Have the redirect malware, cannot find it with scans/removers

Solved
By VarusTech
Nov 12, 2011
  1. Hello,

    I have unfortunately gotten the redirect malware on my computer. The first symptoms began showing yesterday. Since then, I've taken several (and clumsy) approaches to removing it. I have Norton 360 and it informed me yesterday that a restart was needed to finish removing a security threat.

    Since the restart I cannot open it, not even with task manager's "New Task" option. I downloaded Malwarebyte's Anti-malware and scanned my computer, but no dice. I also ran TDSSkiller.exe three times with no prevail. I tried scans with Spywaredoctor and Superantispyware but only removed a hundred or so tracking cookies.

    These are the only steps I have taken to remedy the problem thus far besides leaving a few details at the "dedicated 2 viruses" website and posting here. I am thankful for any advice or details to help solve this issue.
  2. VarusTech

    VarusTech Newcomer, in training Topic Starter Posts: 22

    MBAM and GMER logs

    Here are the Malwarebytes and GMER logs. I was not able to download the DDS program from the link provided in the 5-step thread, all I get is a page with the address "about:blank" and nothing happens. Anyway, here are the other two logs:


    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7622

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    11/12/2011 11:11:39 PM
    mbam-log-2011-11-12 (23-11-39).txt

    Scan type: Quick scan
    Objects scanned: 202809
    Time elapsed: 20 minute(s), 52 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)



    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-11-13 08:48:05
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3120814A rev.3.AAJ
    Running: 8zhc3pzz.exe; Driver: C:\DOCUME~1\Daniel\LOCALS~1\Temp\uwroykow.sys


    ---- System - GMER 1.0.15 ----

    SSDT 89941EF8 ZwAlertResumeThread
    SSDT 8993A7E8 ZwAlertThread
    SSDT 898D30F0 ZwAllocateVirtualMemory
    SSDT 898F1038 ZwAssignProcessToJobObject
    SSDT 898DAAA8 ZwConnectPort
    SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0x8A319D3E]
    SSDT 89791F38 ZwCreateMutant
    SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x8A2E8C0C]
    SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x8A2E8ED4]
    SSDT 891402A8 ZwCreateSymbolicLinkObject
    SSDT 89829ED8 ZwCreateThread
    SSDT 8991B618 ZwDebugActiveProcess
    SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0x8A31A638]
    SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0x8A31A950]
    SSDT 89902B90 ZwDuplicateObject
    SSDT 8986B718 ZwFreeVirtualMemory
    SSDT 89916888 ZwImpersonateAnonymousToken
    SSDT 89BC4008 ZwImpersonateThread
    SSDT 89940E50 ZwLoadDriver
    SSDT 8984BEE0 ZwMapViewOfSection
    SSDT 89918418 ZwOpenEvent
    SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0x8A318EC2]
    SSDT 89BE3008 ZwOpenProcess
    SSDT 897B6F30 ZwOpenProcessToken
    SSDT 8991A9A8 ZwOpenSection
    SSDT 89919060 ZwOpenThread
    SSDT 8931A468 ZwProtectVirtualMemory
    SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0x8A31AE1A]
    SSDT 89966978 ZwResumeThread
    SSDT 897B4FD0 ZwSetContextThread
    SSDT 897E2EB8 ZwSetInformationProcess
    SSDT 8991AFD0 ZwSetSystemInformation
    SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0x8A31A09E]
    SSDT 89919738 ZwSuspendProcess
    SSDT 8993E370 ZwSuspendThread
    SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0x8B47D640]
    SSDT 897B34B8 ZwTerminateThread
    SSDT 897B6CF0 ZwUnmapViewOfSection
    SSDT 89886A38 ZwWriteVirtualMemory

    ---- Kernel code sections - GMER 1.0.15 ----

    ? SYMDS.SYS The system cannot find the file specified. !
    ? SYMEFA.SYS The system cannot find the file specified. !
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6BEE380, 0x8D6CD5, 0xE8000020]
    .PAGE1 C:\WINDOWS\System32\DRIVERS\redbook.sys unknown last section [0xB78C2A00, 0x100, 0xC0000040]
    ? C:\WINDOWS\System32\DRIVERS\redbook.sys suspicious PE modification
    ? C:\DOCUME~1\Daniel\LOCALS~1\Temp\pcttProtect32.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Internet Explorer\iexplore.exe[384] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 049500B3
    .text C:\Program Files\Internet Explorer\iexplore.exe[384] kernel32.dll!VirtualProtectEx + 6E 7C801ACF 7 Bytes JMP 04950502
    .text C:\Program Files\Internet Explorer\iexplore.exe[384] kernel32.dll!ReadProcessMemory + 3E 7C80220E 7 Bytes JMP 049502E0
    .text C:\Program Files\Internet Explorer\iexplore.exe[384] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 0495044C
    .text C:\Program Files\Internet Explorer\iexplore.exe[384] kernel32.dll!GetVersionExA + D3 7C812C51 7 Bytes JMP 049505B8
    .text C:\Program Files\Internet Explorer\iexplore.exe[384] kernel32.dll!GetProcessHandleCount + 35 7C86229F 7 Bytes JMP 04950396
    .text C:\Program Files\Internet Explorer\iexplore.exe[384] ole32.dll!CreateBindCtx + B5F 774FF14F 7 Bytes JMP 0495072C
    .text C:\Program Files\Internet Explorer\iexplore.exe[384] ole32.dll!CoImpersonateClient + 51 775151F0 7 Bytes JMP 04950672
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1580] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FF0001
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1924] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F00001
    .text C:\Program Files\Internet Explorer\iexplore.exe[2208] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 062C00B3
    .text C:\Program Files\Internet Explorer\iexplore.exe[2208] kernel32.dll!VirtualProtectEx + 6E 7C801ACF 7 Bytes JMP 062C0502
    .text C:\Program Files\Internet Explorer\iexplore.exe[2208] kernel32.dll!ReadProcessMemory + 3E 7C80220E 7 Bytes JMP 062C02E0
    .text C:\Program Files\Internet Explorer\iexplore.exe[2208] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 062C044C
    .text C:\Program Files\Internet Explorer\iexplore.exe[2208] kernel32.dll!GetVersionExA + D3 7C812C51 7 Bytes JMP 062C05B8
    .text C:\Program Files\Internet Explorer\iexplore.exe[2208] kernel32.dll!GetProcessHandleCount + 35 7C86229F 7 Bytes JMP 062C0396
    .text C:\Program Files\Internet Explorer\iexplore.exe[2208] ole32.dll!CreateBindCtx + B5F 774FF14F 7 Bytes JMP 062C072C
    .text C:\Program Files\Internet Explorer\iexplore.exe[2208] ole32.dll!CoImpersonateClient + 51 775151F0 7 Bytes JMP 062C0672
    .text C:\Program Files\Axantum\AxCrypt\AxCrypt.exe[2732] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01060001
    .text C:\WINDOWS\system32\igfxsrvc.exe[3112] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01210001
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3344] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AC0001
    .text C:\WINDOWS\system32\RunDLL32.exe[3352] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 015C0001
    .text C:\WINDOWS\Explorer.EXE[3444] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 09750001
    .text ...
    .text C:\WINDOWS\system32\svchost.exe[5492] USER32.dll!DialogBoxIndirectParamAorW 7E4249D0 5 Bytes [33, C0, C2, 18, 00] {XOR EAX, EAX; RET 0x18}

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device \Driver\PCToolsProtectInjDrv \Device\PCToolsProtectInjDrv pcttProtect32.sys

    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device \Driver\PCTSDInjDriver32 \Device\PCTSDInjDriver32 PCTSDInj32.sys (UM Injection Driver/PC Tools)

    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    ---- Modules - GMER 1.0.15 ----

    Module (noname) (*** hidden *** ) B8555000-B855E000 (36864 bytes)
    Module (noname) (*** hidden *** ) F7657000-F7665000 (57344 bytes)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:128] B85593E0
    Thread System [4:132] B85593E0
    Thread System [4:136] 8980C330
    Thread System [4:140] 8980C330

    ---- Files - GMER 1.0.15 ----

    File C:\Documents and Settings\NetworkService\Cookies\CAGPQ76D.txt 2411 bytes
    File C:\Documents and Settings\NetworkService\Cookies\CAIV6FS9.txt 0 bytes
    File C:\Documents and Settings\NetworkService\Cookies\CAOXNPKR.txt 5647 bytes
    File C:\Documents and Settings\NetworkService\Cookies\CAS6OCJU.txt 0 bytes
    File C:\Documents and Settings\NetworkService\Cookies\CAYRGARD.txt 0 bytes
    File C:\Documents and Settings\NetworkService\Cookies\CAYZST2B.txt 0 bytes
    File C:\Documents and Settings\NetworkService\Cookies\CAZ1MUQ7.txt 2909 bytes
    File C:\Documents and Settings\NetworkService\Cookies\CAZIB9AD.txt 0 bytes
    File C:\Documents and Settings\NetworkService\Cookies\CAL4WQJR.txt 423 bytes
    File C:\Documents and Settings\NetworkService\Cookies\CAEFCHM7.txt 126 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\09ER4TAV\47c5424c-0c01-43f8-a898-8917f4f17ee8[1].htm 761 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\09ER4TAV\btr[1].css 49143 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\09ER4TAV\shares[1].json 105 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\09ER4TAV\iframe[1].htm 469 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\09ER4TAV\CAKZWRYJ.php 2510 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\09ER4TAV\glamadapt_jsrv[1].act 2784 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\09ER4TAV\ico-arrow[2].png 155 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\09ER4TAV\ico-email[1].png 1589 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\09ER4TAV\ico-twitter[1].png 1649 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\09ER4TAV\sprite1[1].png 117393 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\09ER4TAV\CACJL3F5.gif 35 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\09ER4TAV\decide[1].php 46 bytes
    File C:\WINDOWS\$NtUninstallKB63947$\3717389222 0 bytes
    File C:\WINDOWS\$NtUninstallKB63947$\3717389222\@ 2048 bytes
    File C:\WINDOWS\$NtUninstallKB63947$\3717389222\L 0 bytes
    File C:\WINDOWS\$NtUninstallKB63947$\3717389222\L\akygdmgo 57600 bytes
    File C:\WINDOWS\$NtUninstallKB63947$\3717389222\loader.tlb 2632 bytes
    File C:\WINDOWS\$NtUninstallKB63947$\3717389222\U 0 bytes
    File C:\WINDOWS\$NtUninstallKB63947$\3717389222\U\@00000001 45968 bytes
    File C:\WINDOWS\$NtUninstallKB63947$\3717389222\U\@000000c0 3072 bytes
    File C:\WINDOWS\$NtUninstallKB63947$\3717389222\U\@000000cb 3072 bytes
    File C:\WINDOWS\$NtUninstallKB63947$\3717389222\U\@000000cf 1536 bytes
    File C:\WINDOWS\$NtUninstallKB63947$\3717389222\U\@80000000 23040 bytes
    File C:\WINDOWS\$NtUninstallKB63947$\3717389222\U\@800000c0 35840 bytes
    File C:\WINDOWS\$NtUninstallKB63947$\3717389222\U\@800000cb 23040 bytes
    File C:\WINDOWS\$NtUninstallKB63947$\3717389222\U\@800000cf 29184 bytes
    File C:\WINDOWS\$NtUninstallKB63947$\949474658 0 bytes

    ---- EOF - GMER 1.0.15 ----
  3. Broni

    Broni Malware Annihilator Posts: 45,265   +243

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================================================

    Are you able to run DDS?
  4. VarusTech

    VarusTech Newcomer, in training Topic Starter Posts: 22

    Hello,

    I cannot download DDS from the link provided in the "5-step Viruses/Spyware/Malware Preliminary Removal Instructions" thread. When I click on the link, I get a new window named "Untitled" and with the address "about:blank". Is there another link that I can get it from?
  5. Broni

    Broni Malware Annihilator Posts: 45,265   +243

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  6. VarusTech

    VarusTech Newcomer, in training Topic Starter Posts: 22

    Here is the report:

    09:33:23.0234 5460 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
    09:33:23.0343 5460 ============================================================
    09:33:23.0343 5460 Current date / time: 2011/11/13 09:33:23.0343
    09:33:23.0343 5460 SystemInfo:
    09:33:23.0343 5460
    09:33:23.0343 5460 OS Version: 5.1.2600 ServicePack: 3.0
    09:33:23.0343 5460 Product type: Workstation
    09:33:23.0343 5460 ComputerName: DANIEL-Q09D8YI1
    09:33:23.0343 5460 UserName: Daniel
    09:33:23.0343 5460 Windows directory: C:\WINDOWS
    09:33:23.0343 5460 System windows directory: C:\WINDOWS
    09:33:23.0343 5460 Processor architecture: Intel x86
    09:33:23.0343 5460 Number of processors: 2
    09:33:23.0343 5460 Page size: 0x1000
    09:33:23.0343 5460 Boot type: Normal boot
    09:33:23.0343 5460 ============================================================
    09:33:24.0109 5460 Initialize success
    09:33:29.0234 5012 ============================================================
    09:33:29.0234 5012 Scan started
    09:33:29.0234 5012 Mode: Manual;
    09:33:29.0234 5012 ============================================================
    09:33:30.0046 5012 Abiosdsk - ok
    09:33:30.0062 5012 abp480n5 - ok
    09:33:30.0125 5012 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    09:33:30.0140 5012 ACPI - ok
    09:33:30.0171 5012 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    09:33:30.0187 5012 ACPIEC - ok
    09:33:30.0203 5012 adpu160m - ok
    09:33:30.0281 5012 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    09:33:30.0281 5012 aec - ok
    09:33:30.0328 5012 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    09:33:30.0328 5012 AegisP - ok
    09:33:30.0406 5012 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    09:33:30.0406 5012 AFD - ok
    09:33:30.0468 5012 Aha154x - ok
    09:33:30.0484 5012 aic78u2 - ok
    09:33:30.0500 5012 aic78xx - ok
    09:33:30.0546 5012 AliIde - ok
    09:33:30.0578 5012 amsint - ok
    09:33:30.0609 5012 asc - ok
    09:33:30.0671 5012 asc3350p - ok
    09:33:30.0703 5012 asc3550 - ok
    09:33:30.0796 5012 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    09:33:30.0796 5012 AsyncMac - ok
    09:33:30.0828 5012 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    09:33:30.0828 5012 atapi - ok
    09:33:30.0843 5012 Atdisk - ok
    09:33:31.0000 5012 ati2mtag (c51608bba3248be2f6d21b132910752a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    09:33:31.0125 5012 ati2mtag - ok
    09:33:31.0218 5012 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    09:33:31.0218 5012 Atmarpc - ok
    09:33:31.0312 5012 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    09:33:31.0312 5012 audstub - ok
    09:33:31.0359 5012 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    09:33:31.0359 5012 Beep - ok
    09:33:31.0718 5012 BHDrvx86 (fe57ab6683f48264d1cd36f5d5ee95a8) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111027.001\BHDrvx86.sys
    09:33:31.0750 5012 BHDrvx86 - ok
    09:33:31.0875 5012 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    09:33:31.0890 5012 cbidf2k - ok
    09:33:31.0906 5012 cd20xrnt - ok
    09:33:32.0000 5012 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    09:33:32.0000 5012 Cdaudio - ok
    09:33:32.0062 5012 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    09:33:32.0062 5012 Cdfs - ok
    09:33:32.0093 5012 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    09:33:32.0093 5012 Cdrom - ok
    09:33:32.0109 5012 Changer - ok
    09:33:32.0140 5012 CmdIde - ok
    09:33:32.0218 5012 Cpqarray - ok
    09:33:32.0296 5012 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
    09:33:32.0296 5012 ctsfm2k - ok
    09:33:32.0312 5012 dac2w2k - ok
    09:33:32.0328 5012 dac960nt - ok
    09:33:32.0437 5012 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    09:33:32.0437 5012 Disk - ok
    09:33:32.0515 5012 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    09:33:32.0546 5012 dmboot - ok
    09:33:32.0562 5012 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    09:33:32.0578 5012 dmio - ok
    09:33:32.0593 5012 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    09:33:32.0593 5012 dmload - ok
    09:33:32.0687 5012 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    09:33:32.0687 5012 DMusic - ok
    09:33:32.0718 5012 dpti2o - ok
    09:33:32.0812 5012 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    09:33:32.0828 5012 drmkaud - ok
    09:33:33.0000 5012 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    09:33:33.0015 5012 eeCtrl - ok
    09:33:33.0062 5012 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    09:33:33.0062 5012 EraserUtilRebootDrv - ok
    09:33:33.0359 5012 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    09:33:33.0437 5012 Fastfat - ok
    09:33:33.0484 5012 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    09:33:33.0484 5012 Fdc - ok
    09:33:33.0500 5012 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    09:33:33.0781 5012 Fips - ok
    09:33:33.0812 5012 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    09:33:33.0812 5012 Flpydisk - ok
    09:33:33.0875 5012 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    09:33:33.0890 5012 FltMgr - ok
    09:33:33.0953 5012 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    09:33:33.0953 5012 Fs_Rec - ok
    09:33:33.0968 5012 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    09:33:33.0968 5012 Ftdisk - ok
    09:33:34.0062 5012 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    09:33:34.0062 5012 GEARAspiWDM - ok
    09:33:34.0187 5012 gkmixern - ok
    09:33:34.0265 5012 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    09:33:34.0265 5012 Gpc - ok
    09:33:34.0343 5012 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    09:33:34.0343 5012 HidUsb - ok
    09:33:34.0375 5012 hpn - ok
    09:33:34.0406 5012 hpt3xx - ok
    09:33:34.0468 5012 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
    09:33:34.0484 5012 HTTP - ok
    09:33:34.0500 5012 i2omgmt - ok
    09:33:34.0531 5012 i2omp - ok
    09:33:34.0609 5012 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    09:33:34.0609 5012 i8042prt - ok
    09:33:34.0703 5012 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    09:33:34.0750 5012 ialm - ok
    09:33:35.0015 5012 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111110.030\IDSxpx86.sys
    09:33:35.0031 5012 IDSxpx86 - ok
    09:33:35.0171 5012 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys
    09:33:35.0187 5012 Imapi - ok
    09:33:35.0203 5012 ini910u - ok
    09:33:35.0218 5012 IntelIde - ok
    09:33:35.0265 5012 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    09:33:35.0265 5012 intelppm - ok
    09:33:35.0312 5012 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    09:33:35.0312 5012 ip6fw - ok
    09:33:35.0390 5012 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    09:33:35.0390 5012 IpFilterDriver - ok
    09:33:35.0468 5012 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    09:33:35.0468 5012 IpInIp - ok
    09:33:35.0515 5012 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    09:33:35.0515 5012 IpNat - ok
    09:33:35.0546 5012 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    09:33:35.0546 5012 IPSec - ok
    09:33:35.0609 5012 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    09:33:35.0609 5012 IRENUM - ok
    09:33:35.0656 5012 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    09:33:35.0656 5012 isapnp - ok
    09:33:35.0687 5012 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    09:33:35.0703 5012 Kbdclass - ok
    09:33:35.0765 5012 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    09:33:35.0781 5012 kmixer - ok
    09:33:35.0796 5012 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    09:33:35.0812 5012 KSecDD - ok
    09:33:35.0828 5012 lbrtfdc - ok
    09:33:36.0000 5012 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    09:33:36.0000 5012 mnmdd - ok
    09:33:36.0078 5012 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    09:33:36.0078 5012 Modem - ok
    09:33:36.0093 5012 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    09:33:36.0093 5012 Mouclass - ok
    09:33:36.0187 5012 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    09:33:36.0187 5012 mouhid - ok
    09:33:36.0218 5012 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    09:33:36.0218 5012 MountMgr - ok
    09:33:36.0218 5012 mraid35x - ok
    09:33:36.0250 5012 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    09:33:36.0265 5012 MRxDAV - ok
    09:33:36.0343 5012 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    09:33:36.0343 5012 MRxSmb - ok
    09:33:36.0421 5012 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    09:33:36.0421 5012 Msfs - ok
    09:33:36.0500 5012 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    09:33:36.0515 5012 MSKSSRV - ok
    09:33:36.0562 5012 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    09:33:36.0562 5012 MSPCLOCK - ok
    09:33:36.0593 5012 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    09:33:36.0593 5012 MSPQM - ok
    09:33:36.0640 5012 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    09:33:36.0640 5012 mssmbios - ok
    09:33:36.0718 5012 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    09:33:36.0718 5012 Mup - ok
    09:33:37.0031 5012 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111111.002\NAVENG.SYS
    09:33:37.0031 5012 NAVENG - ok
    09:33:37.0109 5012 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111111.002\NAVEX15.SYS
    09:33:37.0156 5012 NAVEX15 - ok
    09:33:37.0296 5012 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    09:33:37.0296 5012 NDIS - ok
    09:33:37.0359 5012 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    09:33:37.0359 5012 NdisTapi - ok
    09:33:37.0359 5012 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    09:33:37.0375 5012 Ndisuio - ok
    09:33:37.0390 5012 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    09:33:37.0406 5012 NdisWan - ok
    09:33:37.0500 5012 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    09:33:37.0500 5012 NDProxy - ok
    09:33:37.0531 5012 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    09:33:37.0531 5012 NetBIOS - ok
    09:33:37.0562 5012 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    09:33:37.0562 5012 NetBT - ok
    09:33:37.0656 5012 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    09:33:37.0656 5012 Npfs - ok
    09:33:37.0718 5012 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    09:33:37.0734 5012 Ntfs - ok
    09:33:37.0796 5012 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    09:33:37.0796 5012 Null - ok
    09:33:37.0921 5012 nv (e9c44fa6803832b80fe18f7bcdd18318) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    09:33:38.0390 5012 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\nv4_mini.sys. Real md5: e9c44fa6803832b80fe18f7bcdd18318, Fake md5: 4b54dcd6adee535df80f07c59ddd8f14
    09:33:38.0453 5012 nv ( ForgedFile.Multi.Generic ) - warning
    09:33:38.0453 5012 nv - detected ForgedFile.Multi.Generic (1)
    09:33:38.0546 5012 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    09:33:38.0546 5012 NwlnkFlt - ok
    09:33:38.0578 5012 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    09:33:38.0578 5012 NwlnkFwd - ok
    09:33:38.0671 5012 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
    09:33:38.0671 5012 NwlnkIpx - ok
    09:33:38.0703 5012 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
    09:33:38.0703 5012 NwlnkNb - ok
    09:33:38.0734 5012 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
    09:33:38.0734 5012 NwlnkSpx - ok
    09:33:38.0812 5012 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
    09:33:38.0812 5012 NWRDR - ok
    09:33:38.0890 5012 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
    09:33:38.0890 5012 ossrv - ok
    09:33:39.0000 5012 P17 (df886ffed69aead0cf608b89b18c3f6f) C:\WINDOWS\system32\drivers\P17.sys
    09:33:39.0093 5012 P17 - ok
    09:33:39.0156 5012 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    09:33:39.0171 5012 Parport - ok
    09:33:39.0187 5012 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    09:33:39.0187 5012 PartMgr - ok
    09:33:39.0250 5012 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    09:33:39.0265 5012 ParVdm - ok
    09:33:39.0281 5012 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    09:33:39.0281 5012 PCI - ok
    09:33:39.0296 5012 PCIDump - ok
    09:33:39.0343 5012 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    09:33:39.0343 5012 PCIIde - ok
    09:33:39.0421 5012 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    09:33:39.0421 5012 Pcmcia - ok
    09:33:39.0500 5012 PCTBD (3a0262b85b5bb4d4cfc096ea00ed610b) C:\WINDOWS\system32\Drivers\PCTBD.sys
    09:33:39.0500 5012 PCTBD - ok
    09:33:39.0578 5012 PCTCore (3a1efee38dcc8db0b0ee8bb98edd950d) C:\WINDOWS\system32\drivers\PCTCore.sys
    09:33:39.0593 5012 PCTCore - ok
    09:33:39.0609 5012 pctDS (af08ec0f2093867ab955e24121ee7002) C:\WINDOWS\system32\drivers\pctDS.sys
    09:33:39.0625 5012 pctDS - ok
    09:33:39.0671 5012 pctEFA (4b1b0cd45a047c0941f6b6151f6fb3c1) C:\WINDOWS\system32\drivers\pctEFA.sys
    09:33:39.0734 5012 pctEFA - ok
    09:33:39.0781 5012 PCTSD (6f8c66b756eccff3e75d362a8c66b21e) C:\WINDOWS\system32\Drivers\PCTSD.sys
    09:33:39.0796 5012 PCTSD - ok
    09:33:39.0812 5012 PDCOMP - ok
    09:33:39.0828 5012 PDFRAME - ok
    09:33:39.0890 5012 PDRELI - ok
    09:33:39.0906 5012 PDRFRAME - ok
    09:33:39.0921 5012 perc2 - ok
    09:33:39.0953 5012 perc2hib - ok
    09:33:40.0093 5012 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    09:33:40.0093 5012 PptpMiniport - ok
    09:33:40.0109 5012 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    09:33:40.0125 5012 Processor - ok
    09:33:40.0171 5012 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    09:33:40.0171 5012 PSched - ok
    09:33:40.0187 5012 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    09:33:40.0187 5012 Ptilink - ok
    09:33:40.0203 5012 ql1080 - ok
    09:33:40.0218 5012 Ql10wnt - ok
    09:33:40.0234 5012 ql12160 - ok
    09:33:40.0250 5012 ql1240 - ok
    09:33:40.0281 5012 ql1280 - ok
    09:33:40.0312 5012 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    09:33:40.0312 5012 RasAcd - ok
    09:33:40.0406 5012 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    09:33:40.0421 5012 Rasl2tp - ok
    09:33:40.0484 5012 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    09:33:40.0484 5012 RasPppoe - ok
    09:33:40.0562 5012 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    09:33:40.0562 5012 Raspti - ok
    09:33:40.0593 5012 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    09:33:40.0593 5012 Rdbss - ok
    09:33:40.0625 5012 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    09:33:40.0625 5012 RDPCDD - ok
    09:33:40.0656 5012 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    09:33:40.0656 5012 rdpdr - ok
    09:33:40.0718 5012 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    09:33:40.0734 5012 RDPWD - ok
    09:33:40.0796 5012 redbook (8f4164ffa6095629a3aef80e9f39f76f) C:\WINDOWS\system32\DRIVERS\redbook.sys
    09:33:40.0796 5012 redbook - ok
    09:33:40.0875 5012 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
    09:33:40.0875 5012 ROOTMODEM - ok
    09:33:40.0968 5012 RT61 (581e74880aeb1dba1cb5ac8e6e6c0a69) C:\WINDOWS\system32\DRIVERS\RT61.sys
    09:33:40.0984 5012 RT61 - ok
    09:33:41.0046 5012 RT80x86 (671828423b5bf9db4fc20ae337f2f893) C:\WINDOWS\system32\DRIVERS\RT2860.sys
    09:33:41.0062 5012 RT80x86 - ok
    09:33:41.0171 5012 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    09:33:41.0187 5012 SASDIFSV - ok
    09:33:41.0203 5012 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    09:33:41.0203 5012 SASKUTIL - ok
    09:33:41.0328 5012 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    09:33:41.0328 5012 Secdrv - ok
    09:33:41.0359 5012 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    09:33:41.0375 5012 serenum - ok
    09:33:41.0390 5012 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    09:33:41.0390 5012 Serial - ok
    09:33:41.0437 5012 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    09:33:41.0437 5012 Sfloppy - ok
    09:33:41.0468 5012 Simbad - ok
    09:33:41.0484 5012 Sparrow - ok
    09:33:41.0562 5012 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    09:33:41.0562 5012 splitter - ok
    09:33:41.0593 5012 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    09:33:41.0593 5012 sr - ok
    09:33:41.0750 5012 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS
    09:33:41.0765 5012 SRTSP - ok
    09:33:41.0781 5012 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS
    09:33:41.0781 5012 SRTSPX - ok
    09:33:41.0875 5012 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    09:33:41.0890 5012 Srv - ok
    09:33:41.0953 5012 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    09:33:41.0953 5012 swenum - ok
    09:33:42.0000 5012 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    09:33:42.0000 5012 swmidi - ok
    09:33:42.0031 5012 symc810 - ok
    09:33:42.0093 5012 symc8xx - ok
    09:33:42.0218 5012 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS
    09:33:42.0234 5012 SymDS - ok
    09:33:42.0281 5012 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS
    09:33:42.0312 5012 SymEFA - ok
    09:33:42.0375 5012 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    09:33:42.0375 5012 SymEvent - ok
    09:33:42.0390 5012 SYMFW - ok
    09:33:42.0406 5012 SYMIDS - ok
    09:33:42.0437 5012 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS
    09:33:42.0453 5012 SymIRON - ok
    09:33:42.0468 5012 SYMNDIS - ok
    09:33:42.0500 5012 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS
    09:33:42.0515 5012 SYMTDI - ok
    09:33:42.0531 5012 sym_hi - ok
    09:33:42.0546 5012 sym_u3 - ok
    09:33:42.0609 5012 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    09:33:42.0625 5012 sysaudio - ok
    09:33:42.0734 5012 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    09:33:42.0734 5012 Tcpip - ok
    09:33:42.0781 5012 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    09:33:42.0781 5012 TDPIPE - ok
    09:33:42.0859 5012 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    09:33:42.0875 5012 TDTCP - ok
    09:33:42.0937 5012 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    09:33:42.0937 5012 TermDD - ok
    09:33:42.0968 5012 TosIde - ok
    09:33:43.0031 5012 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    09:33:43.0046 5012 Udfs - ok
    09:33:43.0093 5012 ultra - ok
    09:33:43.0171 5012 UnlockerDriver5 (d0cb75386d9e89c864d808d64ec9160f) C:\Program Files\Unlocker\UnlockerDriver5.sys
    09:33:43.0187 5012 UnlockerDriver5 - ok
    09:33:43.0250 5012 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    09:33:43.0250 5012 Update - ok
    09:33:43.0281 5012 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    09:33:43.0281 5012 usbehci - ok
    09:33:43.0390 5012 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    09:33:43.0406 5012 usbhub - ok
    09:33:43.0453 5012 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    09:33:43.0468 5012 usbprint - ok
    09:33:43.0531 5012 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    09:33:43.0531 5012 usbscan - ok
    09:33:43.0562 5012 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    09:33:43.0562 5012 USBSTOR - ok
    09:33:43.0609 5012 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    09:33:43.0609 5012 usbuhci - ok
    09:33:43.0640 5012 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    09:33:43.0640 5012 VgaSave - ok
    09:33:43.0656 5012 ViaIde - ok
    09:33:43.0687 5012 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    09:33:43.0687 5012 VolSnap - ok
    09:33:43.0750 5012 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    09:33:43.0750 5012 Wanarp - ok
    09:33:43.0765 5012 WDICA - ok
    09:33:43.0828 5012 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    09:33:43.0828 5012 wdmaud - ok
    09:33:44.0000 5012 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    09:33:44.0000 5012 WudfPf - ok
    09:33:44.0031 5012 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    09:33:44.0031 5012 WudfRd - ok
    09:33:44.0062 5012 xbreader (05a74d2be6f493c65d7221d1d0e8a23c) C:\WINDOWS\system32\Drivers\xbreader.sys
    09:33:44.0078 5012 xbreader - ok
    09:33:44.0109 5012 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk0\DR0
    09:33:44.0250 5012 \Device\Harddisk0\DR0 - ok
    09:33:44.0250 5012 Boot (0x1200) (ad2a59801fac5161e67b6a11d3319abe) \Device\Harddisk0\DR0\Partition0
    09:33:44.0250 5012 \Device\Harddisk0\DR0\Partition0 - ok
    09:33:44.0250 5012 ============================================================
    09:33:44.0250 5012 Scan finished
    09:33:44.0250 5012 ============================================================
    09:33:44.0281 5560 Detected object count: 1
    09:33:44.0281 5560 Actual detected object count: 1
    09:33:56.0140 5560 nv ( ForgedFile.Multi.Generic ) - skipped by user
    09:33:56.0140 5560 nv ( ForgedFile.Multi.Generic ) - User select action: Skip
  7. Broni

    Broni Malware Annihilator Posts: 45,265   +243

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  8. VarusTech

    VarusTech Newcomer, in training Topic Starter Posts: 22

    Here are the logs from aswMBR and ComboFix:


    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-11-13 09:38:29
    -----------------------------
    09:38:29.375 OS Version: Windows 5.1.2600 Service Pack 3
    09:38:29.375 Number of processors: 2 586 0x401
    09:38:29.375 ComputerName: DANIEL-Q09D8YI1 UserName: Daniel
    09:38:31.640 Initialize success
    09:38:39.765 AVAST engine download error: 0
    09:38:46.343 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    09:38:46.343 Disk 0 Vendor: ST3120814A 3.AAJ Size: 114473MB BusType: 3
    09:38:48.421 Disk 0 MBR read successfully
    09:38:48.437 Disk 0 MBR scan
    09:38:48.437 Disk 0 Windows XP default MBR code
    09:38:48.484 Disk 0 scanning sectors +234420480
    09:38:48.812 Disk 0 scanning C:\WINDOWS\system32\drivers
    09:39:59.937 Service scanning
    09:40:01.046 Modules scanning
    09:40:34.234 Module: C:\WINDOWS\System32\DRIVERS\redbook.sys **SUSPICIOUS**
    09:41:37.671 Disk 0 trace - called modules:
    09:41:37.750 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8980b9b0]<<
    09:41:37.750 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89bacab8]
    09:41:37.750 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> [0x8975fb90]
    09:41:37.750 \Driver\00001612[0x898e64f8] -> IRP_MJ_CREATE -> 0x8980b9b0
    09:41:37.750 Scan finished successfully
    09:43:07.218 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Daniel\Desktop\CNS 2.0\MBR.dat"
    09:43:07.218 The log file has been saved successfully to "C:\Documents and Settings\Daniel\Desktop\CNS 2.0\aswMBR.txt"




    ComboFix 11-11-09.01 - Daniel 11/13/2011 10:06:51.1.2 - x86 MINIMAL
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1751 [GMT -8:00]
    Running from: c:\documents and settings\Daniel\My Documents\Downloads\ComboFix.exe
    .
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\Daniel\My Documents\~WRL0001.tmp
    c:\documents and settings\Daniel\WINDOWS
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-13 to 2011-11-13 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-13 18:39 . 2011-11-13 18:39 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP
    2011-11-13 17:44 . 2011-11-13 17:44 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Threat Expert
    2011-11-12 22:53 . 2011-11-12 22:53 -------- dc----w- c:\documents and settings\Daniel\Application Data\SUPERAntiSpyware.com
    2011-11-12 22:52 . 2011-11-12 22:54 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-11-12 22:52 . 2011-11-12 22:52 -------- dc----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2011-11-12 22:21 . 2011-10-28 19:02 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
    2011-11-12 22:21 . 2011-11-12 22:25 -------- d-----w- c:\program files\PC Tools
    2011-11-12 22:20 . 2011-11-12 22:26 -------- dc----w- c:\documents and settings\All Users\Application Data\PC Tools
    2011-11-12 22:20 . 2011-11-12 22:20 -------- dc----w- c:\documents and settings\Daniel\Application Data\TestApp
    2011-11-12 21:52 . 2011-11-12 21:52 -------- dc----w- c:\documents and settings\All Users\Application Data\Hitman Pro
    2011-11-12 20:14 . 2011-11-12 20:14 709968 ----a-w- c:\windows\isRS-000.tmp
    2011-11-11 22:25 . 2011-11-11 22:25 -------- d-s---w- c:\documents and settings\LocalService\UserData
    2011-11-11 22:17 . 2011-11-11 22:17 -------- d-s---w- c:\documents and settings\NetworkService\UserData
    2011-11-11 22:12 . 2011-11-11 22:13 -------- dcsh--w- c:\documents and settings\Daniel\Local Settings\Application Data\dd92dba6
    2011-11-07 01:05 . 2011-11-07 01:05 -------- d-----w- c:\program files\Common Files\Java
    2011-11-06 22:48 . 2011-11-06 22:48 -------- d-----w- c:\program files\7-Zip
    2011-11-06 05:15 . 2011-11-06 05:15 -------- d-----w- c:\program files\3DO
    2011-11-04 03:48 . 2011-11-04 03:48 -------- d-----w- c:\program files\Electronic Arts
    2011-10-29 16:34 . 2011-11-06 03:41 -------- d-----w- c:\program files\Kalypso
    2011-10-28 15:25 . 2011-10-28 15:25 -------- dc----w- c:\documents and settings\UpdatusUser
    2011-10-28 15:25 . 2011-10-28 15:25 -------- dc----w- c:\documents and settings\All Users\Application Data\NVIDIA
    2011-10-28 15:25 . 2011-10-08 04:50 298304 ----a-w- c:\windows\system32\nvsvc32.exe
    2011-10-28 15:25 . 2011-10-08 04:50 220992 ----a-w- c:\windows\system32\nvcolor.exe
    2011-10-28 15:24 . 2011-10-08 04:50 16744256 ----a-w- c:\windows\system32\nvcpl.dll
    2011-10-28 15:24 . 2011-10-08 04:50 203072 ----a-w- c:\windows\system32\nvmctray.dll
    2011-10-28 15:24 . 2011-10-08 04:50 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll
    2011-10-28 15:24 . 2011-10-08 04:50 54272 ----a-w- c:\windows\system32\nvwddi.dll
    2011-10-28 15:23 . 2011-10-31 01:24 285176 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2011-10-28 15:23 . 2011-10-31 01:24 285176 ----a-w- c:\windows\system32\nvdrsdb1.bin
    2011-10-28 15:23 . 2011-10-31 01:24 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2011-10-22 07:49 . 2011-10-22 07:53 -------- d-----w- c:\program files\Tropico
    2011-10-22 06:21 . 2011-10-22 06:21 -------- dc----w- C:\Impressions Games
    2011-10-22 03:23 . 2011-10-22 03:23 -------- d-----w- c:\program files\FireFly Studios
    2011-10-22 01:41 . 1994-12-06 07:00 92208 ----a-r- c:\windows\system\WING.DLL
    2011-10-22 01:41 . 1994-12-06 07:00 6736 ----a-r- c:\windows\system\WINGDIB.DRV
    2011-10-22 01:41 . 1994-12-06 07:00 188960 ----a-r- c:\windows\system\WINGDE.DLL
    2011-10-22 01:41 . 2011-10-22 01:41 -------- dc----w- C:\MMAPP
    2011-10-22 01:40 . 2011-10-22 01:40 -------- dc----w- C:\~QTWTMP.TMP
    2011-10-20 22:05 . 2011-10-08 04:50 919872 ----a-w- c:\windows\system32\nvdispco32.dll
    2011-10-20 22:05 . 2011-10-08 04:50 877376 ----a-w- c:\windows\system32\nvgenco32.dll
    2011-10-20 22:05 . 2011-10-08 04:50 65536 ----a-w- c:\windows\system32\OpenCL.dll
    2011-10-20 22:05 . 2011-10-08 04:50 17956864 ----a-w- c:\windows\system32\nvoglnt.dll
    2011-10-20 22:05 . 2011-10-08 04:50 5595136 ----a-w- c:\windows\system32\nvcuda.dll
    2011-10-20 22:05 . 2011-10-08 04:50 2449408 ----a-w- c:\windows\system32\nvapi.dll
    2011-10-20 22:05 . 2011-10-08 04:50 2398016 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-10-20 22:05 . 2011-10-08 04:50 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-10-20 22:05 . 2011-10-08 04:50 17240064 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-10-17 02:55 . 2011-10-17 02:55 18139008 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-11 22:24 . 2008-09-14 20:30 537520 ----a-w- c:\windows\system32\lxdjcoms.exe
    2011-10-10 14:22 . 2008-05-17 02:24 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-08 04:50 . 2004-08-04 07:56 4226688 ----a-w- c:\windows\system32\nv4_disp.dll
    2011-10-08 04:50 . 2004-08-04 05:29 12791488 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
    2011-10-03 13:06 . 2011-06-12 23:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-10-03 10:37 . 2009-11-17 05:16 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-09-28 07:06 . 2001-08-23 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 18:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 18:41 . 2001-08-23 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 18:41 . 2001-08-23 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-06 13:20 . 2001-08-23 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-09-05 13:56 . 2001-08-23 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
    2011-09-05 13:56 . 2001-08-23 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
    2011-09-05 13:56 . 2009-07-09 00:06 81920 ----a-w- c:\windows\system32\ieencode.dll
    2011-09-05 12:35 . 2004-08-04 05:59 369664 ----a-w- c:\windows\system32\html.iec
    2011-09-01 01:00 . 2010-07-26 04:01 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-17 13:49 . 2001-08-23 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-19 68856]
    "Steam"="c:\program files\Steam\steam.exe" [2011-08-02 1242448]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-30 61440]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
    "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-24 122368]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-09-13 161336]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
    "NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
    "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    TEW-623PI Wireless Client Utility.lnk - c:\program files\TRENDnet\TEW-623PI Wireless Client Utility\UMCCfg.exe [N/A]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\WINDOWS\\system32\\lxdjcoms.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjpswx.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjjswx.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjtime.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjwbgw.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
    "c:\\Program Files\\Steam\\SteamApps\\huthah\\half-life\\hl.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\grand theft auto 2\\gta2.exe"=
    "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:*:Disabled:mad:xpsp2res.dll,-22009
    .
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/12/2011 2:21 PM 331880]
    R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [11/12/2011 2:21 PM 341656]
    R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [11/12/2011 2:21 PM 660992]
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SymDS.sys [5/24/2011 8:54 PM 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SymEFA.sys [5/24/2011 8:54 PM 744568]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111027.001\BHDrvx86.sys [11/1/2011 11:37 AM 818808]
    R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [11/12/2011 2:21 PM 185560]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 8:27 AM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 1:55 PM 67664]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.sys [5/24/2011 8:54 PM 136312]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 3:38 PM 116608]
    R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [11/12/2011 2:27 PM 542672]
    R2 lxdjCATSCustConnectService;lxdjCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdjserv.exe [9/14/2008 12:32 PM 99248]
    R2 N360;Norton 360;c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [5/24/2011 8:54 PM 130008]
    R2 NICSer_TEW623PI_WPC370L;NICSer_TEW623PI_WPC370L;c:\program files\TRENDnet\TEW-623PI Wireless Client Utility\NICServ.exe [1/21/2009 5:58 PM 534528]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [10/28/2011 7:25 AM 2253120]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/11/2011 10:49 AM 106104]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111110.030\IDSXpx86.sys [11/10/2011 10:40 PM 356280]
    R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [11/12/2011 2:27 PM 56840]
    R3 RT80x86;TRENDnet Wireless N Network Adapter Service;c:\windows\system32\drivers\rt2860.sys [1/21/2009 5:58 PM 579456]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 6:09 PM 135664]
    S3 gkmixern;gkmixern;\??\c:\docume~1\Daniel\LOCALS~1\Temp\gkmixern.sys --> c:\docume~1\Daniel\LOCALS~1\Temp\gkmixern.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 6:09 PM 135664]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools\PC Tools Security\pctsAuxs.exe [11/12/2011 2:25 PM 402336]
    S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [1/2/2001 10:53 PM 19677]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-12 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-19 04:24]
    .
    2011-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 02:09]
    .
    2011-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 02:09]
    .
    2011-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-484763869-725345543-1003Core.job
    - c:\documents and settings\Daniel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-15 02:09]
    .
    2011-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-484763869-725345543-1003UA.job
    - c:\documents and settings\Daniel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-15 02:09]
    .
    2011-11-08 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Daniel.job
    - c:\program files\Norton 360\Engine\5.1.0.29\Navw32.exe [2011-05-25 00:28]
    .
    2011-11-13 c:\windows\Tasks\Norton Security Scan for Daniel.job
    - c:\progra~1\NORTON~2\NORTON~1\Engine\301~1.8\Nss.exe [2011-01-13 15:22]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    mDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = <local>
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.10.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    HKCU-Run-Tracks Eraser Pro - c:\program files\Acesoft\Tracks Eraser Pro\te.exe
    HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
    HKLM-Run-lxdjmon.exe - c:\program files\Lexmark 1400 Series\lxdjmon.exe
    HKLM-Run-lxdjamon - c:\program files\Lexmark 1400 Series\lxdjamon.exe
    AddRemove-Afraid of Monsters: Director's Cut - c:\program files\steam\steamapps\huthah\half-life\AoMDC\uninstaomdc.exe
    AddRemove-Army Men World War - c:\program files\3DO\Army Men World War\Uninst.isu
    AddRemove-Azure Sheep - c:\program files\STEAM\STEAMAPPS\HUTHAH\HALF-LIFE\Uninstal.exe
    AddRemove-BSPlayerf - c:\program files\Webteh\BSplayer\uninstall.exe
    AddRemove-CEP - Colour Enable Packages_is1 - c:\progra~1\EAGAME~1\THESIM~1\zCEP_Uninstaller\unins000.exe
    AddRemove-comtypes-py2.6 - c:\python26\Removecomtypes.exe
    AddRemove-DDS Converter 2.1 - c:\program files\DDS Converter 2\Uninstal.exe
    AddRemove-EADM - c:\program files\Electronic Arts\EADM\Uninstall.exe
    AddRemove-GIANTS Ultimate esm file by Puma Man - c:\program files\Bethesda Softworks\Morrowind\Data Files\GIANTS Ultimate ESM Uninstal.exe
    AddRemove-Half-Life Visitors - c:\windows\uninstall\Half-Life Visitors\setup.exe
    AddRemove-HMS Defiance - c:\program files\Steam\SteamApps\SourceMods\Uninstal.exe
    AddRemove-Lexmark 1400 Series - c:\program files\Lexmark 1400 Series\Install\x86\Uninst.exe
    AddRemove-Morrowind Graphics Extender_is1 - c:\program files\Bethesda Softworks\Morrowind\mge3\uninstall\unins000.exe
    AddRemove-Nuclear Winter for Half-Life Opposing Force - c:\program files\Steam\SteamApps\huthah\opposing force\gearbox\Half-Life\UNINSTAL.EXE
    AddRemove-Poke646 1.0 - c:\program files\Steam\SteamApps\huthah\half-life\SXUNINST.EXE
    AddRemove-psyco-py2.6 - c:\python26\Removepsyco.exe
    AddRemove-pywin32-py2.6 - c:\python26\Removepywin32.exe
    AddRemove-Sims2Pack Clean Installer - c:\program files\Sims2Pack Clean Installer\uninstall.exe
    AddRemove-Simtowerv1.0 - c:\maxis\Simtower\DeIsL1.isu
    AddRemove-The Murderer - c:\program files\The Murderer\uninst32.exe
    AddRemove-The Trenches - c:\program files\steam\steamapps\huthah\half-life\uninstall.exe
    AddRemove-WindowsFrotz - c:\program files\Windows Frotz\uninstall.exe
    AddRemove-Wrye Bash - c:\program files\Bethesda Softworks\Oblivion\Uninstal.exe
    AddRemove-WWI Source - c:\program files\steam\SteamApps\Sourcemods\WWI_Source\uninst.exe
    AddRemove-WWI Source Beta 1.12 Patch - c:\program files\steam\SteamApps\Sourcemods\WWI_Source\uninst.exe
    AddRemove-wxPython2.8-ansi-py26_is1 - c:\python26\Lib\site-packages\wx-2.8-msw-ansi\unins000.exe
    AddRemove-{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} - c:\program files\YouTube Downloader\uninstall.exe
    AddRemove-{20FC1593-0BA0-4334-8786-E634FC011B69}_is1 - c:\program files\Steam\steamapps\SourceMods\Underhell\unins000.exe
    AddRemove-{4817189D-1785-4627-A33C-39FD90919300} - c:\program files\EA GAMES\The Sims 2 Pets\EAUninstall.exe
    AddRemove-{7B3577F5-1D82-4C9B-008B-69D026FD8BCA} - c:\program files\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe
    AddRemove-{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2} - c:\program files\EA GAMES\The Sims 2 University\EAUninstall.exe
    AddRemove-{9C244239-ED8E-40f1-937F-51C706CD2160} - c:\program files\EA GAMES\The Sims 2 Deluxe\EAUninstall.exe
    AddRemove-{B1899CD8-9584-4DC5-00AE-48F47CF81183} - c:\program files\EA GAMES\The Sims 2 HomeCrafter Plus\EAUninstall.exe
    AddRemove-{CE0900ED-C76A-40C0-8DB4-0F68D825B283}_is1 - c:\stranded ii\unins000.exe
    AddRemove-Land of Legends - Heroes of Loria - c:\program files\Steam\SteamApps\huthah\half-life\Uninstal.exe
    AddRemove-UnityWebPlayer - c:\documents and settings\Daniel\Local Settings\Application Data\Unity\WebPlayer\Uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-13 10:48
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1935655697-484763869-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:12,0a,c8,32,ab,28,3b,57,32,44,76,18,a5,4f,1a,71,75,f6,7d,11,5e,b1,17,
    0c,8c,bf,1a,ca,94,ee,5a,be,e2,62,b5,de,a6,5f,73,29,7a,31,41,5f,68,bc,43,b0,\
    "??"=hex:c0,6b,55,c4,1d,94,5e,65,4c,0d,18,03,54,98,d4,f9
    .
    [HKEY_USERS\S-1-5-21-1935655697-484763869-725345543-1003\Software\SecuROM\License information*]
    "datasecu"=hex:0d,04,e9,c7,f9,26,b8,54,51,0e,39,a6,1c,52,10,ba,10,50,57,bf,d6,
    a3,ef,5d,c6,31,b9,b6,6b,48,b2,88,d8,9c,7f,d6,8f,18,58,9c,ca,ce,46,93,f0,dc,\
    "rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(612)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\Ati2evxx.dll
    .
    - - - - - - - > 'explorer.exe'(3724)
    c:\windows\system32\hnetcfg.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\program files\SUPERAntiSpyware\SASSEH.DLL
    c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
    c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\lxdjcoms.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Smith Micro\StuffIt 2010\ArcNameService.exe
    c:\program files\Canon\CAL\CALMAIN.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\windows\system32\RunDLL32.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    .
    **************************************************************************
    .
    Completion time: 2011-11-13 10:58:08 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-11-13 18:58
    .
    Pre-Run: 37,606,952,960 bytes free
    Post-Run: 38,224,842,752 bytes free
    .
    - - End Of File - - C41AB75187AA11865CD48F5B446F6AC1
  9. Broni

    Broni Malware Annihilator Posts: 45,265   +243

    Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
    NOTE. Make sure to reverse the above changes, when done with this step.
    Upload following files to http://www.virustotal.com/ for security check:
    - C:\WINDOWS\System32\DRIVERS\redbook.sys
    - C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
    Post scan results.
  10. VarusTech

    VarusTech Newcomer, in training Topic Starter Posts: 22

    This is the result of the nv4_mini.sys file:

    AhnLab-V3 2011.11.13.00 2011.11.13 -
    AntiVir 7.11.17.146 2011.11.13 -
    Antiy-AVL 2.0.3.7 2011.11.13 -
    Avast 6.0.1289.0 2011.11.13 -
    AVG 10.0.0.1190 2011.11.13 -
    BitDefender 7.2 2011.11.13 -
    ByteHero 1.0.0.1 2011.11.04 -
    ClamAV 0.97.3.0 2011.11.13 -
    Commtouch 5.3.2.6 2011.11.12 -
    Comodo 10773 2011.11.13 -
    DrWeb 5.0.2.03300 2011.11.13 -
    Emsisoft 5.1.0.11 2011.11.13 -
    eSafe 7.0.17.0 2011.11.13 -
    eTrust-Vet 37.0.9564 2011.11.11 -
    F-Prot 4.6.5.141 2011.11.12 -
    F-Secure 9.0.16440.0 2011.11.13 -
    Fortinet 4.3.370.0 2011.11.13 -
    GData 22 2011.11.13 -
    Ikarus T3.1.1.109.0 2011.11.13 -
    Jiangmin 13.0.900 2011.11.13 -
    K7AntiVirus 9.119.5447 2011.11.12 -
    Kaspersky 9.0.0.837 2011.11.13 -
    McAfee 5.400.0.1158 2011.11.13 -
    McAfee-GW-Edition 2010.1D 2011.11.13 -
    Microsoft 1.7801 2011.11.13 -
    NOD32 6626 2011.11.13 -
    Norman 6.07.13 2011.11.13 -
    nProtect 2011-11-13.01 2011.11.13 -
    Panda 10.0.3.5 2011.11.13 -
    PCTools 8.0.0.5 2011.11.13 -
    Prevx 3.0 2011.11.13 -
    Rising 23.83.04.03 2011.11.11 -
    Sophos 4.71.0 2011.11.13 -
    SUPERAntiSpyware 4.40.0.1006 2011.11.12 -
    Symantec 20111.2.0.82 2011.11.13 -
    TheHacker 6.7.0.1.342 2011.11.13 -
    TrendMicro 9.500.0.1008 2011.11.13 -
    TrendMicro-HouseCall 9.500.0.1008 2011.11.13 -
    VBA32 3.12.16.4 2011.11.11 -
    VIPRE 11037 2011.11.13 -
    ViRobot 2011.11.11.4770 2011.11.13 -
    VirusBuster 14.1.61.0 2011.11.13 -
    MD5: 4b54dcd6adee535df80f07c59ddd8f14
    SHA1: 29f47cd26080a388316adb654388969639eff08e
    SHA256: 6e425f8881547a4c96b36b4d99ffd7ee9330f1c1ad34276f039218a4c2613521
    File size: 12791488 bytes
    Scan date: 2011-11-13 19:52:19 (UTC)
  11. VarusTech

    VarusTech Newcomer, in training Topic Starter Posts: 22

    Here is the scan of redbook.sys:

    AhnLab-V3 2011.11.13.00 2011.11.13 Backdoor/Win32.ZAccess
    AntiVir 7.11.17.146 2011.11.13 -
    Antiy-AVL 2.0.3.7 2011.11.13 -
    Avast 6.0.1289.0 2011.11.13 Win32:ZAccess-BF [Rtk]
    AVG 10.0.0.1190 2011.11.13 -
    BitDefender 7.2 2011.11.13 Gen:Variant.TDss.76
    ByteHero 1.0.0.1 2011.11.04 -
    ClamAV 0.97.3.0 2011.11.13 -
    Commtouch 5.3.2.6 2011.11.12 -
    Comodo 10773 2011.11.13 TrojWare.Win32.Rootkit.ZAccess.KG
    DrWeb 5.0.2.03300 2011.11.13 -
    Emsisoft 5.1.0.11 2011.11.13 Rootkit.Win32.ZAccess!IK
    eSafe 7.0.17.0 2011.11.13 -
    eTrust-Vet 37.0.9564 2011.11.11 -
    F-Prot 4.6.5.141 2011.11.12 -
    F-Secure 9.0.16440.0 2011.11.13 Gen:Variant.TDss.76
    Fortinet 4.3.370.0 2011.11.13 -
    GData 22 2011.11.13 Gen:Variant.TDss.76
    Ikarus T3.1.1.109.0 2011.11.13 Rootkit.Win32.ZAccess
    Jiangmin 13.0.900 2011.11.13 -
    K7AntiVirus 9.119.5447 2011.11.12 -
    Kaspersky 9.0.0.837 2011.11.13 -
    McAfee 5.400.0.1158 2011.11.13 -
    McAfee-GW-Edition 2010.1D 2011.11.13 -
    Microsoft 1.7801 2011.11.13 -
    NOD32 6626 2011.11.13 -
    Norman 6.07.13 2011.11.13 -
    nProtect 2011-11-13.01 2011.11.13 -
    Panda 10.0.3.5 2011.11.13 -
    PCTools 8.0.0.5 2011.11.13 -
    Prevx 3.0 2011.11.13 -
    Rising 23.83.04.03 2011.11.11 -
    Sophos 4.71.0 2011.11.13 -
    SUPERAntiSpyware 4.40.0.1006 2011.11.12 -
    Symantec 20111.2.0.82 2011.11.13 -
    TheHacker 6.7.0.1.342 2011.11.13 -
    TrendMicro 9.500.0.1008 2011.11.13 -
    TrendMicro-HouseCall 9.500.0.1008 2011.11.13 -
    VBA32 3.12.16.4 2011.11.11 -
    VIPRE 11037 2011.11.13 -
    ViRobot 2011.11.11.4770 2011.11.13 -
    VirusBuster 14.1.61.0 2011.11.13 -
  12. Broni

    Broni Malware Annihilator Posts: 45,265   +243

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box and paste it into the main textfield:
      Code:
      :filefind
      redbook.sys
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
  13. VarusTech

    VarusTech Newcomer, in training Topic Starter Posts: 22

    The results:

    SystemLook 30.07.11 by jpshortstuff
    Log created at 12:35 on 13/11/2011 by Daniel
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "redbook.sys"
    C:\WINDOWS\$NtServicePackUninstall$\redbook.sys -----c- 57472 bytes [16:07 18/05/2008] [05:59 04/08/2004] B31B4588E4086D8D84ADBF9845C2402B
    C:\WINDOWS\ServicePackFiles\i386\redbook.sys -----c- 57600 bytes [05:59 04/08/2004] [18:40 13/04/2008] F828DD7E1419B6653894A8F97A0094C5
    C:\WINDOWS\system32\drivers\redbook.sys --a---- 57600 bytes [19:18 16/05/2008] [18:40 13/04/2008] 8F4164FFA6095629A3AEF80E9F39F76F

    -= EOF =-
     
  14. Broni

    Broni Malware Annihilator Posts: 45,265   +243

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box
    • Click OK
    Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    FCopy::
    C:\WINDOWS\$NtServicePackUninstall$\redbook.sys | C:\WINDOWS\system32\drivers\redbook.sys
    
    File::
    c:\windows\isRS-000.tmp
    
    
    Folder::
    c:\documents and settings\Daniel\Local Settings\Application Data\dd92dba6
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000000
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000000
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000000
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
  15. VarusTech

    VarusTech Newcomer, in training Topic Starter Posts: 22

    Here are the results:


    ComboFix 11-11-09.01 - Daniel 11/13/2011 12:54:42.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1421 [GMT -8:00]
    Running from: c:\documents and settings\Daniel\My Documents\Downloads\ComboFix.exe
    Command switches used :: c:\documents and settings\Daniel\Desktop\CFScript.txt
    .
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    FILE ::
    "c:\windows\isRS-000.tmp"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\Daniel\Local Settings\Application Data\dd92dba6
    c:\documents and settings\Daniel\Local Settings\Application Data\dd92dba6\@
    c:\windows\system32\
    .
    .
    --------------- FCopy ---------------
    .
    c:\windows\$NtServicePackUninstall$\redbook.sys --> c:\windows\system32\drivers\redbook.sys
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-13 to 2011-11-13 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-13 17:44 . 2011-11-13 17:44 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Threat Expert
    2011-11-12 22:53 . 2011-11-12 22:53 -------- dc----w- c:\documents and settings\Daniel\Application Data\SUPERAntiSpyware.com
    2011-11-12 22:52 . 2011-11-12 22:54 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-11-12 22:52 . 2011-11-12 22:52 -------- dc----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2011-11-12 22:21 . 2011-10-28 19:02 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
    2011-11-12 22:21 . 2011-11-12 22:25 -------- d-----w- c:\program files\PC Tools
    2011-11-12 22:20 . 2011-11-12 22:26 -------- dc----w- c:\documents and settings\All Users\Application Data\PC Tools
    2011-11-12 22:20 . 2011-11-12 22:20 -------- dc----w- c:\documents and settings\Daniel\Application Data\TestApp
    2011-11-12 21:52 . 2011-11-12 21:52 -------- dc----w- c:\documents and settings\All Users\Application Data\Hitman Pro
    2011-11-12 20:14 . 2011-11-12 20:14 709968 ----a-w- c:\windows\isRS-000.tmp
    2011-11-11 22:25 . 2011-11-11 22:25 -------- d-s---w- c:\documents and settings\LocalService\UserData
    2011-11-11 22:17 . 2011-11-11 22:17 -------- d-s---w- c:\documents and settings\NetworkService\UserData
    2011-11-07 01:05 . 2011-11-07 01:05 -------- d-----w- c:\program files\Common Files\Java
    2011-11-06 22:48 . 2011-11-06 22:48 -------- d-----w- c:\program files\7-Zip
    2011-11-06 05:15 . 2011-11-06 05:15 -------- d-----w- c:\program files\3DO
    2011-11-04 03:48 . 2011-11-04 03:48 -------- d-----w- c:\program files\Electronic Arts
    2011-10-29 16:34 . 2011-11-06 03:41 -------- d-----w- c:\program files\Kalypso
    2011-10-28 15:25 . 2011-10-28 15:25 -------- dc----w- c:\documents and settings\UpdatusUser
    2011-10-28 15:25 . 2011-10-28 15:25 -------- dc----w- c:\documents and settings\All Users\Application Data\NVIDIA
    2011-10-28 15:25 . 2011-10-08 04:50 298304 ----a-w- c:\windows\system32\nvsvc32.exe
    2011-10-28 15:25 . 2011-10-08 04:50 220992 ----a-w- c:\windows\system32\nvcolor.exe
    2011-10-28 15:24 . 2011-10-08 04:50 16744256 ----a-w- c:\windows\system32\nvcpl.dll
    2011-10-28 15:24 . 2011-10-08 04:50 203072 ----a-w- c:\windows\system32\nvmctray.dll
    2011-10-28 15:24 . 2011-10-08 04:50 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll
    2011-10-28 15:24 . 2011-10-08 04:50 54272 ----a-w- c:\windows\system32\nvwddi.dll
    2011-10-28 15:23 . 2011-10-31 01:24 285176 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2011-10-28 15:23 . 2011-10-31 01:24 285176 ----a-w- c:\windows\system32\nvdrsdb1.bin
    2011-10-28 15:23 . 2011-10-31 01:24 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2011-10-22 07:49 . 2011-10-22 07:53 -------- d-----w- c:\program files\Tropico
    2011-10-22 06:21 . 2011-10-22 06:21 -------- dc----w- C:\Impressions Games
    2011-10-22 03:23 . 2011-10-22 03:23 -------- d-----w- c:\program files\FireFly Studios
    2011-10-22 01:41 . 1994-12-06 07:00 92208 ----a-r- c:\windows\system\WING.DLL
    2011-10-22 01:41 . 1994-12-06 07:00 6736 ----a-r- c:\windows\system\WINGDIB.DRV
    2011-10-22 01:41 . 1994-12-06 07:00 188960 ----a-r- c:\windows\system\WINGDE.DLL
    2011-10-22 01:41 . 2011-10-22 01:41 -------- dc----w- C:\MMAPP
    2011-10-22 01:40 . 2011-10-22 01:40 -------- dc----w- C:\~QTWTMP.TMP
    2011-10-20 22:05 . 2011-10-08 04:50 919872 ----a-w- c:\windows\system32\nvdispco32.dll
    2011-10-20 22:05 . 2011-10-08 04:50 877376 ----a-w- c:\windows\system32\nvgenco32.dll
    2011-10-20 22:05 . 2011-10-08 04:50 65536 ----a-w- c:\windows\system32\OpenCL.dll
    2011-10-20 22:05 . 2011-10-08 04:50 17956864 ----a-w- c:\windows\system32\nvoglnt.dll
    2011-10-20 22:05 . 2011-10-08 04:50 5595136 ----a-w- c:\windows\system32\nvcuda.dll
    2011-10-20 22:05 . 2011-10-08 04:50 2449408 ----a-w- c:\windows\system32\nvapi.dll
    2011-10-20 22:05 . 2011-10-08 04:50 2398016 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-10-20 22:05 . 2011-10-08 04:50 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-10-20 22:05 . 2011-10-08 04:50 17240064 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-10-17 02:55 . 2011-10-17 02:55 18139008 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-11 22:24 . 2008-09-14 20:30 537520 ----a-w- c:\windows\system32\lxdjcoms.exe
    2011-10-10 14:22 . 2008-05-17 02:24 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-08 04:50 . 2004-08-04 07:56 4226688 ----a-w- c:\windows\system32\nv4_disp.dll
    2011-10-08 04:50 . 2004-08-04 05:29 12791488 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
    2011-10-03 13:06 . 2011-06-12 23:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-10-03 10:37 . 2009-11-17 05:16 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-09-28 07:06 . 2001-08-23 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 18:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 18:41 . 2001-08-23 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 18:41 . 2001-08-23 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-06 13:20 . 2001-08-23 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-09-05 13:56 . 2001-08-23 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
    2011-09-05 13:56 . 2001-08-23 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
    2011-09-05 13:56 . 2009-07-09 00:06 81920 ----a-w- c:\windows\system32\ieencode.dll
    2011-09-05 12:35 . 2004-08-04 05:59 369664 ----a-w- c:\windows\system32\html.iec
    2011-09-01 01:00 . 2010-07-26 04:01 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-17 13:49 . 2001-08-23 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-11-13_18.48.23 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-05-16 19:18 . 2004-08-04 05:59 57472 c:\windows\system32\dllcache\redbook.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-19 68856]
    "Steam"="c:\program files\Steam\steam.exe" [2011-08-02 1242448]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-30 61440]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
    "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-24 122368]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-09-13 161336]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
    "NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
    "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    TEW-623PI Wireless Client Utility.lnk - c:\program files\TRENDnet\TEW-623PI Wireless Client Utility\UMCCfg.exe [N/A]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\WINDOWS\\system32\\lxdjcoms.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjpswx.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjjswx.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjtime.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjwbgw.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
    "c:\\Program Files\\Steam\\SteamApps\\huthah\\half-life\\hl.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\grand theft auto 2\\gta2.exe"=
    "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:*:Disabled:mad:xpsp2res.dll,-22009
    .
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/12/2011 2:21 PM 331880]
    R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [11/12/2011 2:21 PM 341656]
    R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [11/12/2011 2:21 PM 660992]
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SymDS.sys [5/24/2011 8:54 PM 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SymEFA.sys [5/24/2011 8:54 PM 744568]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111027.001\BHDrvx86.sys [11/1/2011 11:37 AM 818808]
    R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [11/12/2011 2:21 PM 185560]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 8:27 AM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 1:55 PM 67664]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.sys [5/24/2011 8:54 PM 136312]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 3:38 PM 116608]
    R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [11/12/2011 2:27 PM 542672]
    R2 lxdjCATSCustConnectService;lxdjCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdjserv.exe [9/14/2008 12:32 PM 99248]
    R2 N360;Norton 360;c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [5/24/2011 8:54 PM 130008]
    R2 NICSer_TEW623PI_WPC370L;NICSer_TEW623PI_WPC370L;c:\program files\TRENDnet\TEW-623PI Wireless Client Utility\NICServ.exe [1/21/2009 5:58 PM 534528]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [10/28/2011 7:25 AM 2253120]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/11/2011 10:49 AM 106104]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111110.030\IDSXpx86.sys [11/10/2011 10:40 PM 356280]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]
    R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [11/12/2011 2:27 PM 56840]
    R3 RT80x86;TRENDnet Wireless N Network Adapter Service;c:\windows\system32\drivers\rt2860.sys [1/21/2009 5:58 PM 579456]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 6:09 PM 135664]
    S3 gkmixern;gkmixern;\??\c:\docume~1\Daniel\LOCALS~1\Temp\gkmixern.sys --> c:\docume~1\Daniel\LOCALS~1\Temp\gkmixern.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 6:09 PM 135664]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools\PC Tools Security\pctsAuxs.exe [11/12/2011 2:25 PM 402336]
    S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [1/2/2001 10:53 PM 19677]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-12 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-19 04:24]
    .
    2011-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 02:09]
    .
    2011-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 02:09]
    .
    2011-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-484763869-725345543-1003Core.job
    - c:\documents and settings\Daniel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-15 02:09]
    .
    2011-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-484763869-725345543-1003UA.job
    - c:\documents and settings\Daniel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-15 02:09]
    .
    2011-11-08 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Daniel.job
    - c:\program files\Norton 360\Engine\5.1.0.29\Navw32.exe [2011-05-25 00:28]
    .
    2011-11-13 c:\windows\Tasks\Norton Security Scan for Daniel.job
    - c:\progra~1\NORTON~2\NORTON~1\Engine\301~1.8\Nss.exe [2011-01-13 15:22]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = <local>
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.10.1
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-13 13:01
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1935655697-484763869-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:12,0a,c8,32,ab,28,3b,57,32,44,76,18,a5,4f,1a,71,75,f6,7d,11,5e,b1,17,
    0c,8c,bf,1a,ca,94,ee,5a,be,e2,62,b5,de,a6,5f,73,29,7a,31,41,5f,68,bc,43,b0,\
    "??"=hex:c0,6b,55,c4,1d,94,5e,65,4c,0d,18,03,54,98,d4,f9
    .
    [HKEY_USERS\S-1-5-21-1935655697-484763869-725345543-1003\Software\SecuROM\License information*]
    "datasecu"=hex:0d,04,e9,c7,f9,26,b8,54,51,0e,39,a6,1c,52,10,ba,10,50,57,bf,d6,
    a3,ef,5d,c6,31,b9,b6,6b,48,b2,88,d8,9c,7f,d6,8f,18,58,9c,ca,ce,46,93,f0,dc,\
    "rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(612)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2011-11-13 13:05:25
    ComboFix-quarantined-files.txt 2011-11-13 21:05
    ComboFix2.txt 2011-11-13 18:58
    .
    Pre-Run: 38,180,040,704 bytes free
    Post-Run: 38,205,542,400 bytes free
    .
    - - End Of File - - 8DAF287EB2F313F8D013F091E44DE9F8
  16. Broni

    Broni Malware Annihilator Posts: 45,265   +243

    Please re-run Combofix in normal mode and allow Recovery Console installation.

    Also, post new aswMBR log.
  17. VarusTech

    VarusTech Newcomer, in training Topic Starter Posts: 22

    Whenever I get the prompt to install the Recovery Console, I get an error right after that it could not download it. Is this because of the malware? I also cannot get the Avast Virus Definitions to install even after I agree to install them. Anyway, here is the new aswMBR report:


    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-11-13 13:16:54
    -----------------------------
    13:16:54.187 OS Version: Windows 5.1.2600 Service Pack 3
    13:16:54.187 Number of processors: 2 586 0x401
    13:16:54.187 ComputerName: DANIEL-Q09D8YI1 UserName: Daniel
    13:16:55.671 Initialize success
    13:17:01.609 AVAST engine download error: 0
    13:17:07.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    13:17:07.187 Disk 0 Vendor: ST3120814A 3.AAJ Size: 114473MB BusType: 3
    13:17:09.234 Disk 0 MBR read successfully
    13:17:09.234 Disk 0 MBR scan
    13:17:09.234 Disk 0 Windows XP default MBR code
    13:17:09.234 Disk 0 scanning sectors +234420480
    13:17:09.312 Disk 0 scanning C:\WINDOWS\system32\drivers
    13:17:18.015 Service scanning
    13:17:19.000 Modules scanning
    13:17:27.875 Disk 0 trace - called modules:
    13:17:27.906 ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys PCTCore.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
    13:17:27.906 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89ba0ab8]
    13:17:27.906 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> [0x89b96920]
    13:17:27.906 5 PCTCore.sys[f7857407] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89ba8b00]
    13:17:27.906 Scan finished successfully
    13:17:40.421 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Daniel\Desktop\CNS 2.0\MBR.dat"
    13:17:40.421 The log file has been saved successfully to "C:\Documents and Settings\Daniel\Desktop\CNS 2.0\aswMBR2.txt"
  18. Broni

    Broni Malware Annihilator Posts: 45,265   +243

    Looks good now.

    What are the current issues?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  19. VarusTech

    VarusTech Newcomer, in training Topic Starter Posts: 22

    Here is the OTL.txt:


    OTL logfile created on: 11/13/2011 4:50:01 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Daniel\My Documents\Downloads
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.65% Memory free
    3.35 Gb Paging File | 2.47 Gb Available in Paging File | 73.87% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111.78 Gb Total Space | 35.57 Gb Free Space | 31.82% Space Free | Partition Type: NTFS
    Drive D: | 675.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: DANIEL-Q09D8YI1 | User Name: Daniel | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/11/13 16:49:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel\My Documents\Downloads\OTL.exe
    PRC - [2011/11/12 14:54:32 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2011/11/12 14:39:31 | 000,542,672 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
    PRC - [2011/11/11 14:24:29 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdjcoms.exe
    PRC - [2011/11/11 14:24:28 | 000,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdjserv.exe
    PRC - [2011/11/11 14:17:08 | 000,098,304 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
    PRC - [2011/11/11 14:17:07 | 001,916,248 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Smith Micro\StuffIt 2010\ArcNameService.exe
    PRC - [2011/11/11 14:17:03 | 000,534,528 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-623PI Wireless Client Utility\NICServ.exe
    PRC - [2011/11/11 14:17:02 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
    PRC - [2011/11/11 14:17:00 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    PRC - [2011/10/07 20:50:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    PRC - [2011/08/01 16:08:10 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\steam.exe
    PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/11/13 10:53:22 | 014,410,024 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll
    MOD - [2011/11/13 10:52:21 | 000,194,344 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll
    MOD - [2011/11/13 10:52:18 | 000,091,432 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-50.dll
    MOD - [2011/11/13 10:52:14 | 000,155,432 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-52.dll
    MOD - [2011/11/13 10:52:13 | 000,914,216 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-52.dll
    MOD - [2011/11/11 14:17:03 | 000,534,528 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-623PI Wireless Client Utility\NICServ.exe
    MOD - [2011/10/25 13:38:10 | 000,108,496 | ---- | M] () -- C:\Program Files\PC Tools\PC Tools Security\BDT\BSPatch.dll
    MOD - [2011/10/12 02:13:09 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll
    MOD - [2011/10/12 02:12:57 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\36bf3d5f05a40c9e3cadca5789c8a469\System.Runtime.Remoting.ni.dll
    MOD - [2011/10/12 02:11:52 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
    MOD - [2011/10/12 02:11:40 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
    MOD - [2011/10/12 02:11:16 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
    MOD - [2011/10/12 02:10:04 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
    MOD - [2011/10/12 02:09:54 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
    MOD - [2011/10/12 02:09:41 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
    MOD - [2011/10/12 02:09:20 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
    MOD - [2009/11/28 02:29:20 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3559.38418__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll
    MOD - [2009/11/28 02:29:20 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3559.38418__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll
    MOD - [2009/11/28 02:29:20 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3559.38424__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll
    MOD - [2009/11/28 02:29:20 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3559.38418__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll
    MOD - [2009/11/28 02:29:19 | 001,728,512 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3559.38290__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
    MOD - [2009/11/28 02:29:19 | 000,290,816 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3559.38265__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
    MOD - [2009/11/28 02:29:19 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3559.38292__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
    MOD - [2009/11/28 02:29:19 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3559.38285__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
    MOD - [2009/11/28 02:29:19 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3559.38276__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
    MOD - [2009/11/28 02:29:18 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3559.38397__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
    MOD - [2009/11/28 02:29:18 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3559.38275__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
    MOD - [2009/11/28 02:29:17 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3559.38399__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
    MOD - [2009/11/28 02:29:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3559.38352__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
    MOD - [2009/11/28 02:29:13 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3559.38292__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
    MOD - [2009/11/28 02:29:12 | 000,712,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3559.38278__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
    MOD - [2009/11/28 02:29:10 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
    MOD - [2009/11/28 02:29:10 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
    MOD - [2009/11/28 02:29:10 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
    MOD - [2009/11/28 02:29:10 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
    MOD - [2009/11/28 02:29:10 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
    MOD - [2009/11/28 02:29:10 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
    MOD - [2009/11/28 02:29:10 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
    MOD - [2009/11/28 02:29:10 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
    MOD - [2009/11/28 02:29:08 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
    MOD - [2009/11/28 02:29:08 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll
    MOD - [2009/11/28 02:29:08 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll
    MOD - [2009/11/28 02:29:08 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll
    MOD - [2009/11/28 02:29:08 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll
    MOD - [2009/11/28 02:29:08 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll
    MOD - [2009/11/28 02:29:08 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll
    MOD - [2009/11/28 02:29:08 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll
    MOD - [2009/11/28 02:29:08 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
    MOD - [2009/11/28 02:29:07 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll
    MOD - [2009/11/28 02:29:07 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
    MOD - [2009/11/28 02:29:07 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
    MOD - [2009/11/28 02:29:07 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
    MOD - [2009/11/28 02:29:07 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll
    MOD - [2009/11/28 02:29:07 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
    MOD - [2009/11/28 02:29:07 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
    MOD - [2009/11/28 02:29:07 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
    MOD - [2009/11/28 02:29:06 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
    MOD - [2009/11/28 02:29:06 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
    MOD - [2009/11/28 02:29:06 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MultiVPU4.Graphics.Shared\2.0.3309.28642__90ba9c70f846762e\CLI.Aspect.MultiVPU4.Graphics.Shared.dll
    MOD - [2009/11/28 02:29:06 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.3309.28647__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.dll
    MOD - [2009/11/28 02:29:05 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
    MOD - [2009/11/28 02:29:04 | 000,503,808 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3559.38437__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
    MOD - [2009/11/28 02:29:04 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3559.38409__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
    MOD - [2009/11/28 02:29:04 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
    MOD - [2009/11/28 02:29:04 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll
    MOD - [2009/11/28 02:29:04 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll
    MOD - [2009/11/28 02:29:03 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3559.38390__90ba9c70f846762e\MOM.Implementation.dll
    MOD - [2009/11/28 02:29:03 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
    MOD - [2009/11/28 02:29:03 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
    MOD - [2009/11/28 02:29:03 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
    MOD - [2009/11/28 02:29:03 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3559.38259__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
    MOD - [2009/11/28 02:29:02 | 000,544,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3559.38383__90ba9c70f846762e\CLI.Component.Systemtray.dll
    MOD - [2009/11/28 02:29:02 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3559.38284__90ba9c70f846762e\CLI.Component.Wizard.dll
    MOD - [2009/11/28 02:29:02 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3559.38388__90ba9c70f846762e\LOG.Foundation.Implementation.dll
    MOD - [2009/11/28 02:29:02 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll
    MOD - [2009/11/28 02:29:02 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll
    MOD - [2009/11/28 02:29:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
    MOD - [2009/11/28 02:29:02 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
    MOD - [2009/11/28 02:29:01 | 001,019,904 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Eeu\2.0.3559.38367__90ba9c70f846762e\CLI.Component.Eeu.dll
    MOD - [2009/11/28 02:29:01 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3559.38262__90ba9c70f846762e\CLI.Component.Runtime.dll
    MOD - [2009/11/28 02:29:01 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3559.38264__90ba9c70f846762e\CLI.Component.SkinFactory.dll
    MOD - [2009/11/28 02:29:01 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
    MOD - [2009/11/28 02:29:00 | 001,142,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3559.38271__90ba9c70f846762e\CLI.Component.Dashboard.dll
    MOD - [2009/11/28 02:29:00 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
    MOD - [2009/11/28 02:29:00 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
    MOD - [2009/11/28 02:28:59 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3559.38262__90ba9c70f846762e\ATIDEMOS.dll
    MOD - [2009/11/28 02:28:59 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3559.38261__90ba9c70f846762e\APM.Server.dll
    MOD - [2009/11/28 02:28:59 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
    MOD - [2009/11/28 02:28:59 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3559.38390__90ba9c70f846762e\CCC.Implementation.dll
    MOD - [2009/11/28 02:28:58 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3559.38260__90ba9c70f846762e\AEM.Server.dll
    MOD - [2009/10/01 16:45:50 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
    MOD - [2007/02/27 09:16:25 | 000,103,936 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdjdrpp.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (SQLWriter)
    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - [2011/11/12 14:54:32 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
    SRV - [2011/11/12 14:39:31 | 000,542,672 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
    SRV - [2011/11/12 14:39:29 | 000,402,336 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
    SRV - [2011/11/11 14:24:29 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdjcoms.exe -- (lxdj_device)
    SRV - [2011/11/11 14:24:28 | 000,099,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdjserv.exe -- (lxdjCATSCustConnectService)
    SRV - [2011/11/11 14:17:08 | 000,098,304 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
    SRV - [2011/11/11 14:17:07 | 001,916,248 | ---- | M] (Smith Micro Software, Inc.) [Auto | Running] -- C:\Program Files\Smith Micro\StuffIt 2010\ArcNameService.exe -- (Stuffit Archive Name Service)
    SRV - [2011/11/11 14:17:03 | 000,534,528 | ---- | M] () [Auto | Running] -- C:\Program Files\TRENDnet\TEW-623PI Wireless Client Utility\NICServ.exe -- (NICSer_TEW623PI_WPC370L)
    SRV - [2011/11/11 14:17:02 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
    SRV - [2011/11/11 14:17:00 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
    SRV - [2011/10/28 11:02:02 | 001,117,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
    SRV - [2011/10/07 20:50:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - [2011/11/09 19:13:41 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111111.002\NAVEX15.SYS -- (NAVEX15)
    DRV - [2011/11/09 19:13:41 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2011/11/09 19:13:41 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111111.002\NAVENG.SYS -- (NAVENG)
    DRV - [2011/11/09 01:20:53 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2011/10/28 11:02:54 | 000,185,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PCTSD.sys -- (PCTSD)
    DRV - [2011/10/22 15:11:14 | 000,331,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
    DRV - [2011/10/14 15:10:08 | 000,818,808 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111027.001\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2011/10/07 17:52:12 | 000,660,992 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
    DRV - [2011/10/07 17:52:06 | 000,341,656 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
    DRV - [2011/09/28 13:14:02 | 000,056,840 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PCTBD.sys -- (PCTBD)
    DRV - [2011/08/22 23:17:32 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111110.030\IDSXpx86.sys -- (IDSxpx86)
    DRV - [2011/07/22 08:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 13:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2011/05/24 20:55:06 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2011/03/30 19:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
    DRV - [2011/03/30 19:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV - [2011/03/21 16:39:49 | 000,369,784 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS -- (SYMTDI)
    DRV - [2011/03/14 18:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
    DRV - [2011/01/26 22:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
    DRV - [2011/01/26 21:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
    DRV - [2009/09/29 20:18:22 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2008/04/13 10:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
    DRV - [2008/01/30 18:28:08 | 000,579,456 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86)
    DRV - [2007/06/15 01:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
    DRV - [2005/10/27 14:06:30 | 000,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) Linksys Wireless-G PCI Adapter Driver(RT61)
    DRV - [2005/01/10 09:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
    DRV - [2005/01/10 09:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
    DRV - [2001/08/23 04:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
    DRV - [2001/08/23 04:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
    DRV - [2001/01/02 22:53:30 | 000,019,677 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xbreader.sys -- (xbreader) MaxDrive XBox Driver (xbreader.sys)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-1935655697-484763869-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    IE - HKU\S-1-5-21-1935655697-484763869-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKU\S-1-5-21-1935655697-484763869-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-1935655697-484763869-725345543-1003\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    IE - HKU\S-1-5-21-1935655697-484763869-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1935655697-484763869-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    IE - HKU\S-1-5-21-1935655697-484763869-725345543-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=11: C:\Program Files\Google\Google Updater\2.2.1229.1533\npCIDetect11.dll File not found
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Daniel\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2011/09/30 12:47:00 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_3_6
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2011/11/12 14:27:21 | 000,000,000 | ---D | M]


    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Chrome\Application\15.0.874.120\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Chrome\Application\15.0.874.120\pdf.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
    CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Daniel\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
    CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: AT_CharlotteRonson = C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\obakimnhgahiedhcjlcnohielmendpen\3_0\

    O1 HOSTS File: ([2011/11/13 13:01:49 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll File not found
    O2 - BHO: (PC Tools Browser Defender BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.dll (Symantec Corporation)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll File not found
    O3 - HKLM\..\Toolbar: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll File not found
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll File not found
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O3 - HKU\S-1-5-21-1935655697-484763869-725345543-1003\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll File not found
    O3 - HKU\S-1-5-21-1935655697-484763869-725345543-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
    O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
    O4 - HKLM..\Run: [Google Updater] C:\Program Files\Google\Google Updater\GoogleUpdater.exe (Google)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-21-1935655697-484763869-725345543-1003..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
    O4 - HKU\S-1-5-21-1935655697-484763869-725345543-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TEW-623PI Wireless Client Utility.lnk = File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1935655697-484763869-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1935655697-484763869-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1935655697-484763869-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-1935655697-484763869-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-1935655697-484763869-725345543-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1935655697-484763869-725345543-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
    O15 - HKU\S-1-5-21-1935655697-484763869-725345543-1003\..Trusted Domains: ([]msn in My Computer)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab (DLM Control)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1211123166485 (WUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6E6602B-443D-4AFC-A4DC-5C74A8B01283}: DhcpNameServer = 192.168.10.1
    O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\Msdxm6.ocx (Microsoft Corporation)
    O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\Daniel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Daniel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/05/16 18:26:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2001/08/23 19:21:18 | 000,000,067 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
    Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/11/13 10:20:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2011/11/13 09:44:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/11/13 09:44:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/11/13 09:44:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/11/13 09:44:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/11/13 09:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/11/13 09:44:01 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/11/12 18:12:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
    [2011/11/12 14:53:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel\Application Data\SUPERAntiSpyware.com
    [2011/11/12 14:52:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    [2011/11/12 14:52:47 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2011/11/12 14:52:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2011/11/12 14:27:19 | 000,056,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTBD.sys
    [2011/11/12 14:27:17 | 002,291,664 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
    [2011/11/12 14:27:17 | 001,681,360 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
    [2011/11/12 14:27:17 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
    [2011/11/12 14:26:17 | 000,252,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
    [2011/11/12 14:26:05 | 000,017,848 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctBTFix.sys
    [2011/11/12 14:26:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
  20. VarusTech

    VarusTech Newcomer, in training Topic Starter Posts: 22

    [2011/11/12 14:25:56 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
    [2011/11/12 14:21:33 | 000,660,992 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
    [2011/11/12 14:21:32 | 000,341,656 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
    [2011/11/12 14:21:29 | 000,331,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
    [2011/11/12 14:21:29 | 000,162,584 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
    [2011/11/12 14:21:27 | 000,185,560 | ---- | C] (PC Tools) --C:\WINDOWS\System32\drivers\PCTSD.sys
    [2011/11/12 14:21:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
    [2011/11/12 14:21:26 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
    [2011/11/12 14:20:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
    [2011/11/12 14:20:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel\Application Data\TestApp
    [2011/11/12 13:52:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
    [2011/11/11 14:18:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2011/11/11 14:17:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2011/11/06 17:05:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2011/11/06 14:48:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
    [2011/11/06 14:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
    [2011/11/05 21:17:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\3DO
    [2011/11/05 21:15:07 | 000,000,000 | ---D | C] -- C:\Program Files\3DO
    [2011/11/03 20:03:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel\My Documents\SimCity Societies
    [2011/11/03 19:59:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Electronic Arts
    [2011/11/03 19:48:09 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
    [2011/10/29 08:34:33 | 000,000,000 | ---D | C] -- C:\Program Files\Kalypso
    [2011/10/28 07:25:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
    [2011/10/21 23:49:24 | 000,000,000 | ---D | C] -- C:\Program Files\Tropico
    [2011/10/21 23:49:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tropico
    [2011/10/21 22:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Impressions Games
    [2011/10/21 22:21:21 | 000,000,000 | ---D | C] -- C:\Impressions Games
    [2011/10/21 19:23:38 | 000,000,000 | ---D | C] -- C:\Program Files\FireFly Studios
    [2011/10/21 19:23:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FireFly Studios
    [2011/10/21 17:41:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DK Multimedia
    [2011/10/21 17:41:14 | 000,000,000 | ---D | C] -- C:\MMAPP
    [2011/10/20 14:05:42 | 000,065,536 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
    [2008/09/14 12:30:28 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjinpa.dll
    [2008/09/14 12:30:28 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjhcp.dll
    [2008/09/14 12:30:27 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjserv.dll
    [2008/09/14 12:30:27 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjusb1.dll
    [2008/09/14 12:30:27 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjiesc.dll
    [2008/09/14 12:30:26 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjpmui.dll
    [2008/09/14 12:30:26 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjlmpm.dll
    [2008/09/14 12:30:26 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjprox.dll
    [2008/09/14 12:30:26 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjpplc.dll
    [2008/09/14 12:30:25 | 000,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjhbn3.dll
    [2008/09/14 12:30:25 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjih.exe
    [2008/09/14 12:30:24 | 000,537,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjcoms.exe
    [2008/09/14 12:30:23 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjcomc.dll
    [2008/09/14 12:30:23 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjcomm.dll
    [2008/09/14 12:30:23 | 000,394,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjcfg.exe
    [2002/04/11 00:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
    [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/11/13 16:54:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-484763869-725345543-1003UA.job
    [2011/11/13 16:00:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/11/13 13:25:00 | 000,000,820 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2011/11/13 13:01:49 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/11/13 12:35:14 | 000,000,928 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\Shortcut to SystemLook.exe.lnk
    [2011/11/13 10:47:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/11/13 10:47:42 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/11/13 10:38:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/11/13 09:43:23 | 000,000,663 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\Shortcut to ComboFix.exe.lnk
    [2011/11/13 09:38:14 | 000,000,651 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\Shortcut to aswMBR.exe.lnk
    [2011/11/13 09:33:09 | 000,000,948 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\Shortcut to tdsskiller (1).exe.lnk
    [2011/11/12 21:23:48 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/11/12 17:15:33 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Daniel.job
    [2011/11/12 14:52:52 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/11/12 14:26:06 | 000,001,809 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Spyware Doctor.lnk
    [2011/11/12 14:21:58 | 000,708,350 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
    [2011/11/12 12:14:33 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/11/12 09:54:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-484763869-725345543-1003Core.job
    [2011/11/11 14:24:29 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\System32\lxdjcoms.exe
    [2011/11/10 19:57:13 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Daniel\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2011/11/10 19:57:11 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\Google Chrome.lnk
    [2011/11/10 03:09:53 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/11/07 20:00:01 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Daniel.job
    [2011/11/06 11:33:30 | 000,483,064 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/11/06 11:33:29 | 000,086,774 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/11/04 23:25:04 | 000,000,280 | ---- | M] () -- C:\{DC6F5D94-DC48-4D53-8C79-AAEF752762EA}
    [2011/11/03 19:59:25 | 000,001,902 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SimCity™ Societies.lnk
    [2011/10/30 17:24:28 | 000,285,176 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2011/10/30 17:24:28 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2011/10/30 17:24:24 | 000,285,176 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2011/10/28 11:03:18 | 000,070,536 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
    [2011/10/28 11:02:54 | 000,185,560 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
    [2011/10/28 11:01:36 | 000,017,848 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctBTFix.sys
    [2011/10/28 10:40:58 | 000,252,840 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
    [2011/10/28 07:23:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
    [2011/10/25 13:38:20 | 000,149,456 | ---- | M] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
    [2011/10/25 13:38:18 | 002,291,664 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
    [2011/10/25 13:38:18 | 001,681,360 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
    [2011/10/25 13:38:08 | 000,767,952 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
    [2011/10/22 21:28:03 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\Fallout Mod Manager.lnk
    [2011/10/22 15:11:14 | 000,331,880 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
    [2011/10/22 15:11:08 | 000,162,584 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
    [2011/10/21 23:53:56 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tropico.lnk
    [2011/10/21 22:24:45 | 000,001,582 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\Pharaoh and Cleopatra.lnk
    [2011/10/21 22:24:44 | 000,000,128 | ---- | M] () -- C:\WINDOWS\Sierra.ini
    [2011/10/21 19:26:40 | 000,000,768 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\Shortcut to Stronghold.exe.lnk
    [2011/10/21 17:40:42 | 000,000,824 | ---- | M] () -- C:\WINDOWS\QT$INST$.~32
    [2011/10/21 17:40:35 | 000,000,037 | ---- | M] () -- C:\WINDOWS\Qtw.ini
    [2011/10/20 13:17:49 | 000,353,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/11/13 12:35:14 | 000,000,928 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\Shortcut to SystemLook.exe.lnk
    [2011/11/13 09:44:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/11/13 09:44:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/11/13 09:44:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/11/13 09:44:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/11/13 09:44:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/11/13 09:43:23 | 000,000,663 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\Shortcut to ComboFix.exe.lnk
    [2011/11/13 09:38:14 | 000,000,651 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\Shortcut to aswMBR.exe.lnk
    [2011/11/13 09:33:09 | 000,000,948 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\Shortcut to tdsskiller (1).exe.lnk
    [2011/11/12 14:52:52 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/11/12 14:27:18 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
    [2011/11/12 14:27:18 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
    [2011/11/12 14:27:17 | 000,003,488 | ---- | C] () -- C:\WINDOWS\UDB.zip
    [2011/11/12 14:27:17 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
    [2011/11/12 14:27:17 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
    [2011/11/12 14:26:06 | 000,001,809 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Spyware Doctor.lnk
    [2011/11/12 14:21:36 | 000,708,350 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
    [2011/11/12 12:14:32 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/11/04 23:25:03 | 000,000,280 | ---- | C] () -- C:\{DC6F5D94-DC48-4D53-8C79-AAEF752762EA}
    [2011/11/03 19:59:25 | 000,001,902 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SimCity™ Societies.lnk
    [2011/10/30 17:23:32 | 000,003,250 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
    [2011/10/28 07:23:40 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2011/10/28 07:23:39 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2011/10/28 07:23:39 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2011/10/28 07:23:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
    [2011/10/22 21:28:03 | 000,000,921 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\Fallout Mod Manager.lnk
    [2011/10/21 23:49:24 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tropico.lnk
    [2011/10/21 22:24:45 | 000,001,582 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\Pharaoh and Cleopatra.lnk
    [2011/10/21 22:24:44 | 000,000,128 | ---- | C] () -- C:\WINDOWS\Sierra.ini
    [2011/10/21 19:26:40 | 000,000,768 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\Shortcut to Stronghold.exe.lnk
    [2011/10/21 17:40:40 | 000,000,824 | ---- | C] () -- C:\WINDOWS\QT$INST$.~32
    [2011/10/21 17:40:35 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Qtw.ini
    [2011/10/20 14:05:41 | 002,130,002 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
    [2011/07/25 07:48:34 | 000,041,036 | ---- | C] () -- C:\Program Files\monofont.ttf
    [2011/05/18 16:48:11 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Daniel\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2011/05/18 16:42:57 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2010/09/12 15:00:18 | 000,354,304 | ---- | C] () -- C:\WINDOWS\System32\pythoncom26.dll
    [2010/09/12 15:00:18 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\pywintypes26.dll
    [2010/08/13 14:24:26 | 000,000,003 | ---- | C] () -- C:\WINDOWS\sw_app.sys
    [2010/08/13 14:24:26 | 000,000,003 | ---- | C] () -- C:\WINDOWS\approval.dat
    [2010/08/13 14:24:16 | 000,000,003 | ---- | C] () -- C:\WINDOWS\sw_ver.dat
    [2009/12/20 21:13:41 | 000,002,554 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
    [2009/12/20 21:13:31 | 000,000,187 | ---- | C] () -- C:\WINDOWS\SimTower.ini
    [2009/11/27 11:41:35 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
    [2009/11/06 09:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
    [2009/04/01 21:11:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
    [2009/01/27 21:35:03 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2009/01/21 17:58:36 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
    [2009/01/19 10:56:29 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
    [2009/01/10 01:28:36 | 000,000,871 | ---- | C] () -- C:\WINDOWS\eReg.dat
    [2008/11/14 19:29:59 | 000,012,496 | ---- | C] () -- C:\WINDOWS\MSPuzzle.dat
    [2008/10/11 02:27:33 | 000,000,220 | ---- | C] () -- C:\WINDOWS\cncscore.ini
    [2008/10/11 02:21:06 | 000,286,208 | ---- | C] () -- C:\WINDOWS\System32\CNCS232.DLL
    [2008/10/07 21:17:04 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Daniel\Application Data\PFP120JPR.{PB
    [2008/10/07 21:17:04 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Daniel\Application Data\PFP120JCM.{PB
    [2008/09/14 12:32:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdjvs.dll
    [2008/09/14 12:32:07 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdjcoin.dll
    [2008/09/14 12:30:53 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\lxdjrwrd.ini
    [2008/09/14 12:30:28 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\lxdjinst.dll
    [2008/09/14 12:30:24 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdjgrd.dll
    [2008/09/13 14:31:19 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2008/06/14 10:03:56 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Daniel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/06/01 19:06:09 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
    [2008/05/18 09:55:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
    [2008/05/18 09:51:30 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
    [2008/05/18 07:34:51 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2008/05/16 18:35:56 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
    [2008/05/16 18:27:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2008/05/16 18:24:27 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2008/05/16 11:16:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2008/05/16 11:16:06 | 000,353,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2008/03/28 19:36:13 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
    [2008/03/28 19:36:13 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
    [2008/03/28 19:36:13 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
    [2008/03/06 06:40:54 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
    [2005/05/03 10:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
    [2003/10/02 09:48:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
    [2002/09/18 00:45:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe
    [2001/08/23 04:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2001/08/23 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2001/08/23 04:00:00 | 000,483,064 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2001/08/23 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2001/08/23 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2001/08/23 04:00:00 | 000,086,774 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2001/08/23 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2001/08/23 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2001/08/23 04:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2001/08/23 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2001/08/23 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2000/01/28 00:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\wrkgadm.exe
    [2000/01/28 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
    [1999/12/06 23:00:00 | 000,024,975 | ---- | C] () -- C:\WINDOWS\twain_16.dll

    ========== LOP Check ==========

    [2010/09/24 10:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2009/08/30 11:20:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
    [2011/08/05 22:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fallout3
    [2011/11/12 13:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
    [2009/10/17 12:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
    [2008/08/21 21:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SimCity Societies
    [2011/10/10 07:44:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Smith Micro
    [2009/02/07 16:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    [2010/08/21 16:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\.minecraft
    [2011/06/15 15:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\BitTorrent
    [2010/12/16 23:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\BSplayer
    [2010/12/16 22:52:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\BSplayer Pro
    [2008/08/31 12:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\DNA
    [2010/06/17 11:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\gtk-2.0
    [2009/01/19 10:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\Leadertech
    [2009/08/17 20:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\Stella
    [2010/11/19 10:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\Subversion
    [2011/11/12 14:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\TestApp
    [2010/03/15 20:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\Ubisoft
    [2011/09/22 21:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\Unity

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2008/05/16 18:26:29 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/07/27 14:07:47 | 000,000,211 | -HS- | M] () -- C:\boot.ini
    [2011/11/13 13:05:27 | 000,018,000 | ---- | M] () -- C:\ComboFix.txt
    [2008/05/16 18:26:29 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2009/01/21 17:51:47 | 000,000,104 | ---- | M] () -- C:\Delapp.bat
    [2011/03/17 21:38:19 | 000,035,354 | ---- | M] () -- C:\drwtsn32.log
    [2008/05/16 18:26:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/11/11 14:19:40 | 000,006,734 | ---- | M] () -- C:\lxdj.log
    [2008/05/16 18:26:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2008/05/18 07:39:26 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/05/18 08:10:21 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/11/13 10:38:35 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
    [2010/07/26 04:48:10 | 000,000,592 | ---- | M] () -- C:\rkill.log
    [2011/11/12 12:47:54 | 000,049,248 | ---- | M] () -- C:\TDSSKiller.2.6.18.0_12.11.2011_12.46.25_log.txt
    [2011/11/12 13:21:56 | 000,049,248 | ---- | M] () -- C:\TDSSKiller.2.6.18.0_12.11.2011_13.20.33_log.txt
    [2011/11/12 19:21:09 | 000,104,008 | ---- | M] () -- C:\TDSSKiller.2.6.18.0_12.11.2011_19.20.12_log.txt
    [2011/11/12 19:24:27 | 000,001,832 | ---- | M] () -- C:\TDSSKiller.2.6.18.0_12.11.2011_19.23.56_log.txt
    [2011/11/13 09:34:59 | 000,052,112 | ---- | M] () -- C:\TDSSKiller.2.6.18.0_13.11.2011_09.33.23_log.txt
    [2011/08/04 20:25:58 | 000,000,272 | ---- | M] () -- C:\{207F5618-02CA-43E3-B930-E99F22849122}
    [2011/07/25 20:29:34 | 000,000,272 | ---- | M] () -- C:\{9C217BBD-E821-4257-B6C0-5447D680FC49}
    [2011/11/04 23:25:04 | 000,000,280 | ---- | M] () -- C:\{DC6F5D94-DC48-4D53-8C79-AAEF752762EA}
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    < %systemroot%\Fonts\*.com >
    [2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2008/05/16 18:26:13 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 04:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2007/02/27 09:16:25 | 000,103,936 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdjdrpp.dll
    [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
    [2008/07/06 02:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2009/09/10 20:02:07 | 000,001,778 | -H-- | M] () -- C:\Documents and Settings\Daniel\Application Data\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >
    [2003/10/06 20:36:36 | 000,041,036 | ---- | M] () -- C:\Program Files\monofont.ttf

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/05/16 11:15:18 | 000,090,112 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2008/05/16 11:15:18 | 000,630,784 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2008/05/16 11:15:17 | 000,397,312 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/05/18 08:14:38 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2008/05/18 08:19:10 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Daniel\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2008/05/16 18:31:06 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Daniel\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2010/01/21 21:33:28 | 082,952,744 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Daniel\Desktop\N360S300EN.exe
    [1990/05/17 16:40:54 | 000,086,448 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\TP3.EXE

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >
    [2008/05/18 09:49:24 | 036,940,312 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Documents and Settings\Daniel\My Documents\8-4_xp32_dd_ccc_wdm_enu_60999.exe
    [2008/05/18 10:01:56 | 023,510,720 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Daniel\My Documents\dotnetfx.exe
    [2008/05/18 09:53:09 | 008,912,160 | ---- | M] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\Daniel\My Documents\R91081.EXE
    [2008/05/22 17:14:44 | 001,206,366 | ---- | M] () -- C:\Documents and Settings\Daniel\My Documents\wrar371.exe

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2008/05/18 08:19:10 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Daniel\Favorites\Desktop.ini
    [2008/05/18 18:20:29 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Daniel\Favorites\Internet.lnk

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/01/10 09:41:33 | 000,000,630 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/11/13 16:49:10 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Daniel\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2009/01/30 16:40:22 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2001/05/02 14:24:18 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\blogo.gif
    [2008/04/13 16:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/07/17 10:41:08 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2001/03/07 05:00:26 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2001/05/22 12:06:52 | 000,000,866 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
    [2008/05/02 06:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 09:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 16:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2001/02/01 05:00:26 | 000,000,685 | ---- | M] () -- C:\Program Files\Messenger\msmsgs.exe.manifest
    [2001/08/01 20:58:12 | 000,016,415 | ---- | M] () -- C:\Program Files\Messenger\msmsgsin.exe
    [2004/07/17 10:41:08 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004/07/17 10:41:08 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004/07/17 10:41:08 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2000/12/05 12:10:32 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/07/17 10:41:04 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
    "NoAutoRebootWithLoggedOnUsers" = 1

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Daniel\Desktop\N360S300EN.exe:SummaryInformation

    < End of report >
  21. VarusTech

    VarusTech Newcomer, in training Topic Starter Posts: 22

    The Extras.txt:


    OTL Extras logfile created on: 11/13/2011 4:50:01 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Daniel\My Documents\Downloads
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.65% Memory free
    3.35 Gb Paging File | 2.47 Gb Available in Paging File | 73.87% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111.78 Gb Total Space | 35.57 Gb Free Space | 31.82% Space Free | Partition Type: NTFS
    Drive D: | 675.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: DANIEL-Q09D8YI1 | User Name: Daniel | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-1935655697-484763869-725345543-1003\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "3389:TCP" = 3389:TCP:*:Disabled:mad:xpsp2res.dll,-22009

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "3389:TCP" = 3389:TCP:*:Disabled:mad:xpsp2res.dll,-22009

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Lexmark 1400 Series\app4r.exe" = C:\Program Files\Lexmark 1400 Series\app4r.exe:*:Enabled:printing Application

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
    "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
    "C:\WINDOWS\system32\lxdjcoms.exe" = C:\WINDOWS\system32\lxdjcoms.exe:*:Enabled:1400 Series Server -- ( )
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdjpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdjpswx.exe:*:Enabled: -- ()
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdjjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdjjswx.exe:*:Enabled: -- ()
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdjtime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdjtime.exe:*:Enabled: -- (Lexmark International, Inc.)
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdjwbgw.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdjwbgw.exe:*:Enabled: -- ()
    "C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
    "C:\Program Files\Steam\SteamApps\huthah\half-life\hl.exe" = C:\Program Files\Steam\SteamApps\huthah\half-life\hl.exe:*:Enabled:Half-Life -- (Valve)
    "C:\Program Files\Steam\SteamApps\common\grand theft auto 2\gta2.exe" = C:\Program Files\Steam\SteamApps\common\grand theft auto 2\gta2.exe:*:Enabled:Grand Theft Auto 2 -- (Rockstar North)
    "C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
    "{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
    "{06053AB3-B607-B752-3252-4A2EA9E9761E}" = CCC Help Dutch
    "{0B4A8658-43F1-50CA-AF30-C67E3AE2C9ED}" = CCC Help Greek
    "{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}" = SimCity™ Societies
    "{0CC61470-D776-2353-D5CB-C7BC20204863}" = CCC Help Finnish
    "{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
    "{12655AB3-9285-A2F0-5BBC-C5C45E4D718C}" = CCC Help Czech
    "{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
    "{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel(R) PROSet for Wired Connections
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
    "{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
    "{2205B8AE-490E-43F2-AB43-C13C2BEC86A7}" = DDS Thumbnail Viewer
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{23D683DD-93C6-48E6-B84E-78B57778F126}" = Oblivion - Construction Set
    "{24700C01-3A72-29D4-001B-6EE6BF71EB5E}" = CCC Help Korean
    "{26262388-95BF-58B0-CD46-A8F957BB67BF}" = Catalyst Control Center Graphics Full Existing
    "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 29
    "{26A7FC57-FC21-4CA9-85BD-4324B3294D8B}" = StuffIt 2010
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    "{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
    "{329376FB-FB6C-C587-F483-07E3418456F5}" = ccc-utility
    "{33A38A8B-9E1E-BCBB-EA87-CE797EC75080}" = CCC Help Chinese Traditional
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{369EEB32-64D1-F22A-1B2C-A3E81582E767}" = CCC Help Japanese
    "{3FCD8F30-057D-C96F-AEF4-B0D77DE9730C}" = CCC Help Portuguese
    "{46605BDE-7F82-DB0F-7906-3279A7E639BE}" = Catalyst Control Center Localization All
    "{4723f199-fa64-4233-8e6e-9fccc95a18ee}" = Python 2.6.5
    "{47836B39-2465-4F39-9D7E-52F70A1C3D72}" = Axis & Allies
    "{480A8E00-D808-7D79-977B-CEBBB3BEB409}" = CCC Help French
    "{48C7FD10-D6AD-8EE0-2E8E-0480C4EEB1BD}" = Catalyst Control Center HydraVision Full
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{5CA7ABC3-5F89-3A1D-A113-046EA4C7FCEB}" = ccc-core-static
    "{6478FF30-60A5-4CAE-AC7E-B04309EFDE5D}" = The Secret of the Silver Earring
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
    "{6F77AD48-BA04-F868-2D04-FC1BFF5E00BA}" = Catalyst Control Center Graphics Light
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{788907C5-C83B-9785-A1F0-67050017324E}" = CCC Help Spanish
    "{7F5F1767-88C6-CBFC-5DD3-D853343FD5AE}" = CCC Help German
    "{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
    "{818FB39B-1A57-4F1B-A54D-391C33D6C596}" = Tropico
    "{821DABD6-26F2-49E5-AE55-40A589ADBE6D}" = Pharaoh and Cleopatra
    "{84DE3702-3262-BE38-27E8-5ED423D803C6}" = CCC Help Chinese Standard
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
    "{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
    "{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{95053B5A-42E0-830E-85BD-733FAFC28BA7}" = ccc-core-preinstall
    "{958DE2CC-E767-405F-91EA-B0E899AB582C}" = 802.11 Wireless Client Utility
    "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B40D533-4F38-893D-EE5A-17226104BBC2}" = Skins
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
    "{A08CB73B-5DEA-185D-5D98-2230004D75ED}" = CCC Help Danish
    "{A22D91C3-E7BD-CBEE-7CDC-DE4C42FA27B7}" = CCC Help Hungarian
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
    "{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{AD0DD974-ADC2-8C10-DFA6-C1203A6E5106}" = CCC Help Polish
    "{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
    "{B014F739-B305-5319-D996-6612BD60ED74}" = CCC Help Swedish
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.58
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.58
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.95
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
    "{B343B0E3-212A-40B9-8207-1BD299228F5D}" = Fallout 3 - The Garden of Eden Creation Kit
    "{BED27751-CD2A-4C2F-9813-00B9B60C76FE}" = Railroad Tycoon II - Platinum
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C570CAF4-D734-5412-C842-9AB150803074}" = Catalyst Control Center Core Implementation
    "{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
    "{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D01F5B2C-2776-6C46-441C-E819C08DF4FF}" = CCC Help Turkish
    "{D2FCA53F-F568-D08A-458F-F7C9769A30ED}" = CCC Help Norwegian
    "{D89B70AB-CF91-36A4-8658-FACA3AF6A654}" = Catalyst Control Center Graphics Previews Common
    "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
    "{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set
    "{DF1274DC-02D4-B2D7-6197-5D24E1EF84B1}" = CCC Help Thai
    "{E000D42E-5842-20A6-EEB1-6DED8C2746C5}" = CCC Help Italian
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E4C1DBF1-67D9-4973-9DEC-677E695E7CE0}" = AxCrypt 1.7.2126.0
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
    "{E7679B31-21F5-4AAE-1620-0DFACF702325}" = Catalyst Control Center Graphics Full New
    "{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
    "{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
    "{F83491F9-7CDF-46A7-9994-9E002CE5CE75}" = CCC Help Russian
    "{FDE409B1-1FF3-DC39-083E-C0F4ED496D5E}" = CCC Help English
    "{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
    "7-Zip" = 7-Zip 9.20
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "All ATI Software" = ATI - Software Uninstall Utility
    "Army Men II" = Army Men II
    "ATI Display Driver" = ATI Display Driver
    "Audacity_is1" = Audacity 1.2.6
    "BitTorrent" = BitTorrent
    "BOSS" = BOSS
    "Browser Defender_is1" = Browser Defender 4.0
    "Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
    "CAL" = Canon Camera Access Library
    "CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
    "CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
    "CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
    "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
    "Chatango" = Chatango Message Catcher
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "CSCLIB" = Canon Camera Support Core Library
    "DaggerfallSetup_is1" = Daggerfall
    "EOS Utility" = Canon Utilities EOS Utility
    "Fallout Mod Manager_is1" = Fallout Mod Manager 0.12.6
    "GCFScape_is1" = GCFScape 1.8.2
    "Google Updater" = Google Updater
    "Half-Life 2 Runes" = Half-Life 2 Runes
    "HLFX: Lost in Black Mesa" = HLFX: Lost in Black Mesa
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "MS Access 97 SP2" = MS Access 97 SP2
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "N360" = Norton 360
    "NSS" = Norton Security Scan
    "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
    "Office14.SingleImage" = Microsoft Office Home and Student 2010
    "PhotoStitch" = Canon Utilities PhotoStitch
    "Puzzle Collection" = Microsoft Entertainment Pack: The Puzzle Collection
    "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
    "Reissues" = Reissues Final 1.1
    "RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
    "Spyware Doctor" = PC Tools Spyware Doctor 9.0
    "Steam App 12180" = Grand Theft Auto 2
    "Steam App 211" = Source SDK
    "Steam App 215" = Source SDK Base
    "Steam App 218" = Source SDK Base - Orange Box
    "Steam App 220" = Half-Life 2
    "Steam App 340" = Half-Life 2: Lost Coast
    "Steam App 380" = Half-Life 2: Episode One
    "Steam App 420" = Half-Life 2: Episode Two
    "Steam App 70" = Half-Life
    "Streets of Rage 2_is1" = Streets of Rage 2
    "SvenCoop" = Sven Co-op 4.0B
    "ULTIMATER" = Microsoft Office Ultimate 2007
    "Unlocker" = Unlocker 1.8.9
    "VTF Explorer_is1" = VTF Explorer 1.3
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinGimp-2.0_is1" = GIMP 2.6.7
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1935655697-484763869-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "BitTorrent" = BitTorrent
    "BitTorrent DNA" = DNA
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/6/2011 12:41:37 AM | Computer Name = DANIEL-Q09D8YI1 | Source = Application Error | ID = 1000
    Description = Faulting application fallout3.exe, version 1.7.0.3, faulting module
    fallout3.exe, version 1.7.0.3, fault address 0x000e868e.

    Error - 11/6/2011 12:42:29 AM | Computer Name = DANIEL-Q09D8YI1 | Source = Application Error | ID = 1000
    Description = Faulting application fallout3.exe, version 1.7.0.3, faulting module
    fallout3.exe, version 1.7.0.3, fault address 0x00119241.

    Error - 11/6/2011 12:53:04 AM | Computer Name = DANIEL-Q09D8YI1 | Source = Application Error | ID = 1000
    Description = Faulting application fallout3.exe, version 1.7.0.3, faulting module
    fallout3.exe, version 1.7.0.3, fault address 0x00119241.

    Error - 11/6/2011 12:53:15 AM | Computer Name = DANIEL-Q09D8YI1 | Source = Application Error | ID = 1001
    Description = Fault bucket 1570335455.

    Error - 11/6/2011 12:53:44 AM | Computer Name = DANIEL-Q09D8YI1 | Source = Application Error | ID = 1000
    Description = Faulting application fallout3.exe, version 1.7.0.3, faulting module
    fallout3.exe, version 1.7.0.3, fault address 0x00119241.

    Error - 11/10/2011 7:40:42 PM | Computer Name = DANIEL-Q09D8YI1 | Source = Application Error | ID = 1000
    Description = Faulting application stuffit14.exe, version 14.0.0.18, faulting module
    stuffit14.exe, version 14.0.0.18, fault address 0x00090067.

    Error - 11/11/2011 6:13:13 PM | Computer Name = DANIEL-Q09D8YI1 | Source = Application Error | ID = 1000
    Description = Faulting application stuffit14.exe, version 14.0.0.18, faulting module
    urlmon.dll, version 6.0.2900.6148, fault address 0x0000e9e6.

    Error - 11/12/2011 4:12:27 PM | Computer Name = DANIEL-Q09D8YI1 | Source = MBAMService | ID = 131073
    Description =

    Error - 11/12/2011 6:27:32 PM | Computer Name = DANIEL-Q09D8YI1 | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 11/12/2011 6:27:32 PM | Computer Name = DANIEL-Q09D8YI1 | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    [ System Events ]
    Error - 11/13/2011 12:47:50 AM | Computer Name = DANIEL-Q09D8YI1 | Source = Service Control Manager | ID = 7023
    Description = The Network Location Awareness (NLA) service terminated with the following
    error: %%127

    Error - 11/13/2011 12:47:56 AM | Computer Name = DANIEL-Q09D8YI1 | Source = Service Control Manager | ID = 7023
    Description = The Network Location Awareness (NLA) service terminated with the following
    error: %%127

    Error - 11/13/2011 12:47:58 AM | Computer Name = DANIEL-Q09D8YI1 | Source = Service Control Manager | ID = 7023
    Description = The Network Location Awareness (NLA) service terminated with the following
    error: %%127

    Error - 11/13/2011 12:48:20 AM | Computer Name = DANIEL-Q09D8YI1 | Source = Service Control Manager | ID = 7023
    Description = The Network Location Awareness (NLA) service terminated with the following
    error: %%127

    Error - 11/13/2011 12:49:08 AM | Computer Name = DANIEL-Q09D8YI1 | Source = Service Control Manager | ID = 7023
    Description = The Network Location Awareness (NLA) service terminated with the following
    error: %%127

    Error - 11/13/2011 5:00:16 AM | Computer Name = DANIEL-Q09D8YI1 | Source = DCOM | ID = 10010
    Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
    with DCOM within the required timeout.

    Error - 11/13/2011 5:00:47 AM | Computer Name = DANIEL-Q09D8YI1 | Source = DCOM | ID = 10010
    Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
    with DCOM within the required timeout.

    Error - 11/13/2011 5:01:18 AM | Computer Name = DANIEL-Q09D8YI1 | Source = DCOM | ID = 10010
    Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
    with DCOM within the required timeout.

    Error - 11/13/2011 5:01:48 AM | Computer Name = DANIEL-Q09D8YI1 | Source = DCOM | ID = 10010
    Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
    with DCOM within the required timeout.

    Error - 11/13/2011 10:00:34 AM | Computer Name = DANIEL-Q09D8YI1 | Source = Service Control Manager | ID = 7023
    Description = The Network Location Awareness (NLA) service terminated with the following
    error: %%127


    < End of report >
  22. Broni

    Broni Malware Annihilator Posts: 45,265   +243

    I can't continue because you didn't answer my question:
  23. VarusTech

    VarusTech Newcomer, in training Topic Starter Posts: 22

    To tell the truth, things are much better! Google doesn't redirect me anymore and my webpages load normally again instead of taking forever and often losing the connection. If it's ok to check Norton 360 again I'll let you know if it's running again.
  24. Broni

    Broni Malware Annihilator Posts: 45,265   +243

    Good news :)

    Yes you can re-enable Norton.

    I'll check your OTL logs now.....
  25. VarusTech

    VarusTech Newcomer, in training Topic Starter Posts: 22

    I'm having trouble starting Norton 360. I can click on the desktop icon but nothing loads, also when I try starting Norton as a New Task in Task Manager it still won't start. Is this from the malware or is this a problem with Norton itself?


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.