0698 4460 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    18:43:03.0700 4460 TDTCP - ok
    18:43:03.0744 4460 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    18:43:03.0745 4460 tdx - ok
    18:43:03.0784 4460 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    18:43:03.0785 4460 TermDD - ok
    18:43:03.0834 4460 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    18:43:03.0835 4460 tssecsrv - ok
    18:43:03.0858 4460 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    18:43:03.0859 4460 tunmp - ok
    18:43:03.0901 4460 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    18:43:03.0902 4460 tunnel - ok
    18:43:03.0929 4460 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
    18:43:03.0930 4460 uagp35 - ok
    18:43:03.0979 4460 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    18:43:03.0983 4460 udfs - ok
    18:43:04.0022 4460 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
    18:43:04.0023 4460 uliagpkx - ok
    18:43:04.0047 4460 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
    18:43:04.0050 4460 uliahci - ok
    18:43:04.0071 4460 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    18:43:04.0073 4460 UlSata - ok
    18:43:04.0098 4460 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    18:43:04.0099 4460 ulsata2 - ok
    18:43:04.0126 4460 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    18:43:04.0127 4460 umbus - ok
    18:43:04.0179 4460 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
    18:43:04.0180 4460 USBAAPL - ok
    18:43:04.0225 4460 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
    18:43:04.0226 4460 usbaudio - ok
    18:43:04.0260 4460 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    18:43:04.0262 4460 usbccgp - ok
    18:43:04.0292 4460 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    18:43:04.0293 4460 usbcir - ok
    18:43:04.0319 4460 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    18:43:04.0320 4460 usbehci - ok
    18:43:04.0510 4460 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    18:43:04.0534 4460 usbhub - ok
    18:43:05.0143 4460 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
    18:43:05.0144 4460 usbohci - ok
    18:43:05.0217 4460 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    18:43:05.0218 4460 usbprint - ok
    18:43:05.0264 4460 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    18:43:05.0265 4460 USBSTOR - ok
    18:43:05.0295 4460 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    18:43:05.0296 4460 usbuhci - ok
    18:43:05.0343 4460 V0510Dev (004415a34b5dc881eaefb860c4b22c24) C:\Windows\system32\DRIVERS\V0510Vid.sys
    18:43:05.0346 4460 V0510Dev - ok
    18:43:05.0376 4460 V0510Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\V0510Vfx.sys
    18:43:05.0377 4460 V0510Vfx - ok
    18:43:05.0409 4460 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    18:43:05.0410 4460 vga - ok
    18:43:05.0433 4460 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    18:43:05.0434 4460 VgaSave - ok
    18:43:05.0460 4460 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
    18:43:05.0461 4460 viaagp - ok
    18:43:05.0486 4460 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
    18:43:05.0487 4460 ViaC7 - ok
    18:43:05.0512 4460 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
    18:43:05.0513 4460 viaide - ok
    18:43:05.0536 4460 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    18:43:05.0537 4460 volmgr - ok
    18:43:05.0586 4460 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    18:43:05.0591 4460 volmgrx - ok
    18:43:05.0618 4460 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    18:43:05.0621 4460 volsnap - ok
    18:43:05.0664 4460 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
    18:43:05.0665 4460 vsmraid - ok
    18:43:05.0709 4460 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    18:43:05.0710 4460 WacomPen - ok
    18:43:05.0735 4460 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    18:43:05.0736 4460 Wanarp - ok
    18:43:05.0741 4460 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    18:43:05.0742 4460 Wanarpv6 - ok
    18:43:05.0767 4460 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    18:43:05.0768 4460 Wd - ok
    18:43:05.0806 4460 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    18:43:05.0840 4460 Wdf01000 - ok
    18:43:06.0180 4460 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    18:43:06.0233 4460 winachsf - ok
    18:43:06.0334 4460 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
    18:43:06.0335 4460 WmiAcpi - ok
    18:43:06.0418 4460 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
    18:43:06.0419 4460 WpdUsb - ok
    18:43:06.0459 4460 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    18:43:06.0459 4460 ws2ifsl - ok
    18:43:06.0514 4460 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    18:43:06.0515 4460 WUDFRd - ok
    18:43:06.0545 4460 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
    18:43:06.0546 4460 XAudio - ok
    18:43:06.0579 4460 MBR (0x1B8) (766c82bd6b3edafcb74f8477cb84fff9) \Device\Harddisk0\DR0
    18:43:06.0601 4460 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
    18:43:06.0601 4460 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
    18:43:06.0622 4460 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR1
    18:43:06.0625 4460 \Device\Harddisk1\DR1 - ok
    18:43:06.0629 4460 Boot (0x1200) (cbcb2a34a5b3461fd9770d79e2b4b12d) \Device\Harddisk0\DR0\Partition0
    18:43:06.0630 4460 \Device\Harddisk0\DR0\Partition0 - ok
    18:43:06.0659 4460 Boot (0x1200) (fcf9c32a93c7f46df74ea2435b65b557) \Device\Harddisk0\DR0\Partition1
    18:43:06.0660 4460 \Device\Harddisk0\DR0\Partition1 - ok
    18:43:06.0679 4460 Boot (0x1200) (c443fbf89f0ade8b681f0ca478187fbc) \Device\Harddisk1\DR1\Partition0
    18:43:06.0680 4460 \Device\Harddisk1\DR1\Partition0 - ok
    18:43:06.0680 4460 ============================================================
    18:43:06.0680 4460 Scan finished
    18:43:06.0680 4460 ============================================================
    18:43:06.0693 4920 Detected object count: 1
    18:43:06.0693 4920 Actual detected object count: 1
    18:43:21.0194 4920 \Device\Harddisk0\DR0\# - copied to quarantine
    18:43:21.0194 4920 \Device\Harddisk0\DR0 - copied to quarantine
    18:43:21.0221 4920 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
    18:43:21.0230 4920 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    18:43:21.0234 4920 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
    18:43:21.0240 4920 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    18:43:21.0256 4920 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    18:43:21.0267 4920 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
    18:43:21.0275 4920 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
    18:43:21.0279 4920 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
    18:43:21.0282 4920 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
    18:43:21.0285 4920 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
    18:43:21.0289 4920 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
    18:43:21.0293 4920 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
    18:43:21.0320 4920 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    18:43:21.0320 4920 \Device\Harddisk0\DR0 - ok
    18:43:21.0839 4920 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
    18:43:37.0076 6072 Deinitialize success
  5. Broni

    Broni Malware Annihilator Posts: 46,492   +252

    Very good :)

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =================================================================

    Download BTKR_RunBox to your desktop.

    Double click on downloaded BTKR_RunBox.exe file.
    Small RunBox DOS window will open.
    Press any key to continue.
    Press "1" to select "Run a scan with Bootkit Remover" option.
    Press "Enter".
    Press "Enter" one more time to generate log.
    Click OK, IF any "Warning" message pops up.
    Notepad will open with Bootkit Remover log.
    Copy the content and post it in your next reply.
    In RunBox press "4" then Enter to exit it.

    NOTE. In case you lost the log it's also located on your desktop as "scan.txt"
  6. EM0

    EM0 Newcomer, in training Topic Starter

    Next set of logs!

    aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
    Run date: 2012-02-18 20:47:28
    -----------------------------
    20:47:28.181 OS Version: Windows 6.0.6002 Service Pack 2
    20:47:28.181 Number of processors: 4 586 0x202
    20:47:28.184 ComputerName: 0X10K0D30X1X1X0 UserName: Owner
    20:47:32.043 Initialize success
    20:47:42.266 AVAST engine defs: 12021802
    20:47:46.455 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005b
    20:47:46.458 Disk 0 Vendor: ST336032 3.CH Size: 343399MB BusType: 6
    20:47:46.462 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000005c
    20:47:46.465 Disk 1 Vendor: ST336032 3.CH Size: 343399MB BusType: 6
    20:47:46.632 Disk 0 MBR read successfully
    20:47:46.635 Disk 0 MBR scan
    20:47:46.673 Disk 0 unknown MBR code
    20:47:46.708 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 333858 MB offset 63
    20:47:46.756 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 9538 MB offset 683742465
    20:47:46.848 Disk 0 scanning sectors +703277505
    20:47:47.313 Disk 0 scanning C:\Windows\system32\drivers
    20:48:55.159 Service scanning
    20:48:57.013 Modules scanning
    20:50:15.151 Disk 0 trace - called modules:
    20:50:15.211 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
    20:50:15.217 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8720dac8]
    20:50:15.223 3 CLASSPNP.SYS[807318b3] -> nt!IofCallDriver -> [0x86642ad0]
    20:50:15.229 5 acpi.sys[8060e6bc] -> nt!IofCallDriver -> \Device\0000005b[0x861bdb18]
    20:50:16.271 AVAST engine scan C:\Windows
    20:51:30.580 AVAST engine scan C:\Windows\system32
    20:55:30.522 File: C:\Windows\system32\jureg.exe **INFECTED** Win32:SMSSend-IG [Trj]
    21:17:33.752 AVAST engine scan C:\Windows\system32\drivers
    21:21:48.811 AVAST engine scan C:\Users\Owner
    22:30:34.888 Disk 0 MBR has been saved successfully to "C:\Temp\VIRTUAL\FIXIE\MBR.dat"
    22:30:34.891 The log file has been saved successfully to "C:\Temp\VIRTUAL\FIXIE\6b_aswMBR.txt"


    Bootkit Remover
    (c) 2009 eSage Lab
    www.esagelab.com
    Program version: 1.2.0.0
    OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6002), 32-bit
    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    ATA_Read(): DeviceIoControl() ERROR 6
    Boot sector MD5 is: 306a70bb88e51c06c67244ab8a2237bf

    Size Device Name MBR Status
    --------------------------------------------
    335 GB \\.\PhysicalDrive0 Unknown boot code

    Unknown boot code has been found on some of your physical disks.
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>

    Done;



    Press any key to quit...
  7. Broni

    Broni Malware Annihilator Posts: 46,492   +252

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  8. EM0

    EM0 Newcomer, in training Topic Starter

    ComboFix logs

    ComboFix 12-02-17.02 - Owner 02/18/2012 23:42:08.1.4 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1903 [GMT -5:00]
    Running from: c:\temp\VIRTUAL\ComboFix.exe
    AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\html
    c:\windows\system32\html\calendar.html
    c:\windows\system32\html\calendarbottom.html
    c:\windows\system32\html\calendartop.html
    c:\windows\system32\html\crystalexportdialog.htm
    c:\windows\system32\html\crystalprinthost.html
    c:\windows\system32\images
    c:\windows\system32\images\toolbar\calendar.gif
    c:\windows\system32\images\toolbar\crlogo.gif
    c:\windows\system32\images\toolbar\export.gif
    c:\windows\system32\images\toolbar\export_over.gif
    c:\windows\system32\images\toolbar\exportd.gif
    c:\windows\system32\images\toolbar\First.gif
    c:\windows\system32\images\toolbar\first_over.gif
    c:\windows\system32\images\toolbar\Firstd.gif
    c:\windows\system32\images\toolbar\gotopage.gif
    c:\windows\system32\images\toolbar\gotopage_over.gif
    c:\windows\system32\images\toolbar\gotopaged.gif
    c:\windows\system32\images\toolbar\grouptree.gif
    c:\windows\system32\images\toolbar\grouptree_over.gif
    c:\windows\system32\images\toolbar\grouptreed.gif
    c:\windows\system32\images\toolbar\grouptreepressed.gif
    c:\windows\system32\images\toolbar\Last.gif
    c:\windows\system32\images\toolbar\last_over.gif
    c:\windows\system32\images\toolbar\Lastd.gif
    c:\windows\system32\images\toolbar\Next.gif
    c:\windows\system32\images\toolbar\next_over.gif
    c:\windows\system32\images\toolbar\Nextd.gif
    c:\windows\system32\images\toolbar\Prev.gif
    c:\windows\system32\images\toolbar\prev_over.gif
    c:\windows\system32\images\toolbar\Prevd.gif
    c:\windows\system32\images\toolbar\print.gif
    c:\windows\system32\images\toolbar\print_over.gif
    c:\windows\system32\images\toolbar\printd.gif
    c:\windows\system32\images\toolbar\Refresh.gif
    c:\windows\system32\images\toolbar\refresh_over.gif
    c:\windows\system32\images\toolbar\refreshd.gif
    c:\windows\system32\images\toolbar\Search.gif
    c:\windows\system32\images\toolbar\search_over.gif
    c:\windows\system32\images\toolbar\searchd.gif
    c:\windows\system32\images\toolbar\up.gif
    c:\windows\system32\images\toolbar\up_over.gif
    c:\windows\system32\images\toolbar\upd.gif
    c:\windows\system32\images\tree\begindots.gif
    c:\windows\system32\images\tree\beginminus.gif
    c:\windows\system32\images\tree\beginplus.gif
    c:\windows\system32\images\tree\blank.gif
    c:\windows\system32\images\tree\blankdots.gif
    c:\windows\system32\images\tree\dots.gif
    c:\windows\system32\images\tree\lastdots.gif
    c:\windows\system32\images\tree\lastminus.gif
    c:\windows\system32\images\tree\lastplus.gif
    c:\windows\system32\images\tree\Magnify.gif
    c:\windows\system32\images\tree\minus.gif
    c:\windows\system32\images\tree\minusbox.gif
    c:\windows\system32\images\tree\plus.gif
    c:\windows\system32\images\tree\plusbox.gif
    c:\windows\system32\images\tree\singleminus.gif
    c:\windows\system32\images\tree\singleplus.gif
    E:\install.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-19 to 2012-02-19 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-19 04:56 . 2012-02-19 04:56 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-02-19 04:56 . 2012-02-19 04:56 -------- d-----w- c:\users\Owner\AppData\Local\temp
    2012-02-19 00:55 . 2012-01-17 09:39 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1A882FD-D70F-445D-A3DB-07285F2D86B9}\mpengine.dll
    2012-02-18 23:43 . 2012-02-18 23:43 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-02-17 04:26 . 2012-02-17 05:05 -------- d-----w- c:\users\Owner\AppData\Roaming\Auslogics
    2012-02-17 02:12 . 2012-02-17 02:12 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
    2012-02-17 02:12 . 2012-02-17 02:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-17 02:12 . 2012-02-17 02:12 -------- d-----w- c:\programdata\Malwarebytes
    2012-02-17 02:12 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-17 00:36 . 2012-02-18 02:36 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2012-02-17 00:36 . 2012-02-17 00:36 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2012-02-16 03:01 . 2012-02-16 03:00 139776 ----a-w- c:\programdata\Microsoft\Windows\DRM\4BCF.tmp
    2012-02-08 03:39 . 2012-02-08 03:39 -------- d-----w- c:\users\Owner\AppData\Local\BigHugeEngine
    2012-02-08 03:39 . 2012-02-08 03:39 -------- d-----w- c:\programdata\EA Core
    2012-02-08 03:39 . 2012-02-15 05:10 -------- d-----w- c:\programdata\EA Logs
    2012-02-08 03:17 . 2012-02-08 03:17 -------- d--h--w- c:\program files\Common Files\EAInstaller
    2012-02-08 02:53 . 2012-02-08 02:53 -------- d-----w- c:\program files\Origin Games
    2012-02-08 02:44 . 2012-02-08 02:48 -------- d-----w- c:\users\Owner\AppData\Roaming\Origin
    2012-02-08 02:44 . 2012-02-08 02:44 -------- d-----w- c:\users\Owner\AppData\Local\Origin
    2012-02-08 02:43 . 2012-02-08 03:39 -------- d-----w- c:\programdata\Electronic Arts
    2012-02-08 02:43 . 2012-02-08 03:38 -------- d-----w- c:\programdata\Origin
    2012-02-04 21:18 . 2012-02-04 21:18 -------- d-----w- c:\users\Owner\AppData\Local\THQ
    2012-02-04 14:45 . 2012-02-04 21:18 -------- d-----w- c:\users\Owner\AppData\Roaming\DarknessIIDemo
    2012-01-31 03:16 . 2012-02-02 02:21 -------- d-----w- c:\windows\system32\drivers\NIS\1207000.00D
    2012-01-30 00:16 . 2012-01-30 00:16 -------- d-----w- c:\users\Owner\AppData\Local\Mozilla
    2012-01-25 00:25 . 2012-01-25 00:25 -------- d-----w- c:\program files\iPod
    2012-01-25 00:25 . 2012-01-25 00:26 -------- d-----w- c:\program files\iTunes
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-30 00:18 . 2011-05-16 22:03 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-01-29 10:10 . 2010-03-09 15:19 237072 ------w- c:\windows\system32\MpSigStub.exe
    2011-11-25 15:59 . 2012-01-11 01:38 376320 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:37 . 2011-12-14 01:38 2043904 ----a-w- c:\windows\system32\win32k.sys
    2011-12-21 07:24 . 2012-01-30 00:15 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2004-05-12 1038336]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "c:\windows\system32\V0510Ext.ax"="c:\windows\system32\V0510Ext.ax" [X]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
    "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
    "OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
    "V0510Mon.exe"="c:\windows\V0510Mon.exe" [2007-12-07 32768]
    "WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="c:\windows\SMINST\launcher.exe" [2007-11-16 44168]
    .
    c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    CurseClientStartup.ccip [2010-3-1 0]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Snapfish Media Detector.lnk - c:\program files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-5-7 1273856]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - NIS
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-15 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Owner.job
    - c:\program files\Norton Internet Security\Engine\18.7.0.13\navw32.exe [2012-01-31 23:00]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    LSP: c:\windows\system32\wpclsp.dll
    TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
    FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8gcasubu.default\
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
    AddRemove-HijackThis - g:\backup\_DOWNLOADS\hijackthis\HijackThis.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-02-18 23:56
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\NIS]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.7.0.13\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2012-02-19 00:01:07
    ComboFix-quarantined-files.txt 2012-02-19 05:01
    .
    Pre-Run: 53,942,681,600 bytes free
    Post-Run: 53,620,391,936 bytes free
    .
    - - End Of File - - 6250FC3A4F46461C7F9A3DED01F5DF81
  9. Broni

    Broni Malware Annihilator Posts: 46,492   +252

    How is redirection?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  10. EM0

    EM0 Newcomer, in training Topic Starter

    OTL logs

    OTL logfile created on: 2/19/2012 12:35:11 AM - Run 1
    OTL by OldTimer - Version 3.2.33.0 Folder = C:\VIRTUAL
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 50.25% Memory free
    6.20 Gb Paging File | 4.75 Gb Available in Paging File | 76.69% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 326.03 Gb Total Space | 49.97 Gb Free Space | 15.33% Space Free | Partition Type: NTFS
    Drive D: | 9.32 Gb Total Space | 1.27 Gb Free Space | 13.60% Space Free | Partition Type: NTFS
    Drive E: | 335.35 Gb Total Space | 89.10 Gb Free Space | 26.57% Space Free | Partition Type: NTFS

    Computer Name: 0X10K0D30X1X1X0 | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/02/19 00:29:28 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\VIRTUAL\OTL.exe
    PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/05/21 05:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    PRC - [2011/05/21 05:01:00 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    PRC - [2011/05/21 05:01:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.7.0.13\ccsvchst.exe
    PRC - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/07/03 10:27:12 | 006,266,880 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
    PRC - [2008/01/20 21:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
    PRC - [2007/12/06 20:00:00 | 000,032,768 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\V0510Mon.exe
    PRC - [2007/04/18 10:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
    PRC - [2007/02/15 06:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    PRC - [2006/11/02 07:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wpcumi.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2012/02/14 20:18:18 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/05/21 05:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe -- (NIS)
    SRV - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2010/04/21 12:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\inetsrv\iisw3adm.dll -- (WAS)
    SRV - [2010/04/21 12:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\inetsrv\iisw3adm.dll -- (W3SVC)
    SRV - [2009/04/11 01:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
    SRV - [2008/11/18 19:36:09 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/11/07 08:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)


    ========== Driver Services (SafeList) ==========

    DRV - [2012/02/18 19:56:18 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120217.036\navex15.sys -- (NAVEX15)
    DRV - [2012/02/18 19:56:18 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2012/02/18 19:56:18 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120217.036\naveng.sys -- (NAVENG)
    DRV - [2012/02/03 22:28:46 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2011/12/15 18:33:22 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120217.003\IDSvix86.sys -- (IDSVix86)
    DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/11/30 21:25:03 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120215.001\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2011/05/21 05:01:00 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2011/05/09 18:28:54 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2011/04/20 20:37:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1207000.00D\SYMTDIV.SYS -- (SYMTDIv)
    DRV - [2011/03/30 22:04:12 | 000,035,960 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\SymIMV.sys -- (SymIM)
    DRV - [2011/03/30 22:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1207000.00D\SRTSP.SYS -- (SRTSP)
    DRV - [2011/03/30 22:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1207000.00D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV - [2011/03/14 21:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1207000.00D\SYMEFA.SYS -- (SymEFA)
    DRV - [2011/01/27 01:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1207000.00D\SYMDS.SYS -- (SymDS)
    DRV - [2011/01/27 00:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1207000.00D\Ironx86.SYS -- (SymIRON)
    DRV - [2010/11/11 18:10:50 | 000,122,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvhda32v.sys -- (NVHDA)
    DRV - [2008/08/01 18:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
    DRV - [2008/05/08 04:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
    DRV - [2008/05/08 04:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
    DRV - [2008/04/07 20:00:00 | 000,254,080 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\V0510Vid.sys -- (V0510Dev)
    DRV - [2007/12/07 10:28:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
    DRV - [2007/12/07 10:28:08 | 000,140,320 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
    DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2007/10/12 10:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)
    DRV - [2007/04/19 11:09:42 | 000,194,048 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NWADIenum.sys -- (NWADI)
    DRV - [2007/04/19 11:09:42 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nwusbser2.sys -- (NWUSBPort2)
    DRV - [2007/04/19 11:09:42 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nwusbser.sys -- (NWUSBPort)
    DRV - [2007/04/19 11:09:42 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nwusbmdm.sys -- (NWUSBModem)
    DRV - [2007/03/05 05:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\V0510Vfx.sys -- (V0510Vfx)
    DRV - [2005/12/12 11:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-3217977271-4127519066-1456135028-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-3217977271-4127519066-1456135028-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-3217977271-4127519066-1456135028-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3217977271-4127519066-1456135028-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    IE - HKU\S-1-5-21-3217977271-4127519066-1456135028-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
    IE - HKU\S-1-5-21-3217977271-4127519066-1456135028-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop

    ========== FireFox ==========


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
    FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2012/02/01 21:23:40 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_5_2 [2012/02/18 23:30:43 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/29 19:15:55 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

    [2011/09/11 08:59:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
    [2011/09/11 08:59:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions\uploadr@flickr.com
    [2012/01/29 19:15:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/02/18 23:56:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Reg Error: Value error.) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.0.13\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.0.13\ips\ipsbho.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.0.13\coieplg.dll (Symantec Corporation)
    O3 - HKU\S-1-5-21-3217977271-4127519066-1456135028-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.0.13\coieplg.dll (Symantec Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [C:\Windows\system32\V0510Ext.ax] C:\WINDOWS\System32\V0510Ext.ax (Creative Technology Ltd.)
    O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [V0510Mon.exe] C:\WINDOWS\V0510Mon.exe (Creative Technology Ltd.)
    O4 - HKLM..\Run: [WPCUMI] C:\WINDOWS\System32\wpcumi.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-3217977271-4127519066-1456135028-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
    O4 - HKU\S-1-5-21-3217977271-4127519066-1456135028-1006..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
    O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3217977271-4127519066-1456135028-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3217977271-4127519066-1456135028-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3217977271-4127519066-1456135028-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-3217977271-4127519066-1456135028-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\S-1-5-21-3217977271-4127519066-1456135028-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O7 - HKU\S-1-5-21-3217977271-4127519066-1456135028-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-21-3217977271-4127519066-1456135028-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-21-3217977271-4127519066-1456135028-1006\..Trusted Ranges: Range1 ([http] in )
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control)
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10D287B8-8D6C-48E8-830C-DAED1AAFD3E8}: DhcpNameServer = 65.32.5.111 65.32.5.112
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img10.jpg
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img10.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/02/19 19:56:37 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.divxa32 - C:\Windows\System32\divxa32.acm (Kristal StudioDFileDescription)
    Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
    Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/02/19 00:33:24 | 000,000,000 | ---D | C] -- C:\VIRTUAL
    [2012/02/19 00:01:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/02/19 00:01:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/02/19 00:01:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
    [2012/02/18 23:38:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/02/18 23:38:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/02/18 23:38:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/02/18 23:38:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/02/18 23:34:15 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/02/18 18:43:20 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/02/16 23:26:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Auslogics
    [2012/02/16 23:15:07 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2012/02/16 21:12:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
    [2012/02/16 21:12:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/02/16 21:12:20 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/02/16 21:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/02/16 21:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/02/16 19:36:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2012/02/16 19:36:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2012/02/16 19:36:07 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2012/02/07 22:39:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\BigHugeEngine
    [2012/02/07 22:39:53 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
    [2012/02/07 22:39:52 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
    [2012/02/07 22:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingdoms of Amalur Reckoning
    [2012/02/07 22:17:14 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\EAInstaller
    [2012/02/07 21:53:12 | 000,000,000 | ---D | C] -- C:\Program Files\Origin Games
    [2012/02/07 21:44:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Origin
    [2012/02/07 21:44:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Origin
    [2012/02/07 21:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
    [2012/02/07 21:43:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
    [2012/02/07 21:43:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
    [2012/02/04 16:36:57 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Jagged Alliance - Back in Action Demo
    [2012/02/04 16:18:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\THQ
    [2012/02/04 09:45:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\DarknessIIDemo
    [2012/01/29 19:16:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Mozilla
    [2012/01/29 19:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2012/01/24 19:26:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/01/24 19:25:19 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/01/24 19:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2009/01/19 13:32:33 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Owner\AppData\Roaming\pcouffin.sys

    ========== Files - Modified Within 30 Days ==========

    [2012/02/18 23:56:10 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/02/18 23:32:54 | 000,716,018 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/02/18 23:32:54 | 000,144,506 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/02/18 23:26:37 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/02/18 23:26:37 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/02/18 23:26:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/02/18 23:25:34 | 3219,513,344 | -HS- | M] () -- C:\hiberfil.sys
    [2012/02/18 19:40:06 | 002,413,800 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1207000.00D\Cat.DB
    [2012/02/18 09:29:04 | 000,002,032 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
    [2012/02/17 23:30:30 | 175,842,627 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/02/17 21:33:08 | 001,762,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/02/14 23:02:39 | 000,002,633 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
    [2012/02/14 20:15:07 | 000,000,538 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Owner.job
    [2012/02/09 22:01:44 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\Kingdoms of Amalur Reckoning.lnk
    [2012/02/07 21:46:51 | 000,000,634 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
    [2012/02/04 16:47:24 | 000,174,080 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/02/01 21:23:14 | 000,002,215 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
    [2012/01/30 18:58:36 | 000,002,631 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
    [2012/01/29 19:15:57 | 000,000,872 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/01/29 19:15:57 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/01/27 23:52:38 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1207000.00D\isolate.ini
    [2012/01/24 19:26:53 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/01/21 12:52:44 | 000,198,090 | ---- | M] () -- C:\Users\Owner\TaxReturn20011.pdf

    ========== Files Created - No Company Name ==========

    [2012/02/18 23:38:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/02/18 23:38:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/02/18 23:38:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/02/18 23:38:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/02/18 23:38:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/02/18 18:04:10 | 3219,513,344 | -HS- | C] () -- C:\hiberfil.sys
    [2012/02/07 22:17:19 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\Kingdoms of Amalur Reckoning.lnk
    [2012/02/07 21:43:29 | 000,000,634 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
    [2012/01/29 19:15:57 | 000,000,872 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/01/29 19:15:56 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/01/29 19:15:56 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/01/24 19:26:53 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/01/21 12:52:44 | 000,198,090 | ---- | C] () -- C:\Users\Owner\TaxReturn20011.pdf
    [2010/10/27 18:40:43 | 000,001,940 | ---- | C] () -- C:\Users\Owner\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2009/01/19 13:32:33 | 000,087,608 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\inst.exe
    [2009/01/19 13:32:33 | 000,007,887 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\pcouffin.cat
    [2009/01/19 13:32:33 | 000,001,144 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\pcouffin.inf
    [2008/12/31 10:00:22 | 000,002,032 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
    [2008/09/13 19:29:07 | 000,174,080 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== LOP Check ==========

    [2012/02/17 00:05:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Auslogics
    [2010/10/06 21:26:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG10
    [2010/07/10 21:16:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG9
    [2012/01/19 07:13:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BigHugeEngine
    [2012/02/04 16:18:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DarknessIIDemo
    [2011/11/12 22:29:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DVDFab
    [2010/03/15 21:59:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Facebook
    [2011/09/11 08:59:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Flickr
    [2010/02/25 18:17:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FrostWire
    [2011/09/21 23:53:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\HandBrake
    [2009/01/26 01:40:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ICAClient
    [2011/11/13 01:21:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MoveFab
    [2011/09/20 19:15:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozenda
    [2010/07/10 21:54:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
    [2012/02/07 21:48:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Origin
    [2011/02/06 08:20:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\RIFT
    [2009/01/14 21:04:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Smith Micro
    [2008/08/07 16:03:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Snapfish
    [2010/02/25 19:21:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
    [2011/11/12 22:28:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Vso
    [2008/08/13 17:57:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch
    [2011/05/27 09:57:16 | 000,000,000 | ---D | M] -- C:\Users\Tabitha\AppData\Roaming\Snapfish
    [2012/02/18 19:31:24 | 000,032,536 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2008/02/19 19:56:37 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
    [2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2008/02/19 19:31:50 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2012/02/19 00:01:07 | 000,012,141 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2012/02/18 23:25:34 | 3219,513,344 | -HS- | M] () -- C:\hiberfil.sys
    [2012/02/16 19:17:14 | 000,009,995 | ---- | M] () -- C:\hijackthis.log
    [2008/08/31 09:18:16 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/04/20 17:34:12 | 000,001,652 | ---- | M] () -- C:\MOV.ASC
    [2008/08/31 09:18:16 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2012/02/18 23:25:31 | 3533,451,264 | -HS- | M] () -- C:\pagefile.sys
    [2008/08/13 18:00:18 | 000,000,574 | ---- | M] () -- C:\RHDSetup.log
    [2012/02/18 18:50:52 | 000,079,438 | ---- | M] () -- C:\TDSSKiller.2.7.13.0_18.02.2012_18.49.52_log.txt

    < %systemroot%\Fonts\*.com >
    [2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/07 07:46:59 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/11/02 04:46:03 | 000,070,144 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNBPP3.DLL
    [2006/09/12 20:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPD78.DLL
    [2006/09/12 20:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPP78.DLL
    [2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\mdippr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/04/24 09:48:21 | 000,000,403 | -HS- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2011/02/10 19:36:49 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2011/02/10 19:36:19 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2011/02/10 19:36:19 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2011/02/10 19:36:19 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2011/02/10 19:36:19 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
    [2011/02/10 19:36:19 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2008/08/07 16:03:36 | 000,000,402 | -HS- | M] () -- C:\Users\Owner\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2008/02/19 19:47:57 | 000,000,342 | ---- | M] () -- C:\ProgramData\hpzinstall.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:07BF512B

    < End of report >
  11. EM0

    EM0 Newcomer, in training Topic Starter

    OTL Extras

    OTL Extras logfile created on: 2/19/2012 12:35:11 AM - Run 1
    OTL by OldTimer - Version 3.2.33.0 Folder = C:\VIRTUAL
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 50.25% Memory free
    6.20 Gb Paging File | 4.75 Gb Available in Paging File | 76.69% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 326.03 Gb Total Space | 49.97 Gb Free Space | 15.33% Space Free | Partition Type: NTFS
    Drive D: | 9.32 Gb Total Space | 1.27 Gb Free Space | 13.60% Space Free | Partition Type: NTFS
    Drive E: | 335.35 Gb Total Space | 89.10 Gb Free Space | 26.57% Space Free | Partition Type: NTFS

    Computer Name: 0X10K0D30X1X1X0 | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-3217977271-4127519066-1456135028-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{06F7B6D2-703F-485C-9FA1-45BD07C4652C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{18CEBAB3-31FC-43DB-ABB9-E7DAB707F908}" = lport=445 | protocol=6 | dir=in | app=system |
    "{231D0F82-3A64-4D37-B80F-81534ADBEB6E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{368A125B-B770-4C24-B6A4-307272C88CCE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{46786329-EDE5-4E1A-8399-3AD9D074D304}" = rport=445 | protocol=6 | dir=out | app=system |
    "{51527792-034A-4A72-8DA4-5F1B6DB695AC}" = rport=138 | protocol=17 | dir=out | app=system |
    "{75FF78DD-74A4-4928-A6E2-B430925CA708}" = rport=137 | protocol=17 | dir=out | app=system |
    "{86FA0681-8A62-465B-A901-E5D343E04AA0}" = rport=139 | protocol=6 | dir=out | app=system |
    "{974F47E3-CBA2-4AD6-826C-F149B9F538E1}" = lport=137 | protocol=17 | dir=in | app=system |
    "{9E60E27C-0E2B-4DC7-9D07-B6D40FEC1C2B}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
    "{9F6BB57F-1C2F-4C9B-9DF1-9850582F1E0B}" = lport=49163 | protocol=6 | dir=in | name=akamai netsession interface |
    "{A4C39FFB-DCE5-4763-9192-BABF6C81F067}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{D466A900-A013-45A6-80F1-708ABD0B3A2B}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
    "{E2AD2E86-8BE9-449F-8E61-7866E104DDA3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{E5040689-676B-4156-9612-3E8549D80EEB}" = lport=139 | protocol=6 | dir=in | app=system |
    "{E9B66399-016B-4F9E-857B-A1F47E46E1E0}" = lport=138 | protocol=17 | dir=in | app=system |
    "{EADC43C1-55AF-490F-A207-86EF2EF6D91D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{032313A4-AEAE-47FF-8459-1EBCB3C8E1A1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{1060B14D-692C-44AD-94D2-F45CB511990B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{10F1A243-9995-4EA6-986E-8560655BB074}" = protocol=17 | dir=in | app=c:\gamez\orgin games\kingdoms of amalur reckoning\reckoning.exe |
    "{20B72DEB-7FEC-4BB6-AED2-69D63AA92D59}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{2236304A-D432-4AEB-A1A5-9FF5FB3BBC51}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{29D8C374-CE70-470A-8CEF-C4AAFDCA69FE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{2DD46781-3797-4648-82F6-26D2E95C1A47}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
    "{3DCEE7FD-EB49-4FE8-A829-B6CD712E32AC}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{3FD8E052-3785-4A7B-A6DB-4BF0262367C4}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{6046CE11-7BD0-41E2-8925-87B4CD26DBD4}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "{6CFB4C96-84F0-4591-9964-350515339729}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
    "{76F3C1F3-9F47-47E6-B63B-3DF5607A0530}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{788B4025-04A0-4AE5-BCC4-67A6F0437F41}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
    "{7B0C7580-4A4C-4400-903E-1CC4BBA00C90}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{8B71DB8A-03A1-4F54-8BAB-B3293392CB3F}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
    "{A5D80019-6EAE-4C1B-85BD-4220E8385E31}" = protocol=6 | dir=in | app=c:\gamez\orgin games\kingdoms of amalur reckoning\reckoning.exe |
    "{A80DAEDF-F300-411B-9A2E-470C446A6BFD}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{A88B9983-67C5-4B49-A2F4-ADF571DB6A95}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{AA8EAC7C-B57A-45FF-99F6-D78EFB821FEF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{BDB4DF9C-3706-4B28-B583-6B50AE48ADD3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{DCAFECE2-5516-4E6E-B638-4A5F0ED5F9E2}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
    "{DD38007A-2ACC-48D5-A012-BA11A6CC0DE8}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{DF36C9AF-3F13-461A-8CF3-409C1B962B1F}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{F9705255-D8BE-4A86-81A5-5E30368B3BBD}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{FA667155-4675-43C3-AF8C-91F07316A628}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "TCP Query User{42AFE477-8E16-4C0A-A69D-2997CD8B7719}C:\gamez\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\gamez\world of warcraft\launcher.exe |
    "TCP Query User{551B7168-C8D4-4430-8250-573A71F70564}C:\gamez\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\gamez\world of warcraft\backgrounddownloader.exe |
    "TCP Query User{67190493-D429-44EB-8D1D-001873C832C7}C:\gamez\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe" = protocol=6 | dir=in | app=c:\gamez\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe |
    "TCP Query User{84EFCDE1-3166-4893-922A-9B6109DA1C48}C:\gamez\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe" = protocol=6 | dir=in | app=c:\gamez\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe |
    "TCP Query User{E2A84AB2-4A21-40E2-979B-73BE26E8378B}C:\gamez\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe" = protocol=6 | dir=in | app=c:\gamez\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe |
    "TCP Query User{E4D7CB08-BFF8-4CEE-9B1F-4745DFD828B9}C:\gamez\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe" = protocol=6 | dir=in | app=c:\gamez\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe |
    "UDP Query User{36EB5766-0A75-439D-AA0F-2CF68777BD15}C:\gamez\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\gamez\world of warcraft\backgrounddownloader.exe |
    "UDP Query User{60AA083E-DA09-4C03-B46B-5CBAA6427BE2}C:\gamez\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe" = protocol=17 | dir=in | app=c:\gamez\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe |
    "UDP Query User{88322112-4E82-43A8-AC46-05694CA83FB7}C:\gamez\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe" = protocol=17 | dir=in | app=c:\gamez\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe |
    "UDP Query User{A378E5FF-1428-4C80-B70D-EAFDFF8C8584}C:\gamez\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\gamez\world of warcraft\launcher.exe |
    "UDP Query User{AE237C79-87DD-4813-8427-DD7998B79E4C}C:\gamez\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe" = protocol=17 | dir=in | app=c:\gamez\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe |
    "UDP Query User{B6B3E34E-0F07-41D3-9DC4-105B8C6C5B66}C:\gamez\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe" = protocol=17 | dir=in | app=c:\gamez\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{029B5901-1F27-4347-9923-E8ACC8F54E15}" = Snapfish Picture Mover
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
    "{07EF3970-F8E5-4A27-A5A3-230484D35026}" = Microsoft Expression Encoder 4
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{08D605B4-DCD1-451F-ABD7-52E6BB868E4E}" = Microsoft Expression Design 4
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0E19A83E-F53B-40CF-8C91-96F32D955E6A}" = LightScribe System Software 1.10.23.1
    "{0E5FDD1D-DCE8-4F9D-9BFD-4E4CF89811E2}" = iCloud
    "{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{190D0C6E-C8A7-4019-8FB5-FD041EC1F2D2}" = Mobile Broadband Drivers
    "{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}" = HP Easy Setup - Frontend
    "{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
    "{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
    "{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
    "{256E7DAC-9BE8-494E-8DE7-7857BF96B774}" = Microsoft Expression Blend 3 SDK
    "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 26
    "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
    "{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    "{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
    "{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
    "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
    "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
    "{3A762A82-618D-3CAA-B847-D074ABFA0B2E}" = MSDN Library for Visual Studio 2008 - ENU
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{42A96544-2842-444E-8A27-A61848DDEC87}" = Adobe Photoshop Lightroom 2.1
    "{44F7BA74-C11A-49FC-B2FC-1B827C491F74}" = Microsoft Expression Studio 3
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4C6D5779-A766-45DF-9938-D6F595A66F2B}" = Microsoft Expression Blend 4
    "{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{5115C036-C0D5-4E1B-81C9-542CA967478A}" = muvee autoProducer 6.1
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
    "{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1)
    "{5F8D931D-B230-47F3-A9C0-0C8CA459A332}" = Microsoft Expression Web 4
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
    "{65BCF909-6AF7-4B01-8EB3-713CE2873DC8}" = Microsoft Expression Web 3
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
    "{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Kingdoms of Amalur: Reckoning
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
    "{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{7020FC34-6E04-4858-924D-354B28CB2402}_is1" = Luminance HDR 2.1.0
    "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{752E90AC-3F11-4EA3-88EA-96441047EC31}" = Microsoft Expression Web 3 SP1
    "{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{801B0DA3-A3FF-46CC-B97F-D76D510AF5AE}" = Microsoft Silverlight 4 SDK
    "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
    "{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
    "{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
    "{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{C00A9857-850C-4C68-A583-2EF4F24706F5}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
    "{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
    "{A06FE62B-CEBC-4E94-AED8-92DCC33BC8EA}" = Microsoft Expression Studio 4
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A4FA40F1-B88C-4BDF-B291-ED34982CB48F}" = Microsoft Expression Blend 3
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.58
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.13.1
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
    "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
    "{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
    "{BF127B80-CFD5-4379-9752-E8AF1A5D0141}" = Microsoft Expression Encoder 4 Screen Capture Codec
    "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C8D47273-7A1A-4614-A3D8-263632D8A5ED}" = HP Customer Experience Enhancements
    "{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
    "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
    "{E9980014-BE11-4891-A5F4-0F2917B856BC}" = Microsoft Expression Design 3
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
    "{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}" = Microsoft Expression Web 4 Service Pack 2
    "{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
    "{F73340A9-8AA9-49C4-937E-E271B837056C}" = Microsoft Expression Encoder 3
    "{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
    "{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{fef8097e-662d-49b3-aa77-2919db3746d7}" = HP Total Care Advisor
    "{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
    "{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
    "Advanced Video FX Engine" = Advanced Video FX Engine
    "Blend_3.0.1927.0" = Microsoft Expression Blend 3
    "Blend_4.0.20525.0" = Microsoft Expression Blend 4
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
    "Design_6.0.1739.0" = Microsoft Expression Design 3
    "Design_7.0.20516.0" = Microsoft Expression Design 4
    "DVD Decrypter" = DVD Decrypter (Remove Only)
    "DVDFab 8 Qt_is1" = DVDFab 8.1.3.3 (12/11/2011) Qt Beta
    "Encoder_3.0.1332.0" = Microsoft Expression Encoder 3
    "Encoder_4.0.1639.0" = Microsoft Expression Encoder 4
    "ExpressionStudio_3.0.1061.0" = Microsoft Expression Studio 3
    "ExpressionStudio_4.0.20525.0" = Microsoft Expression Studio 4
    "Flickr Uploadr" = Flickr Uploadr 3.2.1
    "HandBrake" = HandBrake 0.9.5
    "HP Photosmart Essential" = HP Photosmart Essential 2.5
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
    "Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
    "Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
    "MSDN Library for Visual Studio 2008 - ENU" = MSDN Library for Visual Studio 2008 - ENU
    "NIS" = Norton Internet Security
    "NVIDIA Drivers" = NVIDIA Drivers
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "OfficeTrial" = Microsoft Office Home and Student 60 day trial
    "Origin" = Origin
    "OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
    "PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
    "PeerGuardian_is1" = PeerGuardian 2.0
    "Picasa 3" = Picasa 3
    "Rocketfish VF0510" = Rocketfish 2MP AF Webcam Driver (1.00.06.00)
    "Rocketfish Webcam User's Guide" = Rocketfish Webcam User's Guide
    "Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.3
    "Steam App 203970" = Kingdoms of Amalur: Reckoning Demo
    "SystemRequirementsLab" = System Requirements Lab
    "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
    "Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
    "VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
    "VZAccess Manager" = VZAccess Manager
    "Web_3.0.3813.0" = Microsoft Expression Web 3
    "Web_4.0.1303.0" = Microsoft Expression Web 4
    "WildTangent hp Master Uninstall" = My HP Games
    "WinLiveSuite" = Windows Live Essentials
    "World of Warcraft" = World of Warcraft
    "Yahoo! Messenger" = Yahoo! Messenger

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3217977271-4127519066-1456135028-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "090215de958f1060" = Curse Client
    "Facebook Plug-In" = Facebook Plug-In
    "UnityWebPlayer" = Unity Web Player
    "uTorrent" = µTorrent

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 2/18/2012 7:46:54 PM | Computer Name = 0x10k0d30x1x1x0 | Source = WinMgmt | ID = 10
    Description =

    Error - 2/18/2012 8:34:20 PM | Computer Name = 0x10k0d30x1x1x0 | Source = WinMgmt | ID = 10
    Description =

    Error - 2/18/2012 8:42:57 PM | Computer Name = 0x10k0d30x1x1x0 | Source = Perflib | ID = 1008
    Description =

    Error - 2/18/2012 8:42:57 PM | Computer Name = 0x10k0d30x1x1x0 | Source = Perflib | ID = 1008
    Description =

    Error - 2/18/2012 8:42:58 PM | Computer Name = 0x10k0d30x1x1x0 | Source = Perflib | ID = 1008
    Description =

    Error - 2/18/2012 8:43:03 PM | Computer Name = 0x10k0d30x1x1x0 | Source = Perflib | ID = 1008
    Description =

    Error - 2/18/2012 8:43:03 PM | Computer Name = 0x10k0d30x1x1x0 | Source = Perflib | ID = 1005
    Description =

    Error - 2/18/2012 8:43:03 PM | Computer Name = 0x10k0d30x1x1x0 | Source = Perflib | ID = 1018
    Description =

    Error - 2/18/2012 8:43:06 PM | Computer Name = 0x10k0d30x1x1x0 | Source = Perflib | ID = 1008
    Description =

    Error - 2/19/2012 12:27:02 AM | Computer Name = 0x10k0d30x1x1x0 | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 2/19/2012 12:22:09 AM | Computer Name = 0x10k0d30x1x1x0 | Source = Service Control Manager | ID = 7034
    Description =

    Error - 2/19/2012 12:22:09 AM | Computer Name = 0x10k0d30x1x1x0 | Source = Service Control Manager | ID = 7031
    Description =

    Error - 2/19/2012 12:22:09 AM | Computer Name = 0x10k0d30x1x1x0 | Source = Service Control Manager | ID = 7031
    Description =

    Error - 2/19/2012 12:22:17 AM | Computer Name = 0x10k0d30x1x1x0 | Source = Service Control Manager | ID = 7034
    Description =

    Error - 2/19/2012 12:26:33 AM | Computer Name = 0x10k0d30x1x1x0 | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 11:23:39 PM on 2/18/2012 was unexpected.

    Error - 2/19/2012 12:27:02 AM | Computer Name = 0x10k0d30x1x1x0 | Source = Service Control Manager | ID = 7026
    Description =

    Error - 2/19/2012 12:40:09 AM | Computer Name = 0x10k0d30x1x1x0 | Source = Service Control Manager | ID = 7034
    Description =

    Error - 2/19/2012 12:40:54 AM | Computer Name = 0x10k0d30x1x1x0 | Source = Service Control Manager | ID = 7030
    Description =

    Error - 2/19/2012 12:49:51 AM | Computer Name = 0x10k0d30x1x1x0 | Source = Service Control Manager | ID = 7030
    Description =

    Error - 2/19/2012 12:56:13 AM | Computer Name = 0x10k0d30x1x1x0 | Source = Service Control Manager | ID = 7030
    Description =


    < End of report >
     
  12. Broni

    Broni Malware Annihilator Posts: 46,492   +252

    I can't proceed since you didn't answer my question:
    [​IMG]
  13. EM0

    EM0 Newcomer, in training Topic Starter

    Oops

    Sorry I missed that question more worried with following the directions.

    Other than everything seeming really slow I am not getting redirected at this point. Pages are taking a long time to load on that computer but pop up on this one.

    Thanks again for your help with this.
  14. Broni

    Broni Malware Annihilator Posts: 46,492   +252

    Does the slowness affect a browser only?
    If so, which browser?

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
      O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
      O15 - HKU\S-1-5-21-3217977271-4127519066-1456135028-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
      O15 - HKU\S-1-5-21-3217977271-4127519066-1456135028-1006\..Trusted Ranges: Range1 ([http] in )
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [2010/10/06 21:26:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG10
      [2010/07/10 21:16:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG9
      @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:07BF512B
      
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
      "DisableMonitoring" =-
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring" =-
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
      "DisableMonitoring" =-
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =================================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ====================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  15. EM0

    EM0 Newcomer, in training Topic Starter

    Working on other logs.

    Appears to be FireFox more than IE in the few sites I tried just now after a reboot.

    Thanks again and I am working on the other suggestions.
  16. EM0

    EM0 Newcomer, in training Topic Starter

    New OTL scan

    All processes killed
    ========== OTL ==========
    Registry key HKU.DEFAULTSOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\HKU.DEFAULT..Trusted Ranges Range1 not found.
    Registry key HKUS-1-5-18SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\HKUS-1-5-18..Trusted Ranges Range1 not found.
    Registry key HKUS-1-5-21-3217977271-4127519066-1456135028-1000SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\HKUS-1-5-21-3217977271-4127519066-1456135028-1000..Trusted Ranges Range1 not found.
    Registry key HKUS-1-5-21-3217977271-4127519066-1456135028-1006SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\HKUS-1-5-21-3217977271-4127519066-1456135028-1006..Trusted Ranges Range1 not found.
    Starting removal of ActiveX control O16 - DPF {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\O16 - DPF {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\O16 - DPF {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control O16 - DPF {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\O16 - DPF {E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\O16 - DPF {E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Folder CUsersOwnerAppDataRoamingAVG10\ not found.
    Folder CUsersOwnerAppDataRoamingAVG9\ not found.
    Unable to delete ADS Alternate Data Stream - 144 bytes - CProgramDataTEMP07BF512B .
    File EY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring] not found.
    File EY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecAntiVirus] not found.
    File EY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecFirewall] not found.
    File rity] not found.
    File ptytemp] not found.
    File ptyjava] not found.
    File ptyflash] not found.
    File boot] not found.

    OTL by OldTimer - Version 3.2.33.0 log created on 02192012_140248

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
  17. EM0

    EM0 Newcomer, in training Topic Starter

    I think these all of the logs you requested

    If I missed anything let me know and I will grab it for you off the key. Is it safe yet to backup my data to a removeable drive without taking a chance of infecting another system I might hook it up too?

    Thanks again for all your help.


    Results of screen317's Security Check version 0.99.24
    Windows Vista Service Pack 2 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    Norton Internet Security
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Out of date Spybot installed!
    Spybot - Search & Destroy 1.3
    Java(TM) 6 Update 31
    Java(TM) SE Runtime Environment 6 Update 1
    Out of date Java installed!
    Adobe Flash Player 11.1.102.55
    Mozilla Firefox (x86 en-US..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Norton ccSvcHst.exe
    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    ``````````End of Log````````````




    Farbar Service Scanner Version: 14-02-2012
    Ran by Owner (administrator) on 19-02-2012 at 14:32:16
    Running from "C:\VIRTUAL"
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall"=DWORD:0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****



    C:\TDSSKiller_Quarantine\18.02.2012_18.39.52\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.JG trojan cleaned by deleting - quarantined
  18. Broni

    Broni Malware Annihilator Posts: 46,492   +252

    At this point yes.

    Uninstall Java(TM) SE Runtime Environment 6 Update 1

    ===============================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
  19. Broni

    Broni Malware Annihilator Posts: 46,492   +252

    The issue seems to be resolved.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.