TechSpot

Infected with tidserv trojan

Solved
By uNo
Mar 31, 2011
  1. Running Windows 7 and I began getting pop up notifcations from Norton SEP saying "tidserv activity detected" & "Web Attack: Blackhole Toolkit Website detected". I have already gone through the 8(6) steps and here are the logs: (Please Help)

    Malwarebytes log:

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6230

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    3/31/2011 6:27:16 PM
    mbam-log-2011-03-31 (18-27-16).txt

    Scan type: Quick scan
    Objects scanned: 145648
    Time elapsed: 3 minute(s), 2 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    gmer.log:

    GMER 1.0.15.15570 - http://www.gmer.net
    Rootkit quick scan 2011-03-31 18:45:51
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdePort0 Hitachi_HTS725050A9A364 rev.PC4OC70E
    Running: qhflcuhb.exe; Driver: C:\Users\ul7o\AppData\Local\Temp\kxldapog.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdePort0 85B461F8
    Device \Driver\atapi \Device\Ide\IdePort1 85B461F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 85B461F8
    Device \Driver\ag1277wm \Device\Scsi\ag1277wm1 86FA01F8
    Device \Driver\ag1277wm \Device\Scsi\ag1277wm1Port2Path0Target0Lun0 86FA01F8
    Device \FileSystem\Ntfs \Ntfs 85B481F8

    AttachedDevice \Driver\tdx \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

    Device \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskHitachi_HTS725050A9A364_________________PC4OC70E#5&a3fa7&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- EOF - GMER 1.0.15 ----

    DDS.txt:

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by ul7o at 19:00:53.86 on Thu 03/31/2011
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3326.2262 [GMT -4:00]
    .
    AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\WLTRYSVC.EXE
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\bcmwltry.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\Windows\system32\CTsvcCDA.exe
    C:\Program Files\DU Meter\DUMeterSvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\DU Meter\DUMeter.exe
    C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
    C:\Program Files\DAEMON Tools Lite\DTLite.exe
    C:\Windows\system32\STacSV.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\RealTemp_340\RealTemp.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\ul7o\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://my.yahoo.com/
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    uRun: [DU Meter] c:\program files\du meter\DUMeter.exe
    uRun: [Creative MediaSource Go] "c:\program files\creative\mediasource5\go\CTCMSGoU.exe" /SCB
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [VolPanel] "c:\program files\creative\sbaudigy\volume panel\VolPanlu.exe" /r
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{7f0c4457-8e64-491b-8d7b-991504365d1e}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\realtemp.lnk - c:\program files\realtemp_340\RealTemp.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://vpn2.safelnk.net/dana-cached/sc/JuniperSetupClient.cab
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\ul7o\appdata\roaming\mozilla\firefox\profiles\18gf7str.default\
    FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/12/18 20:23:42];c:\program files\cyberlink\powerdvd10\navfilter\000.fcl [2010-8-26 87536]
    R2 DUMeterSvc;DU Meter Service;c:\program files\du meter\DUMeterSvc.exe [2010-12-18 504832]
    R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-9-17 2477304]
    R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-12-30 102448]
    R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\realtemp_340\WinRing0.sys [2010-12-18 14416]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
    S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    .
    =============== Created Last 30 ================
    .
    2011-03-30 02:13:45 -------- d-----w- c:\users\ul7o\appdata\roaming\Malwarebytes
    2011-03-30 02:13:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-03-30 02:13:40 -------- d-----w- c:\progra~2\Malwarebytes
    2011-03-30 02:13:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-30 02:13:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-03-30 01:30:33 0 ----a-w- c:\users\ul7o\appdata\local\Xjuwayew.bin
    2011-03-30 01:30:31 -------- d-----w- c:\users\ul7o\appdata\local\{4DBAD5A1-2534-4AEF-8177-DE15CAD61E60}
    2011-03-30 00:58:26 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2011-03-30 00:58:25 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
    2011-03-30 00:58:25 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
    2011-03-30 00:58:25 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
    2011-03-30 00:58:25 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
    2011-03-30 00:58:25 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
    2011-03-30 00:58:25 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
    2011-03-30 00:58:25 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll
    2011-03-17 21:42:43 -------- d-----w- c:\windows\system32\SPReview
    2011-03-10 22:41:18 802304 ----a-w- c:\windows\system32\FntCache.dll
    2011-03-10 22:41:18 739840 ----a-w- c:\windows\system32\d2d1.dll
    2011-03-10 22:41:18 1074176 ----a-w- c:\windows\system32\DWrite.dll
    2011-03-10 22:41:16 642048 ----a-w- c:\windows\system32\CPFilters.dll
    2011-03-10 22:41:16 199680 ----a-w- c:\windows\system32\mpg2splt.ax
    2011-03-07 06:30:53 -------- d-----w- c:\windows\system32\EventProviders
    2011-03-07 05:59:55 -------- d-----w- c:\windows\pss
    2011-03-04 23:24:42 -------- d-----w- c:\progra~2\Maxtor
    2011-03-04 23:23:44 -------- d-----w- c:\program files\Seagate
    2011-03-04 23:21:33 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    .
    ==================== Find3M ====================
    .
    2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.1.7600 Disk: Hitachi_HTS725050A9A364 rev.PC4OC70E -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll HSX_CNXT.sys >>UNKNOWN [0x86A04439]<<
    c:\windows\system32\drivers\HSX_CNXT.sys Conexant Systems, Inc. SoftK56 Modem Driver
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86a0a7d0]; MOV EAX, [0x86a0a84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x82C54458] -> \Device\Harddisk0\DR0[0x869E1408]
    3 CLASSPNP[0x8C2EE59E] -> ntkrnlpa!IofCallDriver[0x82C54458] -> [0x86875918]
    5 ACPI[0x833B63B2] -> ntkrnlpa!IofCallDriver[0x82C54458] -> \IdeDeviceP0T0L0-0[0x85BAC590]
    \Driver\atapi[0x869E5030] -> IRP_MJ_CREATE -> 0x86A04439
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x147; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
    detected disk devices:
    \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskHitachi_HTS725050A9A364_________________PC4OC70E#5&a3fa7&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    user != kernel MBR !!!
    Warning: possible TDL4 rootkit infection !
    TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
    .
    ============= FINISH: 19:01:18.93 ===============

    DDS Attachement.txt:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/18/2010 7:28:29 PM
    System Uptime: 3/31/2011 6:20:29 PM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0FP985
    Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz | Microprocessor | 2000/166mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 100 GiB total, 75.601 GiB free.
    D: is FIXED (NTFS) - 366 GiB total, 336.914 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP62: 3/17/2011 5:42:29 PM - Windows 7 Service Pack 1
    RP63: 3/30/2011 12:39:57 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    ACDSee Pro 3
    Adobe AIR
    Adobe Audition 3.0
    Adobe Community Help
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Media Player
    Adobe Photoshop CS5
    Adobe Reader X (10.0.1)
    Adobe Shockwave Player 11.5
    BlackArmor Discovery
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Conexant HDA D110 MDC V.92 Modem
    Creative MediaSource 5
    CyberLink PowerDVD 10
    Definition update for Microsoft Office 2010 (KB982726)
    Dell Wireless WLAN Card
    DU Meter
    High-Definition Video Playback 10
    Java Auto Updater
    Java(TM) 6 Update 23
    Juniper Networks Host Checker
    Juniper Networks Setup Client
    K-Lite Mega Codec Pack 6.6.6
    LiveUpdate 3.3 (Symantec Corporation)
    Logitech QuickCam
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Primary Interoperability Assemblies 2005
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    mIRC
    Mozilla Firefox 4.0 (x86 en-US)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 10 Menu TemplatePack Basic
    Nero 10 Movie ThemePack Basic
    Nero Burning ROM 10
    Nero Control Center 10
    Nero Core Components 10
    Nero Dolby Files 10
    Nero Express 10
    Nero Multimedia Suite 10
    Nero StartSmart 10
    NVIDIA Drivers
    NVIDIA PhysX
    Octoshape add-in for Adobe Flash Player
    PDF Settings CS5
    QT Lite 4.0.0
    QuickSet
    Security Update for Microsoft Office 2010 (KB2289078)
    Security Update for Microsoft Office 2010 (KB2289161)
    Security Update for Microsoft Publisher 2010 (KB2409055)
    Security Update for Microsoft Word 2010 (KB2345000)
    SigmaTel Audio
    Sound Blaster Audigy ADVANCED MB
    Symantec Endpoint Protection
    Synaptics Pointing Device Driver
    Update for Microsoft Office 2010 (KB2202188)
    Update for Microsoft Office 2010 (KB2413186)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft OneNote 2010 (KB2493983)
    Update for Microsoft Outlook Social Connector (KB2289116)
    Winamp
    WinRAR archiver
    WinZip 15.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/31/2011 6:21:15 PM, Error: Service Control Manager [7000] - The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.
    3/31/2011 6:19:14 PM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    3/30/2011 9:44:41 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ProfSvc service.
    3/30/2011 9:44:41 PM, Error: Service Control Manager [7000] - The User Profile Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/30/2011 9:44:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
    3/30/2011 9:44:11 PM, Error: Service Control Manager [7000] - The System Event Notification Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/30/2011 9:43:41 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    3/30/2011 9:43:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.
    3/30/2011 9:43:11 PM, Error: Service Control Manager [7000] - The IKE and AuthIP IPsec Keying Modules service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/30/2011 9:41:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the gpsvc service.
    3/30/2011 9:41:19 PM, Error: Service Control Manager [7000] - The Group Policy Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/30/2011 9:40:49 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EapHost service.
    3/30/2011 9:40:49 PM, Error: Service Control Manager [7000] - The Extensible Authentication Protocol service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/30/2011 9:38:57 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
    3/30/2011 9:38:57 PM, Error: Service Control Manager [7000] - The Windows Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/30/2011 9:38:27 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
    3/30/2011 9:38:27 PM, Error: Service Control Manager [7000] - The Task Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/30/2011 9:37:57 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    3/30/2011 9:37:27 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Themes service.
    3/30/2011 9:37:27 PM, Error: Service Control Manager [7000] - The Themes service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/30/2011 9:36:57 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
    3/30/2011 9:36:57 PM, Error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/30/2011 9:36:27 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
    3/30/2011 9:36:27 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/30/2011 11:09:06 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    3/30/2011 11:09:06 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running.
    3/30/2011 11:06:06 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
    3/30/2011 11:06:06 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
    3/30/2011 11:04:06 PM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).
    3/30/2011 11:04:06 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    3/30/2011 11:04:06 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    3/30/2011 11:04:06 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    3/30/2011 11:04:06 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    3/30/2011 11:04:06 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    3/30/2011 11:04:06 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    3/30/2011 11:04:06 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    3/30/2011 11:04:06 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    3/30/2011 11:04:06 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    3/30/2011 11:04:06 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    3/30/2011 11:04:06 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    3/30/2011 11:04:06 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    3/30/2011 10:49:58 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
    3/30/2011 10:47:58 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    3/30/2011 10:47:58 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    3/30/2011 10:47:58 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    3/30/2011 10:47:58 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    3/30/2011 10:47:58 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    3/30/2011 10:47:58 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    3/30/2011 10:47:58 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    3/30/2011 10:47:58 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    3/30/2011 10:47:58 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    3/30/2011 10:47:58 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    3/30/2011 10:47:58 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    3/30/2011 10:47:58 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    3/30/2011 10:47:58 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    3/30/2011 10:47:58 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    3/30/2011 10:47:58 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    3/30/2011 10:29:34 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.
    3/30/2011 10:29:33 PM, Error: Service Control Manager [7022] - The Server service hung on starting.
    3/30/2011 10:28:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
    3/30/2011 10:28:11 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/30/2011 10:23:05 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service.
    3/30/2011 10:23:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    3/29/2011 9:39:28 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
    3/29/2011 9:22:47 PM, Error: Service Control Manager [7031] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    3/29/2011 9:22:47 PM, Error: Service Control Manager [7031] - The Symantec Event Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 200 milliseconds: Restart the service.
    3/29/2011 9:17:48 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Symantec Endpoint Protection service, but this action failed with the following error: An instance of the service is already running.
    3/29/2011 9:17:38 PM, Error: Service Control Manager [7031] - The Symantec Endpoint Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    3/29/2011 9:17:37 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    3/29/2011 11:45:04 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The pipe has been ended.
    3/29/2011 10:09:44 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  3. uNo

    uNo TS Rookie Topic Starter

    Done. Here is the TDSSkiller log:

    2011/04/01 17:25:51.0681 6128 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
    2011/04/01 17:25:51.0702 6128 ================================================================================
    2011/04/01 17:25:51.0702 6128 SystemInfo:
    2011/04/01 17:25:51.0702 6128
    2011/04/01 17:25:51.0703 6128 OS Version: 6.1.7600 ServicePack: 0.0
    2011/04/01 17:25:51.0703 6128 Product type: Workstation
    2011/04/01 17:25:51.0703 6128 ComputerName: UL7O-PC
    2011/04/01 17:25:51.0704 6128 UserName: ul7o
    2011/04/01 17:25:51.0704 6128 Windows directory: C:\Windows
    2011/04/01 17:25:51.0704 6128 System windows directory: C:\Windows
    2011/04/01 17:25:51.0704 6128 Processor architecture: Intel x86
    2011/04/01 17:25:51.0704 6128 Number of processors: 2
    2011/04/01 17:25:51.0704 6128 Page size: 0x1000
    2011/04/01 17:25:51.0704 6128 Boot type: Normal boot
    2011/04/01 17:25:51.0704 6128 ================================================================================
    2011/04/01 17:25:52.0116 6128 Initialize success
    2011/04/01 17:26:12.0536 4204 ================================================================================
    2011/04/01 17:26:12.0536 4204 Scan started
    2011/04/01 17:26:12.0536 4204 Mode: Manual;
    2011/04/01 17:26:12.0536 4204 ================================================================================
    2011/04/01 17:26:13.0706 4204 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
    2011/04/01 17:26:13.0734 4204 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
    2011/04/01 17:26:13.0760 4204 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
    2011/04/01 17:26:13.0822 4204 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/04/01 17:26:13.0857 4204 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/04/01 17:26:13.0932 4204 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/04/01 17:26:13.0978 4204 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
    2011/04/01 17:26:14.0006 4204 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
    2011/04/01 17:26:14.0039 4204 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    2011/04/01 17:26:14.0096 4204 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
    2011/04/01 17:26:14.0120 4204 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
    2011/04/01 17:26:14.0184 4204 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
    2011/04/01 17:26:14.0214 4204 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/04/01 17:26:14.0233 4204 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/04/01 17:26:14.0261 4204 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
    2011/04/01 17:26:14.0300 4204 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/04/01 17:26:14.0328 4204 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
    2011/04/01 17:26:14.0359 4204 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
    2011/04/01 17:26:14.0468 4204 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    2011/04/01 17:26:14.0494 4204 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/04/01 17:26:14.0523 4204 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/04/01 17:26:14.0548 4204 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
    2011/04/01 17:26:14.0602 4204 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    2011/04/01 17:26:14.0694 4204 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    2011/04/01 17:26:14.0780 4204 BCM43XX (abd543e555bc0453bf52664936df4dcd) C:\Windows\system32\DRIVERS\bcmwl6.sys
    2011/04/01 17:26:14.0824 4204 bcm4sbxp (82dd21bfa8bbe0a3a3833a1bd8e86158) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
    2011/04/01 17:26:14.0905 4204 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    2011/04/01 17:26:14.0944 4204 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/04/01 17:26:14.0970 4204 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
    2011/04/01 17:26:14.0995 4204 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/04/01 17:26:15.0019 4204 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/04/01 17:26:15.0056 4204 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    2011/04/01 17:26:15.0110 4204 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/04/01 17:26:15.0174 4204 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/04/01 17:26:15.0199 4204 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/04/01 17:26:15.0244 4204 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
    2011/04/01 17:26:15.0262 4204 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/04/01 17:26:15.0280 4204 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
    2011/04/01 17:26:15.0310 4204 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
    2011/04/01 17:26:15.0355 4204 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
    2011/04/01 17:26:15.0444 4204 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
    2011/04/01 17:26:15.0488 4204 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/04/01 17:26:15.0538 4204 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/04/01 17:26:15.0572 4204 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    2011/04/01 17:26:15.0609 4204 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    2011/04/01 17:26:15.0712 4204 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/04/01 17:26:15.0739 4204 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
    2011/04/01 17:26:15.0759 4204 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
    2011/04/01 17:26:15.0800 4204 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/04/01 17:26:15.0821 4204 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2011/04/01 17:26:15.0855 4204 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/04/01 17:26:15.0966 4204 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
    2011/04/01 17:26:16.0026 4204 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
    2011/04/01 17:26:16.0057 4204 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    2011/04/01 17:26:16.0081 4204 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    2011/04/01 17:26:16.0135 4204 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    2011/04/01 17:26:16.0226 4204 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/04/01 17:26:16.0323 4204 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    2011/04/01 17:26:16.0451 4204 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    2011/04/01 17:26:16.0535 4204 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/04/01 17:26:16.0642 4204 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    2011/04/01 17:26:16.0671 4204 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
    2011/04/01 17:26:16.0736 4204 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    2011/04/01 17:26:16.0757 4204 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    2011/04/01 17:26:16.0795 4204 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    2011/04/01 17:26:16.0832 4204 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    2011/04/01 17:26:16.0859 4204 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    2011/04/01 17:26:16.0875 4204 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/04/01 17:26:16.0902 4204 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    2011/04/01 17:26:16.0938 4204 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    2011/04/01 17:26:16.0960 4204 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/04/01 17:26:17.0002 4204 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/04/01 17:26:17.0073 4204 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/04/01 17:26:17.0111 4204 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    2011/04/01 17:26:17.0178 4204 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
    2011/04/01 17:26:17.0229 4204 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/04/01 17:26:17.0253 4204 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/04/01 17:26:17.0304 4204 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/04/01 17:26:17.0338 4204 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    2011/04/01 17:26:17.0369 4204 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/04/01 17:26:17.0434 4204 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
    2011/04/01 17:26:17.0517 4204 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\Windows\system32\DRIVERS\HSX_DPV.sys
    2011/04/01 17:26:17.0592 4204 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
    2011/04/01 17:26:17.0647 4204 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
    2011/04/01 17:26:17.0684 4204 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
    2011/04/01 17:26:17.0726 4204 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/04/01 17:26:17.0809 4204 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
    2011/04/01 17:26:17.0851 4204 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/04/01 17:26:17.0886 4204 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
    2011/04/01 17:26:17.0913 4204 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/04/01 17:26:17.0951 4204 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/04/01 17:26:17.0976 4204 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    2011/04/01 17:26:18.0003 4204 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    2011/04/01 17:26:18.0065 4204 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    2011/04/01 17:26:18.0116 4204 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
    2011/04/01 17:26:18.0147 4204 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/04/01 17:26:18.0194 4204 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/04/01 17:26:18.0216 4204 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/04/01 17:26:18.0244 4204 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
    2011/04/01 17:26:18.0280 4204 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/04/01 17:26:18.0390 4204 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/04/01 17:26:18.0436 4204 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/04/01 17:26:18.0460 4204 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/04/01 17:26:18.0492 4204 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/04/01 17:26:18.0522 4204 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/04/01 17:26:18.0548 4204 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    2011/04/01 17:26:18.0612 4204 LVcKap (dbbfda5f1a763d72654fcae3713308b0) C:\Windows\system32\DRIVERS\LVcKap.sys
    2011/04/01 17:26:18.0718 4204 LVMVDrv (abc526d47203d5d85699c92a90e4676c) C:\Windows\system32\DRIVERS\LVMVDrv.sys
    2011/04/01 17:26:18.0774 4204 LVPr2Mon (50a57d0000ad06feb085c241ce51ae95) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
    2011/04/01 17:26:18.0878 4204 LVUSBSta (dd215df4cfdf535615abb06bd0df4442) C:\Windows\system32\DRIVERS\LVUSBSta.sys
    2011/04/01 17:26:18.0915 4204 LVUVC (917e5030bdeb63e2718a9eeb98407685) C:\Windows\system32\DRIVERS\lvuvc.sys
    2011/04/01 17:26:18.0955 4204 mdmxsdk (e246a32c445056996074a397da56e815) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    2011/04/01 17:26:18.0992 4204 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    2011/04/01 17:26:19.0076 4204 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/04/01 17:26:19.0132 4204 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    2011/04/01 17:26:19.0164 4204 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    2011/04/01 17:26:19.0202 4204 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/04/01 17:26:19.0228 4204 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/04/01 17:26:19.0246 4204 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
    2011/04/01 17:26:19.0276 4204 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
    2011/04/01 17:26:19.0344 4204 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    2011/04/01 17:26:19.0378 4204 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
    2011/04/01 17:26:19.0427 4204 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/04/01 17:26:19.0457 4204 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/04/01 17:26:19.0482 4204 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/04/01 17:26:19.0516 4204 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
    2011/04/01 17:26:19.0587 4204 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
    2011/04/01 17:26:19.0640 4204 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    2011/04/01 17:26:19.0657 4204 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/04/01 17:26:19.0682 4204 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
    2011/04/01 17:26:19.0722 4204 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/04/01 17:26:19.0738 4204 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/04/01 17:26:19.0760 4204 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    2011/04/01 17:26:19.0783 4204 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    2011/04/01 17:26:19.0824 4204 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/04/01 17:26:19.0889 4204 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    2011/04/01 17:26:19.0908 4204 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/04/01 17:26:19.0932 4204 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    2011/04/01 17:26:19.0970 4204 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/04/01 17:26:20.0054 4204 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110330.003\NAVENG.SYS
    2011/04/01 17:26:20.0100 4204 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110330.003\NAVEX15.SYS
    2011/04/01 17:26:20.0193 4204 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
    2011/04/01 17:26:20.0241 4204 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/04/01 17:26:20.0273 4204 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/04/01 17:26:20.0296 4204 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/04/01 17:26:20.0318 4204 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/04/01 17:26:20.0346 4204 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
    2011/04/01 17:26:20.0419 4204 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    2011/04/01 17:26:20.0445 4204 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
    2011/04/01 17:26:20.0501 4204 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/04/01 17:26:20.0531 4204 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    2011/04/01 17:26:20.0564 4204 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    2011/04/01 17:26:20.0614 4204 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
    2011/04/01 17:26:20.0689 4204 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    2011/04/01 17:26:20.0845 4204 nvlddmkm (05200c3a9b1370aa2d8c99f1a464168b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2011/04/01 17:26:21.0025 4204 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
    2011/04/01 17:26:21.0046 4204 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
    2011/04/01 17:26:21.0081 4204 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
    2011/04/01 17:26:21.0101 4204 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/04/01 17:26:21.0162 4204 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    2011/04/01 17:26:21.0195 4204 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
    2011/04/01 17:26:21.0215 4204 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    2011/04/01 17:26:21.0252 4204 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
    2011/04/01 17:26:21.0280 4204 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
    2011/04/01 17:26:21.0315 4204 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/04/01 17:26:21.0393 4204 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    2011/04/01 17:26:21.0420 4204 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    2011/04/01 17:26:21.0591 4204 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/04/01 17:26:21.0620 4204 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    2011/04/01 17:26:21.0662 4204 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    2011/04/01 17:26:21.0717 4204 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/04/01 17:26:21.0763 4204 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/04/01 17:26:21.0848 4204 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    2011/04/01 17:26:21.0873 4204 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/04/01 17:26:21.0914 4204 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/04/01 17:26:21.0944 4204 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/04/01 17:26:21.0974 4204 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/04/01 17:26:21.0995 4204 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/04/01 17:26:22.0018 4204 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/04/01 17:26:22.0044 4204 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/04/01 17:26:22.0063 4204 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/04/01 17:26:22.0102 4204 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
    2011/04/01 17:26:22.0197 4204 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    2011/04/01 17:26:22.0226 4204 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    2011/04/01 17:26:22.0250 4204 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
    2011/04/01 17:26:22.0284 4204 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
    2011/04/01 17:26:22.0343 4204 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
    2011/04/01 17:26:22.0412 4204 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
    2011/04/01 17:26:22.0469 4204 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
    2011/04/01 17:26:22.0516 4204 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
    2011/04/01 17:26:22.0574 4204 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/04/01 17:26:22.0609 4204 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
    2011/04/01 17:26:22.0660 4204 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
    2011/04/01 17:26:22.0713 4204 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/04/01 17:26:22.0774 4204 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\DRIVERS\sdbus.sys
    2011/04/01 17:26:22.0827 4204 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/04/01 17:26:22.0867 4204 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    2011/04/01 17:26:22.0893 4204 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    2011/04/01 17:26:22.0914 4204 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/04/01 17:26:22.0961 4204 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
    2011/04/01 17:26:23.0013 4204 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    2011/04/01 17:26:23.0044 4204 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2011/04/01 17:26:23.0061 4204 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/04/01 17:26:23.0094 4204 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
    2011/04/01 17:26:23.0130 4204 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/04/01 17:26:23.0156 4204 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/04/01 17:26:23.0205 4204 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    2011/04/01 17:26:23.0292 4204 SPBBCDrv (e621bb5839cf45fa477f48092edd2b40) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
    2011/04/01 17:26:23.0344 4204 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    2011/04/01 17:26:23.0419 4204 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
    2011/04/01 17:26:23.0419 4204 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
    2011/04/01 17:26:23.0431 4204 sptd - detected Locked file (1)
    2011/04/01 17:26:23.0475 4204 SRTSP (2abf82c8452ab0b9ffc74a2d5da91989) C:\Windows\system32\Drivers\SRTSP.SYS
    2011/04/01 17:26:23.0500 4204 SRTSPL (e2f9e5887bea5bd8784d337e06eda31b) C:\Windows\system32\Drivers\SRTSPL.SYS
    2011/04/01 17:26:23.0543 4204 SRTSPX (3b974c158fabd910186f98df8d3e23f3) C:\Windows\system32\Drivers\SRTSPX.SYS
    2011/04/01 17:26:23.0612 4204 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
    2011/04/01 17:26:23.0645 4204 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
    2011/04/01 17:26:23.0692 4204 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
    2011/04/01 17:26:23.0739 4204 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
    2011/04/01 17:26:23.0829 4204 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
    2011/04/01 17:26:23.0878 4204 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/04/01 17:26:23.0928 4204 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/04/01 17:26:23.0998 4204 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
    2011/04/01 17:26:24.0036 4204 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
    2011/04/01 17:26:24.0071 4204 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
    2011/04/01 17:26:24.0106 4204 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
    2011/04/01 17:26:24.0185 4204 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\Windows\system32\Drivers\SYMEVENT.SYS
    2011/04/01 17:26:24.0265 4204 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS
    2011/04/01 17:26:24.0299 4204 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS
    2011/04/01 17:26:24.0344 4204 SynTP (1f5192248a364d4ab68db063d18a2139) C:\Windows\system32\DRIVERS\SynTP.sys
    2011/04/01 17:26:24.0384 4204 SysPlant (1295b1da3e2a2c24c7d176f6e97afbd1) C:\Windows\SYSTEM32\Drivers\SysPlant.sys
    2011/04/01 17:26:24.0454 4204 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
    2011/04/01 17:26:24.0559 4204 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/04/01 17:26:24.0600 4204 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
    2011/04/01 17:26:24.0630 4204 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
    2011/04/01 17:26:24.0648 4204 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
    2011/04/01 17:26:24.0680 4204 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
    2011/04/01 17:26:24.0723 4204 Teefer2 (1de2e1357552a79f39bff003a11c533e) C:\Windows\system32\DRIVERS\teefer2.sys
    2011/04/01 17:26:24.0747 4204 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
    2011/04/01 17:26:24.0802 4204 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/04/01 17:26:24.0890 4204 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/04/01 17:26:24.0920 4204 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/04/01 17:26:24.0948 4204 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
    2011/04/01 17:26:24.0992 4204 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
    2011/04/01 17:26:25.0026 4204 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
    2011/04/01 17:26:25.0056 4204 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    2011/04/01 17:26:25.0109 4204 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
    2011/04/01 17:26:25.0165 4204 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/04/01 17:26:25.0196 4204 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
    2011/04/01 17:26:25.0219 4204 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/04/01 17:26:25.0240 4204 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/04/01 17:26:25.0269 4204 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/04/01 17:26:25.0299 4204 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/04/01 17:26:25.0324 4204 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/04/01 17:26:25.0347 4204 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/04/01 17:26:25.0407 4204 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
    2011/04/01 17:26:25.0482 4204 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/04/01 17:26:25.0509 4204 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    2011/04/01 17:26:25.0540 4204 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
    2011/04/01 17:26:25.0568 4204 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
    2011/04/01 17:26:25.0594 4204 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    2011/04/01 17:26:25.0623 4204 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
    2011/04/01 17:26:25.0655 4204 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
    2011/04/01 17:26:25.0719 4204 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
    2011/04/01 17:26:25.0772 4204 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
    2011/04/01 17:26:25.0804 4204 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    2011/04/01 17:26:25.0827 4204 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
    2011/04/01 17:26:25.0865 4204 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/04/01 17:26:25.0904 4204 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
    2011/04/01 17:26:25.0935 4204 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
    2011/04/01 17:26:25.0972 4204 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/04/01 17:26:26.0051 4204 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/04/01 17:26:26.0064 4204 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/04/01 17:26:26.0114 4204 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    2011/04/01 17:26:26.0148 4204 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    2011/04/01 17:26:26.0216 4204 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/04/01 17:26:26.0234 4204 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    2011/04/01 17:26:26.0282 4204 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    2011/04/01 17:26:26.0416 4204 WinRing0_1_2_0 (845af1ba23c8d5e64def61bcc441604c) C:\Program Files\RealTemp_340\WinRing0.sys
    2011/04/01 17:26:26.0528 4204 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/04/01 17:26:26.0594 4204 WPS (c1620ebb375d3b02e31fd311c44fedeb) C:\Windows\system32\drivers\wpsdrvnt.sys
    2011/04/01 17:26:26.0634 4204 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\Windows\system32\drivers\WpsHelper.sys
    2011/04/01 17:26:26.0660 4204 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/04/01 17:26:26.0708 4204 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
    2011/04/01 17:26:26.0737 4204 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/04/01 17:26:26.0845 4204 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} (74ec37b9eaf9fca015b933a526825c7a) C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl
    2011/04/01 17:26:26.0881 4204 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/04/01 17:26:26.0886 4204 ================================================================================
    2011/04/01 17:26:26.0886 4204 Scan finished
    2011/04/01 17:26:26.0886 4204 ================================================================================
    2011/04/01 17:26:26.0896 4112 Detected object count: 2
    2011/04/01 17:26:53.0729 4112 Locked file(sptd) - User select action: Skip
    2011/04/01 17:26:53.0779 4112 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
    2011/04/01 17:26:53.0779 4112 \HardDisk0 - ok
    2011/04/01 17:26:53.0780 4112 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2011/04/01 17:27:04.0895 6104 Deinitialize success
     
  4. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Good :)

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ====================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. uNo

    uNo TS Rookie Topic Starter

    Done. Here are the logs:

    MBRCheck log:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Ultimate Edition
    Windows Information: (build 7600), 32-bit
    Base Board Manufacturer: Dell Inc.
    BIOS Manufacturer: Dell Inc.
    System Manufacturer: Dell Inc.
    System Product Name: MXC062
    Logical Drives Mask: 0x0000003c

    Kernel Drivers (total 226):
    0x82C1B000 \SystemRoot\system32\ntkrnlpa.exe
    0x8302B000 \SystemRoot\system32\halmacpi.dll
    0x80BCC000 \SystemRoot\system32\kdcom.dll
    0x8322F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x832A7000 \SystemRoot\system32\PSHED.dll
    0x832B8000 \SystemRoot\system32\BOOTVID.dll
    0x832C0000 \SystemRoot\system32\CLFS.SYS
    0x83302000 \SystemRoot\system32\CI.dll
    0x8BA0F000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x8BA80000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x8BA8E000 \SystemRoot\System32\Drivers\spfu.sys
    0x8BB81000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x8BB8A000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x8BBB0000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x8BBF8000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x8BA00000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x833AD000 \SystemRoot\system32\DRIVERS\pci.sys
    0x833D7000 \SystemRoot\System32\drivers\partmgr.sys
    0x833E8000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x833F0000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x83200000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x8BC14000 \SystemRoot\System32\drivers\volmgrx.sys
    0x8BC5F000 \SystemRoot\system32\DRIVERS\intelide.sys
    0x8BC66000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x8BC74000 \SystemRoot\System32\drivers\mountmgr.sys
    0x8BC8A000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x8BC93000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x8BCB6000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x8BCBF000 \SystemRoot\system32\drivers\fltmgr.sys
    0x8BCF3000 \SystemRoot\system32\drivers\fileinfo.sys
    0x8BE2E000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x8BF5D000 \SystemRoot\System32\Drivers\msrpc.sys
    0x8BF88000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x8BF9B000 \SystemRoot\System32\Drivers\cng.sys
    0x8BE00000 \SystemRoot\System32\drivers\pcw.sys
    0x8BE0E000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x8BD04000 \SystemRoot\system32\drivers\ndis.sys
    0x8BDBB000 \SystemRoot\system32\drivers\NETIO.SYS
    0x8C01F000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x8C044000 \SystemRoot\System32\drivers\tcpip.sys
    0x8C18D000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8C1BE000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
    0x8C233000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x8C272000 \SystemRoot\System32\Drivers\spldr.sys
    0x8C27A000 \SystemRoot\System32\drivers\rdyboost.sys
    0x8C2A7000 \SystemRoot\System32\Drivers\mup.sys
    0x8C2B7000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x8C2BF000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x8C2F1000 \SystemRoot\system32\DRIVERS\disk.sys
    0x8C302000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x8C359000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8C378000 \SystemRoot\System32\Drivers\SRTSP.SYS
    0x9060B000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110330.003\NAVEX15.SYS
    0x90756000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
    0x9077B000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110330.003\NAVENG.SYS
    0x9078F000 \SystemRoot\System32\Drivers\SRTSPX.SYS
    0x90799000 \SystemRoot\System32\Drivers\Null.SYS
    0x907A0000 \SystemRoot\System32\Drivers\Beep.SYS
    0x907A7000 \SystemRoot\System32\drivers\vga.sys
    0x907B3000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x907D4000 \SystemRoot\System32\drivers\watchdog.sys
    0x907E1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x907E9000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x907F1000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x90600000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x8C3C2000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x8C3D0000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x8C3E7000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8C200000 \SystemRoot\System32\Drivers\SYMTDI.SYS
    0x8C3F2000 \??\C:\Windows\system32\drivers\wpsdrvnt.sys
    0x98826000 \SystemRoot\system32\drivers\afd.sys
    0x98880000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x988B2000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x988B9000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x988D8000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x988E9000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x988F7000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x9890A000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x9891A000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
    0x98984000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x989C5000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x989CF000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x98C1B000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    0x98C79000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    0x98C96000 \SystemRoot\System32\drivers\discache.sys
    0x98CA2000 \SystemRoot\system32\drivers\csc.sys
    0x98D06000 \SystemRoot\System32\Drivers\dfsc.sys
    0x98D1E000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x98D2C000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x98D4D000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x98D5F000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x98D68000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x99620000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x99426000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x994DD000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x99516000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x9F422000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
    0x9F524000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x9F52F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x9F57A000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x9F589000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
    0x9F59A000 \SystemRoot\system32\DRIVERS\1394ohci.sys
    0x9F5C6000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0x9F5DF000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
    0x9F400000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
    0x99535000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
    0x99586000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x9959E000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x9F414000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x9F5ED000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x995C9000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x99D52000 \SystemRoot\System32\Drivers\atzh89an.SYS
    0x995D6000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x995E3000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x99400000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x9F416000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x99D8B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x99DAD000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x99DC5000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x99DDC000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x99418000 \SystemRoot\system32\DRIVERS\rdpbus.sys
    0x99600000 \SystemRoot\system32\DRIVERS\teefer2.sys
    0x9F5FA000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x98D6C000 \SystemRoot\system32\DRIVERS\ks.sys
    0x98DA0000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x98DAE000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x98C00000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x81E31000 \SystemRoot\system32\drivers\stwrt.sys
    0x81E86000 \SystemRoot\system32\drivers\portcls.sys
    0x81EB5000 \SystemRoot\system32\drivers\drmk.sys
    0x81ECE000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
    0x81F08000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
    0x8220D000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
    0x822C3000 \SystemRoot\system32\drivers\modem.sys
    0x822D0000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x822DD000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x82660000 \SystemRoot\System32\win32k.sys
    0x822E8000 \SystemRoot\System32\drivers\Dxapi.sys
    0x822F2000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x822FB000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x8230C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x82323000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x8232E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x82341000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x8D01B000 \SystemRoot\system32\DRIVERS\LVMVDrv.sys
    0x8D000000 \SystemRoot\system32\DRIVERS\LVUSBSta.sys
    0x8D220000 \SystemRoot\system32\DRIVERS\lvuvc.sys
    0x8D328000 \SystemRoot\system32\drivers\usbaudio.sys
    0x8D416000 \SystemRoot\system32\DRIVERS\LVcKap.sys
    0x8D5B2000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x8D5BE000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x8D5C9000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x8D5D4000 \SystemRoot\system32\drivers\btusbflt.sys
    0x8D5DE000 \SystemRoot\System32\Drivers\BTHUSB.sys
    0x8D33C000 \SystemRoot\System32\Drivers\bthport.sys
    0x828C0000 \SystemRoot\System32\TSDDD.dll
    0x8D3A0000 \SystemRoot\system32\DRIVERS\rfcomm.sys
    0x8D5F0000 \SystemRoot\system32\DRIVERS\BthEnum.sys
    0x8D3C4000 \SystemRoot\system32\DRIVERS\bthpan.sys
    0x828F0000 \SystemRoot\System32\cdd.dll
    0x82910000 \SystemRoot\System32\ATMFD.DLL
    0x8D3DF000 \SystemRoot\system32\drivers\luafv.sys
    0x8D200000 \SystemRoot\system32\drivers\WudfPf.sys
    0x8D400000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x82348000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x8D009000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x8238E000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0xA5019000 \SystemRoot\system32\drivers\HTTP.sys
    0xA509E000 \SystemRoot\system32\DRIVERS\bowser.sys
    0xA50B7000 \SystemRoot\System32\drivers\mpsdrv.sys
    0xA50C9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xA50EC000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0xA5127000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0xA515A000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xA515E000 \SystemRoot\system32\drivers\peauth.sys
    0xA51F5000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x823A1000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0xA5000000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
    0x823C2000 \??\C:\Windows\system32\drivers\WpsHelper.sys
    0xA5005000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x81E00000 \??\C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl
    0xA9234000 \SystemRoot\System32\DRIVERS\srv2.sys
    0xA9283000 \SystemRoot\System32\DRIVERS\srv.sys
    0xA92D4000 \??\C:\Program Files\RealTemp_340\WinRing0.sys
    0xA92D6000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
    0xA92DB000 \SystemRoot\system32\drivers\spsys.sys
    0x775E0000 \Windows\System32\ntdll.dll
    0x47FF0000 \Windows\System32\smss.exe
    0x77820000 \Windows\System32\apisetschema.dll
    0x00610000 \Windows\System32\autochk.exe
    0x773E0000 \Windows\System32\iertutil.dll
    0x77770000 \Windows\System32\advapi32.dll
    0x77760000 \Windows\System32\normaliz.dll
    0x77380000 \Windows\System32\difxapi.dll
    0x771E0000 \Windows\System32\setupapi.dll
    0x77720000 \Windows\System32\ws2_32.dll
    0x770A0000 \Windows\System32\urlmon.dll
    0x76450000 \Windows\System32\shell32.dll
    0x76440000 \Windows\System32\psapi.dll
    0x76360000 \Windows\System32\kernel32.dll
    0x76260000 \Windows\System32\wininet.dll
    0x761D0000 \Windows\System32\clbcatq.dll
    0x76070000 \Windows\System32\ole32.dll
    0x76020000 \Windows\System32\gdi32.dll
    0x75F50000 \Windows\System32\msctf.dll
    0x75E80000 \Windows\System32\user32.dll
    0x75E20000 \Windows\System32\shlwapi.dll
    0x75DA0000 \Windows\System32\comdlg32.dll
    0x75D70000 \Windows\System32\imagehlp.dll
    0x75CE0000 \Windows\System32\oleaut32.dll
    0x75C90000 \Windows\System32\Wldap32.dll
    0x75BF0000 \Windows\System32\usp10.dll
    0x75BE0000 \Windows\System32\lpk.dll
    0x75B30000 \Windows\System32\rpcrt4.dll
    0x75B10000 \Windows\System32\imm32.dll
    0x75AF0000 \Windows\System32\sechost.dll
    0x75AE0000 \Windows\System32\nsi.dll
    0x75A30000 \Windows\System32\msvcrt.dll
    0x75A10000 \Windows\System32\devobj.dll
    0x75980000 \Windows\System32\comctl32.dll
    0x75950000 \Windows\System32\cfgmgr32.dll
    0x75920000 \Windows\System32\wintrust.dll
    0x758D0000 \Windows\System32\KernelBase.dll
    0x757B0000 \Windows\System32\crypt32.dll
    0x757A0000 \Windows\System32\msasn1.dll
    0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll

    Processes (total 61):
    0 System Idle Process
    4 System
    284 C:\Windows\System32\smss.exe
    416 csrss.exe
    500 csrss.exe
    508 C:\Windows\System32\wininit.exe
    556 C:\Windows\System32\winlogon.exe
    604 C:\Windows\System32\services.exe
    612 C:\Windows\System32\lsass.exe
    624 C:\Windows\System32\lsm.exe
    716 C:\Windows\System32\svchost.exe
    780 C:\Windows\System32\nvvsvc.exe
    816 C:\Windows\System32\svchost.exe
    912 C:\Windows\System32\svchost.exe
    964 C:\Windows\System32\svchost.exe
    992 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    1060 C:\Windows\System32\svchost.exe
    1116 C:\Windows\System32\audiodg.exe
    1204 C:\Windows\System32\svchost.exe
    1288 C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    1304 C:\Windows\System32\rundll32.exe
    1404 C:\Windows\System32\svchost.exe
    1488 C:\Windows\System32\WLTRYSVC.EXE
    1512 C:\Windows\System32\wlanext.exe
    1520 C:\Windows\System32\conhost.exe
    1528 C:\Windows\System32\BCMWLTRY.EXE
    1552 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    1836 C:\Windows\System32\spoolsv.exe
    1880 C:\Windows\System32\svchost.exe
    1968 C:\Windows\System32\taskhost.exe
    324 C:\Windows\System32\dwm.exe
    732 C:\Windows\explorer.exe
    2024 C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    1036 C:\Windows\System32\CTSVCCDA.EXE
    2244 C:\Program Files\DU Meter\DUMeterSvc.exe
    2312 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    2380 C:\Windows\System32\rundll32.exe
    2404 C:\Windows\System32\stacsv.exe
    2424 C:\Windows\System32\rundll32.exe
    2588 C:\Windows\System32\WLTRAY.EXE
    2636 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    2748 C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    2828 C:\Program Files\DU Meter\DUMeter.exe
    2840 C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
    2884 C:\Program Files\DAEMON Tools Lite\DTLite.exe
    2908 C:\Program Files\Dell\QuickSet\quickset.exe
    2928 C:\Program Files\RealTemp_340\RealTemp.exe
    3052 C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    3356 WmiPrvSE.exe
    3548 C:\Windows\System32\SearchIndexer.exe
    3648 C:\Windows\System32\svchost.exe
    3712 C:\Windows\System32\svchost.exe
    2196 C:\Windows\System32\svchost.exe
    2580 C:\Program Files\Windows Media Player\wmpnetwk.exe
    1440 C:\Program Files\Internet Explorer\iexplore.exe
    312 C:\Program Files\Internet Explorer\iexplore.exe
    4688 C:\Program Files\Internet Explorer\iexplore.exe
    5304 C:\Windows\System32\sppsvc.exe
    5460 C:\Users\ul7o\Desktop\MBRCheck.exe
    5476 C:\Windows\System32\conhost.exe
    5532 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000019`00000000 (NTFS)

    PhysicalDrive0 Model Number: HitachiHTS725050A9A364, Rev: PC4OC70E

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


    Done!

    ComboFix.txt:

    ComboFix 11-04-01.01 - ul7o 04/01/2011 22:51:30.1.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3326.2459 [GMT -4:00]
    Running from: c:\users\ul7o\Desktop\ComboFix.exe
    AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\ul7o\AppData\Local\{4DBAD5A1-2534-4AEF-8177-DE15CAD61E60}
    c:\users\ul7o\AppData\Local\{4DBAD5A1-2534-4AEF-8177-DE15CAD61E60}\chrome.manifest
    c:\users\ul7o\AppData\Local\{4DBAD5A1-2534-4AEF-8177-DE15CAD61E60}\chrome\content\_cfg.js
    c:\users\ul7o\AppData\Local\{4DBAD5A1-2534-4AEF-8177-DE15CAD61E60}\chrome\content\overlay.xul
    c:\users\ul7o\AppData\Local\{4DBAD5A1-2534-4AEF-8177-DE15CAD61E60}\install.rdf
    c:\users\ul7o\AppData\Roaming\Adobe\plugs
    c:\users\ul7o\AppData\Roaming\Adobe\shed
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-03-02 to 2011-04-02 )))))))))))))))))))))))))))))))
    .
    .
    2011-04-02 02:55 . 2011-04-02 02:56 -------- d-----w- c:\users\ul7o\AppData\Local\temp
    2011-04-02 02:55 . 2011-04-02 02:55 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-03-30 02:13 . 2011-03-30 02:13 -------- d-----w- c:\users\ul7o\AppData\Roaming\Malwarebytes
    2011-03-30 02:13 . 2011-03-30 02:13 -------- d-----w- c:\programdata\Malwarebytes
    2011-03-30 02:13 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-03-30 02:13 . 2011-03-30 02:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-03-30 02:13 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-30 01:30 . 2011-03-30 01:30 0 ----a-w- c:\users\ul7o\AppData\Local\Xjuwayew.bin
    2011-03-30 01:17 . 2011-03-30 01:17 -------- d-----w- c:\windows\Sun
    2011-03-30 00:58 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
    2011-03-30 00:58 . 2011-03-18 17:53 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
    2011-03-30 00:58 . 2011-03-18 17:53 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
    2011-03-30 00:58 . 2011-03-18 17:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
    2011-03-30 00:58 . 2011-03-18 17:53 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
    2011-03-30 00:58 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
    2011-03-30 00:58 . 2011-03-18 17:53 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
    2011-03-30 00:58 . 2011-03-18 17:53 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
    2011-03-17 21:42 . 2011-03-17 21:42 -------- d-----w- c:\windows\system32\SPReview
    2011-03-10 22:41 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll
    2011-03-10 22:41 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll
    2011-03-10 22:41 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll
    2011-03-10 22:41 . 2010-12-23 05:28 642048 ----a-w- c:\windows\system32\CPFilters.dll
    2011-03-10 22:41 . 2010-12-23 05:24 199680 ----a-w- c:\windows\system32\mpg2splt.ax
    2011-03-07 06:30 . 2011-03-07 06:30 -------- d-----w- c:\windows\system32\EventProviders
    2011-03-04 23:24 . 2011-03-04 23:24 -------- d-----w- c:\programdata\Maxtor
    2011-03-04 23:23 . 2011-03-04 23:23 -------- d-----w- c:\program files\Seagate
    2011-03-04 23:21 . 2011-01-07 07:31 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-07 07:27 . 2011-02-11 04:05 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-07 05:33 . 2011-02-11 04:05 294400 ----a-w- c:\windows\system32\atmfd.dll
    2011-01-02 20:07 . 2011-01-02 20:07 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
    2011-03-18 17:53 . 2011-03-30 00:58 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2009-03-13 1058816]
    "Creative MediaSource Go"="c:\program files\Creative\MediaSource5\Go\CTCMSGoU.exe" [2006-11-09 204800]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13605408]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 92704]
    "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-01-30 96800]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-16 815104]
    "VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2010-12-19 45056]
    RealTemp.lnk - c:\program files\RealTemp_340\RealTemp.exe [2010-12-18 184176]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Users^ul7o^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
    path=c:\users\ul7o\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-11-10 17:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
    2010-03-06 08:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
    2010-02-22 09:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
    2010-03-13 19:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
    2010-08-26 10:18 75048 ------w- c:\program files\CyberLink\Shared files\brs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
    2007-02-13 15:37 488984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    2007-02-13 15:38 774680 ----a-w- c:\program files\Logitech\QuickCam10\QuickCam10.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
    2010-02-03 05:08 87336 ------w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
    2010-02-19 18:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
    2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-01-02 691696]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/12/18 20:23];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-08-26 17:18 87536]
    S2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [2009-03-13 504832]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-12-17 102448]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WINRING0_1_2_0
    *Deregistered* - WinRing0_1_2_0
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://my.yahoo.com/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
    FF - ProfilePath - c:\users\ul7o\AppData\Roaming\Mozilla\Firefox\Profiles\18gf7str.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-Symantec Antvirus
    MSConfigStartUp-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\ul7o\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DUMeterSvc]
    "ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
    "ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.032"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.abr"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.ani"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.apd"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.arw"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.bay"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.bmp"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.bw"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.cr2"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.crw"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.cs1"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.cur"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.dcr"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.dcx"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.dib"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.djv"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.djvu"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.dng"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.emf"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.eps"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.erf"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.fff"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.fpx"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.gif"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.hdr"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.icl"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.icn"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
    @Denied: (2) (S-1-5-21-4603232-3277971173-2246861519-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="Winamp.File.iff"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.ilbm"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.int"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.inta"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.iw4"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.j2c"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.j2k"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.jbr"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.jfif"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.jif"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.jp2"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.jpc"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.jpe"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.jpeg"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.jpg"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.jpk"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.jpx"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.kdc"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.lbm"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.mef"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.mos"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.mrw"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.nef"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.nrw"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.orf"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.pbm"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.pbr"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.pcd"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.pct"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.pcx"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.pef"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.pgm"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.pic"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.pict"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.pix"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.png"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.ppm"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.psd"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.psp"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.pspbrush"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.pspimage"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.raf"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.ras"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
    @Denied: (2) (S-1-5-21-4603232-3277971173-2246861519-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="Winamp.File.raw"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.rgb"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.rgba"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.rle"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.rsb"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.rw2"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.rwl"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.sgi"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.sr2"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.srf"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.tga"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.thm"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.tif"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.tiff"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.ttc"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.ttf"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.v30po"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.v30pp"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.v30ppf"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.wbm"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.wbmp"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.wmf"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.xbm"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.xif"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.xmp"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.xpm"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-04-01 22:57:41
    ComboFix-quarantined-files.txt 2011-04-02 02:57
    .
    Pre-Run: 80,655,441,920 bytes free
    Post-Run: 80,314,445,824 bytes free
    .
    - - End Of File - - 4C7B4556BCEC273B0751D5F100E5E149
     
  6. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\users\ul7o\AppData\Local\Xjuwayew.bin
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=-
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  7. uNo

    uNo TS Rookie Topic Starter

    Done. ComboFIX took 5 times as long as it did the 1st time around. Here is the log:

    ComboFix 11-04-01.01 - ul7o 04/01/2011 23:27:19.2.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3326.2449 [GMT -4:00]
    Running from: c:\users\ul7o\Desktop\ComboFix.exe
    Command switches used :: c:\users\ul7o\Desktop\CFScript.txt
    AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\users\ul7o\AppData\Local\Xjuwayew.bin"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\ul7o\AppData\Local\Xjuwayew.bin
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-03-02 to 2011-04-02 )))))))))))))))))))))))))))))))
    .
    .
    2011-04-02 03:36 . 2011-04-02 03:37 -------- d-----w- c:\users\ul7o\AppData\Local\temp
    2011-04-02 03:36 . 2011-04-02 03:36 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-03-30 02:13 . 2011-03-30 02:13 -------- d-----w- c:\users\ul7o\AppData\Roaming\Malwarebytes
    2011-03-30 02:13 . 2011-03-30 02:13 -------- d-----w- c:\programdata\Malwarebytes
    2011-03-30 02:13 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-03-30 02:13 . 2011-03-30 02:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-03-30 02:13 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-30 01:17 . 2011-03-30 01:17 -------- d-----w- c:\windows\Sun
    2011-03-30 00:58 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
    2011-03-30 00:58 . 2011-03-18 17:53 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
    2011-03-30 00:58 . 2011-03-18 17:53 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
    2011-03-30 00:58 . 2011-03-18 17:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
    2011-03-30 00:58 . 2011-03-18 17:53 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
    2011-03-30 00:58 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
    2011-03-30 00:58 . 2011-03-18 17:53 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
    2011-03-30 00:58 . 2011-03-18 17:53 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
    2011-03-17 21:42 . 2011-03-17 21:42 -------- d-----w- c:\windows\system32\SPReview
    2011-03-10 22:41 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll
    2011-03-10 22:41 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll
    2011-03-10 22:41 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll
    2011-03-10 22:41 . 2010-12-23 05:28 642048 ----a-w- c:\windows\system32\CPFilters.dll
    2011-03-10 22:41 . 2010-12-23 05:24 199680 ----a-w- c:\windows\system32\mpg2splt.ax
    2011-03-07 06:30 . 2011-03-07 06:30 -------- d-----w- c:\windows\system32\EventProviders
    2011-03-04 23:24 . 2011-03-04 23:24 -------- d-----w- c:\programdata\Maxtor
    2011-03-04 23:23 . 2011-03-04 23:23 -------- d-----w- c:\program files\Seagate
    2011-03-04 23:21 . 2011-01-07 07:31 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-07 07:27 . 2011-02-11 04:05 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-07 05:33 . 2011-02-11 04:05 294400 ----a-w- c:\windows\system32\atmfd.dll
    2011-01-02 20:07 . 2011-01-02 20:07 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
    2011-03-18 17:53 . 2011-03-30 00:58 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2009-03-13 1058816]
    "Creative MediaSource Go"="c:\program files\Creative\MediaSource5\Go\CTCMSGoU.exe" [2006-11-09 204800]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13605408]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 92704]
    "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-01-30 96800]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-16 815104]
    "VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2010-12-19 45056]
    RealTemp.lnk - c:\program files\RealTemp_340\RealTemp.exe [2010-12-18 184176]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Users^ul7o^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
    path=c:\users\ul7o\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-11-10 17:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
    2010-03-06 08:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
    2010-02-22 09:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
    2010-03-13 19:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
    2010-08-26 10:18 75048 ------w- c:\program files\CyberLink\Shared files\brs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
    2007-02-13 15:37 488984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    2007-02-13 15:38 774680 ----a-w- c:\program files\Logitech\QuickCam10\QuickCam10.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
    2010-02-03 05:08 87336 ------w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
    2010-02-19 18:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
    2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-01-02 691696]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/12/18 20:23];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-08-26 17:18 87536]
    S2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [2009-03-13 504832]
    S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-12-17 102448]
    .
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://my.yahoo.com/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
    FF - ProfilePath - c:\users\ul7o\AppData\Roaming\Mozilla\Firefox\Profiles\18gf7str.default\
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DUMeterSvc]
    "ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
    "ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.032"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.abr"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.ani"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.apd"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.arw"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.bay"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.bmp"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.bw"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.cr2"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.crw"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.cs1"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.cur"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.dcr"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.dcx"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.dib"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.djv"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.djvu"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.dng"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.emf"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.eps"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.erf"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.fff"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.fpx"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.gif"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.hdr"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.icl"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.icn"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
    @Denied: (2) (S-1-5-21-4603232-3277971173-2246861519-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="Winamp.File.iff"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.ilbm"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.int"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.inta"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.iw4"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.j2c"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.j2k"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.jbr"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.jfif"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.jif"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.jp2"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.jpc"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.jpe"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.jpeg"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.jpg"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.jpk"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.jpx"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.kdc"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.lbm"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.mef"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.mos"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.mrw"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.nef"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.nrw"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.orf"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.pbm"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.pbr"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.pcd"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.pct"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.pcx"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.pef"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.pgm"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.pic"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.pict"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.pix"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.png"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.ppm"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.psd"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.psp"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.pspbrush"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.pspimage"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.raf"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.ras"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
    @Denied: (2) (S-1-5-21-4603232-3277971173-2246861519-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="Winamp.File.raw"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.rgb"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.rgba"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.rle"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.rsb"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.rw2"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.rwl"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.sgi"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.sr2"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.srf"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.tga"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.thm"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.tif"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.tiff"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.ttc"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.ttf"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.v30po"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.v30pp"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.v30ppf"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.wbm"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.wbmp"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.wmf"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.xbm"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.xif"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.xmp"
    .
    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.xpm"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-04-01 23:47:09
    ComboFix-quarantined-files.txt 2011-04-02 03:47
    ComboFix2.txt 2011-04-02 02:57
    .
    Pre-Run: 80,476,246,016 bytes free
    Post-Run: 80,437,633,024 bytes free
    .
    - - End Of File - - C9CF1E7314AB59AC36AD8E32B24559A3
     
  8. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Looks good :)

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  9. uNo

    uNo TS Rookie Topic Starter

    Done.

    OTL.txt:

    OTL logfile created on: 4/2/2011 12:00:12 AM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\ul7o\Desktop
    Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
    6.00 Gb Paging File | 6.00 Gb Available in Paging File | 86.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 99.90 Gb Total Space | 74.97 Gb Free Space | 75.05% Space Free | Partition Type: NTFS
    Drive D: | 365.76 Gb Total Space | 336.91 Gb Free Space | 92.11% Space Free | Partition Type: NTFS

    Computer Name: UL7O-PC | User Name: ul7o | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/04/01 23:58:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\ul7o\Desktop\OTL.exe
    PRC - [2010/12/19 16:28:16 | 000,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    PRC - [2010/04/01 05:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
    PRC - [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/09/17 19:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    PRC - [2009/09/17 19:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    PRC - [2009/09/17 19:27:26 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009/07/13 21:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2009/07/08 21:14:40 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    PRC - [2009/07/08 21:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    PRC - [2009/03/13 14:13:12 | 001,058,816 | ---- | M] (Hagel Technologies Ltd.) -- C:\Program Files\DU Meter\DUMeter.exe
    PRC - [2009/03/13 14:13:12 | 000,504,832 | ---- | M] (Hagel Technologies Ltd.) -- C:\Program Files\DU Meter\DUMeterSvc.exe
    PRC - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
    PRC - [2007/04/27 09:34:18 | 001,123,872 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
    PRC - [2006/11/09 11:19:14 | 000,204,800 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/04/01 23:58:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\ul7o\Desktop\OTL.exe
    MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
    MOD - [2007/04/27 09:34:24 | 000,103,968 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/12/19 16:28:16 | 000,069,632 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
    SRV - [2010/03/25 11:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/09/17 19:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
    SRV - [2009/09/17 19:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
    SRV - [2009/09/17 18:21:10 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
    SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/07/13 13:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
    SRV - [2009/07/08 21:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
    SRV - [2009/07/08 21:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
    SRV - [2009/03/13 14:13:12 | 000,504,832 | ---- | M] (Hagel Technologies Ltd.) [Auto | Running] -- C:\Program Files\DU Meter\DUMeterSvc.exe -- (DUMeterSvc)
    SRV - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
    SRV - [2007/02/13 11:44:34 | 000,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
    SRV - [2007/02/13 11:42:50 | 000,109,344 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - [2011/02/15 11:33:34 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110330.003\NAVEX15.SYS -- (NAVEX15)
    DRV - [2011/02/15 11:33:34 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2011/02/15 11:33:34 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110330.003\NAVENG.SYS -- (NAVENG)
    DRV - [2011/01/02 16:07:59 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2010/12/18 20:44:02 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2010/12/17 11:06:54 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2010/09/10 22:32:20 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wpshelper.sys -- (WpsHelper)
    DRV - [2010/08/26 13:18:24 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/12/18 20:23:42] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
    DRV - [2010/04/14 02:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
    DRV - [2009/09/17 19:38:10 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
    DRV - [2009/09/17 19:31:50 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
    DRV - [2009/09/03 17:03:48 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
    DRV - [2009/09/03 17:03:48 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
    DRV - [2009/08/26 12:54:38 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
    DRV - [2009/08/25 21:05:44 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
    DRV - [2009/08/25 21:05:42 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
    DRV - [2009/08/25 21:05:42 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
    DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
    DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
    DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
    DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
    DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
    DRV - [2009/07/13 18:02:49 | 000,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2009/05/27 15:31:18 | 000,050,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
    DRV - [2009/01/30 10:12:00 | 007,544,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2007/09/13 15:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2007/02/13 11:42:28 | 000,025,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
    DRV - [2007/02/13 11:42:04 | 001,964,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)
    DRV - [2007/02/13 11:39:54 | 001,691,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
    DRV - [2006/11/20 19:07:00 | 001,085,216 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) QuickCam for Dell Notebooks(UVC)
    DRV - [2006/11/20 19:07:00 | 000,040,352 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
    DRV - [2006/11/15 01:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2006/11/14 20:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2006/11/14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-4603232-3277971173-2246861519-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
    IE - HKU\S-1-5-21-4603232-3277971173-2246861519-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-4603232-3277971173-2246861519-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0F 96 17 4A B7 9F CB 01 [binary data]
    IE - HKU\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

    FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/29 20:58:26 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/29 21:40:50 | 000,000,000 | ---D | M]

    [2010/12/19 18:40:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ul7o\AppData\Roaming\Mozilla\Extensions
    [2010/12/19 18:40:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ul7o\AppData\Roaming\Mozilla\Firefox\Profiles\18gf7str.default\extensions
    [2011/03/29 20:58:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/12/18 21:34:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    File not found (No name found) --
    File not found (No name found) -- C:\USERS\UL7O\APPDATA\LOCAL\{4DBAD5A1-2534-4AEF-8177-DE15CAD61E60}
    [2011/03/18 13:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
    [2010/12/18 21:34:01 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

    O1 HOSTS File: ([2011/04/01 23:36:57 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
    O4 - HKU\S-1-5-21-4603232-3277971173-2246861519-1000..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe (Creative Technology Ltd)
    O4 - HKU\S-1-5-21-4603232-3277971173-2246861519-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-4603232-3277971173-2246861519-1000..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe (Hagel Technologies Ltd.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4603232-3277971173-2246861519-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-4603232-3277971173-2246861519-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn2.safelnk.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3fhg - C:\Windows\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
    Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
    Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
    Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)


    ========== Files/Folders - Created Within 30 Days ==========

    [2011/04/01 23:58:43 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\ul7o\Desktop\OTL.exe
    [2011/04/01 23:47:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/04/01 23:47:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/04/01 23:47:24 | 000,000,000 | ---D | C] -- C:\Users\ul7o\AppData\Local\temp
    [2011/04/01 23:25:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/04/01 22:50:20 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/04/01 22:50:20 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/04/01 22:50:20 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/04/01 22:50:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/04/01 22:49:16 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/04/01 17:24:36 | 000,000,000 | ---D | C] -- C:\Users\ul7o\Desktop\tdsskiller
    [2011/04/01 17:23:08 | 000,000,000 | ---D | C] -- C:\Users\ul7o\AppData\Roaming\WinRAR
    [2011/03/31 18:17:41 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\ul7o\Desktop\TFC.exe
    [2011/03/29 22:13:45 | 000,000,000 | ---D | C] -- C:\Users\ul7o\AppData\Roaming\Malwarebytes
    [2011/03/29 22:13:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011/03/29 22:13:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/03/29 22:13:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/03/29 22:13:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/03/29 22:13:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/03/29 21:40:23 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2011/03/29 21:17:17 | 000,000,000 | ---D | C] -- C:\Windows\Sun
    [2011/03/17 17:42:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
    [2011/03/07 02:30:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
    [2011/03/07 02:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
    [2011/03/07 01:59:55 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2011/03/04 19:24:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Maxtor
    [2011/03/04 19:23:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
    [2011/03/04 19:23:44 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate

    ========== Files - Modified Within 30 Days ==========

    [2011/04/01 23:58:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\ul7o\Desktop\OTL.exe
    [2011/04/01 23:36:57 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/04/01 23:08:15 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/04/01 23:08:15 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/04/01 23:05:21 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/04/01 23:05:21 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/04/01 23:00:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/04/01 23:00:50 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
    [2011/04/01 23:00:41 | 2615,820,288 | -HS- | M] () -- C:\hiberfil.sys
    [2011/04/01 22:25:48 | 004,311,769 | R--- | M] () -- C:\Users\ul7o\Desktop\ComboFix.exe
    [2011/04/01 22:23:13 | 000,080,384 | ---- | M] () -- C:\Users\ul7o\Desktop\MBRCheck.exe
    [2011/03/31 18:53:51 | 000,625,664 | ---- | M] () -- C:\Users\ul7o\Desktop\dds.scr
    [2011/03/31 18:31:52 | 000,301,568 | ---- | M] () -- C:\Users\ul7o\Desktop\qhflcuhb.exe
    [2011/03/31 18:17:44 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\ul7o\Desktop\TFC.exe
    [2011/03/29 21:30:33 | 000,000,120 | ---- | M] () -- C:\Users\ul7o\AppData\Local\Kgojazalebin.dat
    [2011/03/29 20:58:34 | 000,001,990 | ---- | M] () -- C:\Users\ul7o\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/03/29 20:58:27 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011/03/21 17:31:45 | 279,641,961 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/03/05 23:12:32 | 001,420,741 | ---- | M] () -- C:\Users\ul7o\Desktop\Baptism.mp3
    [2011/03/05 22:35:38 | 010,249,960 | ---- | M] () -- C:\Users\ul7o\Desktop\04_Baptism_(Album_Version).mp3

    ========== Files Created - No Company Name ==========

    [2011/04/01 22:50:20 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/04/01 22:50:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/04/01 22:50:20 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/04/01 22:50:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/04/01 22:50:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/04/01 22:25:45 | 004,311,769 | R--- | C] () -- C:\Users\ul7o\Desktop\ComboFix.exe
    [2011/04/01 22:23:13 | 000,080,384 | ---- | C] () -- C:\Users\ul7o\Desktop\MBRCheck.exe
    [2011/03/31 18:53:49 | 000,625,664 | ---- | C] () -- C:\Users\ul7o\Desktop\dds.scr
    [2011/03/31 18:31:49 | 000,301,568 | ---- | C] () -- C:\Users\ul7o\Desktop\qhflcuhb.exe
    [2011/03/29 21:30:33 | 000,000,120 | ---- | C] () -- C:\Users\ul7o\AppData\Local\Kgojazalebin.dat
    [2011/03/29 20:58:27 | 000,001,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2011/03/29 20:58:27 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011/03/15 21:26:09 | 008,751,795 | ---- | C] () -- C:\Users\ul7o\Desktop\Control_Systems_Engineering_By_Nise_Solution_Manual.pdf
    [2011/03/05 23:12:24 | 001,420,741 | ---- | C] () -- C:\Users\ul7o\Desktop\Baptism.mp3
    [2011/03/05 22:35:38 | 010,249,960 | ---- | C] () -- C:\Users\ul7o\Desktop\04_Baptism_(Album_Version).mp3
    [2010/12/19 18:40:44 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2010/12/19 16:47:23 | 000,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
    [2010/12/19 16:47:22 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
    [2010/12/19 16:47:22 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
    [2010/12/19 16:22:58 | 000,042,594 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
    [2010/12/19 16:13:33 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2010/12/19 16:10:44 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
    [2010/12/19 16:10:43 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
    [2010/12/18 21:37:37 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
    [2010/12/18 21:35:03 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2010/12/18 21:35:03 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
    [2010/12/18 21:35:01 | 000,810,496 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2010/12/18 21:35:01 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2010/12/18 21:35:01 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/14 00:33:53 | 003,762,984 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2009/07/13 22:05:48 | 000,624,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2009/07/13 22:05:48 | 000,106,522 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2009/07/13 20:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
    [2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
    [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
    [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
    [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
    [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
    [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
    [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
    [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
    [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
    [2007/02/13 11:42:28 | 000,025,632 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
    [2007/02/13 11:39:54 | 001,691,808 | ---- | C] () -- C:\Windows\System32\drivers\Lvckap.sys
    [2005/05/06 20:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

    ========== LOP Check ==========

    [2010/12/18 21:19:08 | 000,000,000 | ---D | M] -- C:\Users\ul7o\AppData\Roaming\ACD Systems
    [2011/01/02 16:11:56 | 000,000,000 | ---D | M] -- C:\Users\ul7o\AppData\Roaming\DAEMON Tools Lite
    [2010/12/28 16:58:32 | 000,000,000 | ---D | M] -- C:\Users\ul7o\AppData\Roaming\Juniper Networks
    [2011/03/30 23:04:05 | 000,025,414 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2011/04/01 23:47:14 | 000,031,479 | ---- | M] () -- C:\ComboFix.txt
    [2009/06/10 17:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2011/04/01 23:00:41 | 2615,820,288 | -HS- | M] () -- C:\hiberfil.sys
    [2010/12/19 16:10:35 | 000,022,729 | ---- | M] () -- C:\newfile.enc
    [2010/12/19 16:10:35 | 000,022,729 | ---- | M] () -- C:\newkey
    [2011/04/01 23:00:45 | 3487,764,480 | -HS- | M] () -- C:\pagefile.sys
    [2011/04/01 17:27:04 | 000,073,942 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_01.04.2011_17.25.51_log.txt

    < %systemroot%\Fonts\*.com >
    [2009/07/14 00:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 00:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 00:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 00:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 17:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2009/07/13 21:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
    [2009/07/13 21:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 00:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/12/18 20:57:19 | 000,000,221 | -HS- | M] () -- C:\Users\ul7o\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/04/01 22:25:48 | 004,311,769 | R--- | M] () -- C:\Users\ul7o\Desktop\ComboFix.exe
    [2011/04/01 22:23:13 | 000,080,384 | ---- | M] () -- C:\Users\ul7o\Desktop\MBRCheck.exe
    [2011/04/01 23:58:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\ul7o\Desktop\OTL.exe
    [2011/03/31 18:31:52 | 000,301,568 | ---- | M] () -- C:\Users\ul7o\Desktop\qhflcuhb.exe
    [2011/03/31 18:17:44 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\ul7o\Desktop\TFC.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >
    [2007/10/10 19:53:06 | 000,000,750 | R--- | M] () -- C:\Windows\AppPatch\Custom\{75d2897c-87aa-4a06-8710-3ebda9f02de0}.sdb

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/12/18 22:04:52 | 000,000,402 | -HS- | M] () -- C:\Users\ul7o\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  10. uNo

    uNo TS Rookie Topic Starter

    Extras.txt:

    OTL Extras logfile created on: 4/2/2011 12:00:12 AM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\ul7o\Desktop
    Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
    6.00 Gb Paging File | 6.00 Gb Available in Paging File | 86.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 99.90 Gb Total Space | 74.97 Gb Free Space | 75.05% Space Free | Partition Type: NTFS
    Drive D: | 365.76 Gb Total Space | 336.91 Gb Free Space | 92.11% Space Free | Partition Type: NTFS

    Computer Name: UL7O-PC | User Name: ul7o | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [ACDSee Pro 3.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.)
    Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
    "{1B280FAF-AE10-4E31-A41A-DB3917D651DC}" = ACDSee Pro 3
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
    "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
    "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
    "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
    "{2EFCC193-D915-4CCB-9201-31773A27BC06}" = Symantec Endpoint Protection
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
    "{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
    "{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
    "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
    "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
    "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
    "{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{9932886E-7874-4BA1-A1AA-E61EA5A9352D}" = Logitech QuickCam
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
    "{B52480BF-CCED-4DD4-8DC2-28BB750D703E}" = BlackArmor Discovery
    "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
    "{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
    "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
    "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
    "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
    "Adobe AIR" = Adobe AIR
    "Adobe Audition 3.0" = Adobe Audition 3.0
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "DUMeter3_is1" = DU Meter
    "InstallShield_{B52480BF-CCED-4DD4-8DC2-28BB750D703E}" = BlackArmor Discovery
    "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
    "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.6.6
    "LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "mIRC" = mIRC
    "Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
    "NVIDIA Drivers" = NVIDIA Drivers
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "quicktime_lite_is1" = QT Lite 4.0.0
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "Winamp" = Winamp
    "WinRAR archiver" = WinRAR archiver

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Juniper_Setup_Client" = Juniper Networks Setup Client
    "Neoteris_Host_Checker" = Juniper Networks Host Checker

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 3/30/2011 9:29:54 PM | Computer Name = ul7o-PC | Source = Symantec AntiVirus | ID = 16711731
    Description = Security Risk Found!Tracking Cookies in File: Unavailable by: Manual
    scan. Action: Quarantine failed : Leave Alone failed. Action Description: The
    file was deleted successfully.

    Error - 3/30/2011 9:34:31 PM | Computer Name = ul7o-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time
    stamp: 0x4ba9b21e Exception code: 0xc0000005 Fault offset: 0x0006af67 Faulting process
    id: 0x430 Faulting application start time: 0x01cbef41de317ad2 Faulting application
    path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: 0629d9ca-5b37-11e0-8c3d-8b86ceba1050

    Error - 3/30/2011 10:13:03 PM | Computer Name = ul7o-PC | Source = Symantec AntiVirus | ID = 16711731
    Description = Risk Found!Backdoor.Trojan in File: d:\For Bubs\ETAP 6 PETA. MEDICINE.zip
    by: Manual scan. Action: Compressed file processing succeeded. Action Description:
    The file was left unchanged. Security Risk Found!Backdoor.Trojan in File: d:\For
    Bubs\ETAP 6 PETA. MEDICINE.zip by: Manual scan. Action: Compressed file processing
    succeeded. Action Description: The file was left unchanged. Security Risk Found!Backdoor.Trojan
    in File: d:\Free To Air\Cool Sat\ROM102\Utilties.zip>>...>>AutoPlay/Docs/wiem32_build_12/wiem32.exe
    by: Manual scan. Action: Cleaned by Deletion. Action Description: The file was
    deleted successfully. Risk Found!Backdoor.Trojan in File: d:\Free To Air\Cool Sat\ROM102\Utilties.zip>>...>>AutoPlay/Docs/wiem32_build_12/wiem32.exe
    by: Manual scan. Action: Cleaned by Deletion. Action Description: The file was
    deleted successfully.

    Error - 3/30/2011 10:47:56 PM | Computer Name = ul7o-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time
    stamp: 0x4ba9b21e Exception code: 0xc0000005 Fault offset: 0x0006af67 Faulting process
    id: 0x430 Faulting application start time: 0x01cbef4c1a7524f5 Faulting application
    path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: 47e4e3a9-5b41-11e0-b5c1-c5b157973f56

    Error - 3/30/2011 11:04:05 PM | Computer Name = ul7o-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time
    stamp: 0x4ba9b21e Exception code: 0xc0000005 Fault offset: 0x0006af67 Faulting process
    id: 0x1598 Faulting application start time: 0x01cbef4e0b9015f8 Faulting application
    path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: 891d32c6-5b43-11e0-b5c1-c5b157973f56

    Error - 3/31/2011 6:19:14 PM | Computer Name = ul7o-PC | Source = Symantec AntiVirus | ID = 16711725
    Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Common Files\Symantec
    Shared\ccApp.exe Event Info: Terminate Process Action Taken: Logged Actor Process:
    C:\Users\ul7o\Desktop\TFC.exe (PID 5656) Time: Thursday, March 31, 2011 6:19:14
    PM

    Error - 3/31/2011 6:19:14 PM | Computer Name = ul7o-PC | Source = Symantec AntiVirus | ID = 16711725
    Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec
    Endpoint Protection\SmcGui.exe Event Info: Terminate Process Action Taken: Logged
    Actor
    Process: C:\Users\ul7o\Desktop\TFC.exe (PID 5656) Time: Thursday, March 31, 2011
    6:19:14 PM

    Error - 3/31/2011 9:16:24 PM | Computer Name = ul7o-PC | Source = SescLU | ID = 13
    Description = LiveUpdate returned a non-critical error. Available content updates
    may have failed to install.

    Error - 3/31/2011 10:16:37 PM | Computer Name = ul7o-PC | Source = SescLU | ID = 13
    Description = LiveUpdate returned a non-critical error. Available content updates
    may have failed to install.

    Error - 3/31/2011 11:16:35 PM | Computer Name = ul7o-PC | Source = SescLU | ID = 13
    Description = LiveUpdate returned a non-critical error. Available content updates
    may have failed to install.

    [ System Events ]
    Error - 4/1/2011 10:59:24 PM | Computer Name = ul7o-PC | Source = Service Control Manager | ID = 7000
    Description = The BCM42RLY service failed to start due to the following error: %%2

    Error - 4/1/2011 11:01:11 PM | Computer Name = ul7o-PC | Source = Service Control Manager | ID = 7000
    Description = The BCM42RLY service failed to start due to the following error: %%2

    Error - 4/1/2011 11:01:14 PM | Computer Name = ul7o-PC | Source = Service Control Manager | ID = 7000
    Description = The BCM42RLY service failed to start due to the following error: %%2

    Error - 4/1/2011 11:01:16 PM | Computer Name = ul7o-PC | Source = Service Control Manager | ID = 7000
    Description = The BCM42RLY service failed to start due to the following error: %%2

    Error - 4/1/2011 11:01:17 PM | Computer Name = ul7o-PC | Source = Service Control Manager | ID = 7000
    Description = The BCM42RLY service failed to start due to the following error: %%2

    Error - 4/1/2011 11:26:02 PM | Computer Name = ul7o-PC | Source = Service Control Manager | ID = 7034
    Description = The Process Monitor service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 4/1/2011 11:26:56 PM | Computer Name = ul7o-PC | Source = Service Control Manager | ID = 7034
    Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 4/1/2011 11:26:58 PM | Computer Name = ul7o-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 4/1/2011 11:30:33 PM | Computer Name = ul7o-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 4/1/2011 11:37:07 PM | Computer Name = ul7o-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.


    < End of report >
     
  11. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Looks good :)

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ==================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
     
  12. uNo

    uNo TS Rookie Topic Starter

    Done.

    Here is the SecurityCheck log:

    Results of screen317's Security Check version 0.99.7
    Windows 7 (UAC is disabled!)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Symantec Endpoint Protection
    BlackArmor Discovery
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 24
    Out of date Java installed!
    Adobe Flash Player 10.1.102.64
    Adobe Reader X (10.0.1)
    Mozilla Firefox (x86 en-US..) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Norton ccSvcHst.exe
    ``````````End of Log````````````

    I received these 2 Notification alerts from Symantec after I ran TFC:

    SYMANTEC TAMPER PROTECTION ALERT

    Target: C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    Event Info: Terminate Process
    Action Taken: Logged
    Actor Process: C:\Users\ul7o\Desktop\TFC.exe (PID 4464)
    Time: Saturday, April 02, 2011 2:09:40 PM

    SYMANTEC TAMPER PROTECTION ALERT

    Target: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    Event Info: Terminate Process
    Action Taken: Logged
    Actor Process: C:\Users\ul7o\Desktop\TFC.exe (PID 4464)
    Time: Saturday, April 02, 2011 2:09:40 PM


    Finally, here is the log from ESETScan:

    D:\BACK UP\-=Applications=-\Nero Ultra 8.3.6.0\Nero-8.3.6.0_eng_trial (from Nero site).exe Win32/Toolbar.AskSBar application

    Thank You for your help.
     
  13. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Symantec alert was triggered by a legit, safe program, which we just used - TFC.
    Disregard Norton's warning.

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
  14. uNo

    uNo TS Rookie Topic Starter

    Thank you for your help. My computer seems to be working properly. Here is the resulting OTL log:

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: ul7o
    ->Temp folder emptied: 16761 bytes
    ->Temporary Internet Files folder emptied: 9633788 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 456 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 9.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: ul7o
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb



    OTL by OldTimer - Version 3.2.22.3 log created on 04022011_234026

    Files\Folders moved on Reboot...
    C:\Users\ul7o\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FR5I6XN2\sh36[1].html moved successfully.
    C:\Users\ul7o\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B7URVZVF\crosspixel-dest[1].htm moved successfully.
    C:\Users\ul7o\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B7URVZVF\topic163254[1].html moved successfully.
    C:\Users\ul7o\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

    Registry entries deleted on Reboot...
     
  15. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Way to go!! [​IMG]
    Good luck and stay safe :)
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.