TechSpot

Malware Trojan Virus Can't Install Programs and access Internet to complete Install

Solved
By certifiablejeep
Oct 27, 2010
Topic Status:
Not open for further replies.
  1. Hi there.
    I am having an issue when trying to remove a piece of malware.
    I have read and read and read the forums and basically what I have done is the following

    1) Installed HiJackthis and ran it... cleaned up some stuff
    2) Cleaned up the hosts file... it wasn't bad, but now it has nothing in there.
    3) Installed Ad-Aware and ran it, rebooted, cleaned upa few things.
    4) Installed Norton Antivirus, ran it, says that the system is clean
    5) Installed SpyBot, had to rename the file, manually update as it can't connect to the Internet to find Updates, ran it, and then fixed the issues, again, nothign much came back.

    So, here is the issue... it seems that whenever I try to install a Malware program that needs to connect to the Internet to receive updates, the Malware program is being blocked.

    I can't figure out what is causing this as normal browsing is fine, but it will redirect you if you try to go to any known list of sites.

    I have tried starting in safe mode and running the programs, renaming them, putting them in different directories, etc. but nothing seems to find what I think to be the Google/Yahoo/Bing/etc. redirect trojan.

    If anyone out there has seen simlar behavior and could let me know of a program that I can download and put on my machine to run and attempt to clean this up that doesn't connect to the internet or wouldn't be blocked by the malware, that would be great.

    Thank you so much for your time.

    Craig
  2. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Complete as many steps, as you can.
  3. certifiablejeep

    certifiablejeep TS Rookie Topic Starter

    Thank you for your response... as I said, I have done some of this, but I will follow the instructions provided and supply the information tonight.

    Thanks again.
    Craig
  4. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    OK..................
  5. certifiablejeep

    certifiablejeep TS Rookie Topic Starter

    Hey there... sorry for the delay, I had to work late yet again.
    The issue seems to be still happening, but from what I saw in the logs, not a ton of stuff popped out at me, I hope that you see something I didn't.

    BTW, Malware finally ran after renaming it and running it with the different tname, but as you can see in the picture attached, the updated was not allowed to run... like all programs, even the NAV is blocked from getting out to the Internet.

    So, here goes.

    ---------------------------------------------------------------------------------------

    Malware Log

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4052

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    10/28/2010 6:39:56 AM
    mbam-log-2010-10-28 (06-39-56).txt

    Scan type: Quick scan
    Objects scanned: 123164
    Time elapsed: 3 minute(s), 36 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    -------------------------------------------------------------------------------

    gmer log

    GMER 1.0.15.15477 - http://www.gmer.net
    Rootkit scan 2010-10-28 21:55:43
    Windows 5.1.2600 Service Pack 3
    Running: drs648yb.exe; Driver: C:\DOCUME~1\Craig\LOCALS~1\Temp\uxtdqpod.sys


    ---- System - GMER 1.0.15 ----

    SSDT 89786FD0 ZwAlertResumeThread
    SSDT 89BC0180 ZwAlertThread
    SSDT 89D664F0 ZwAllocateVirtualMemory
    SSDT 89782830 ZwAssignProcessToJobObject
    SSDT 89BAC890 ZwConnectPort
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0x9E6E2720]
    SSDT 896CF1A8 ZwCreateMutant
    SSDT 8974D258 ZwCreateSymbolicLinkObject
    SSDT 89C1C568 ZwCreateThread
    SSDT 89785430 ZwDebugActiveProcess
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0x9E6E29A0]
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0x9E6E2F00]
    SSDT 89BFCC38 ZwDuplicateObject
    SSDT 89E34008 ZwFreeVirtualMemory
    SSDT 89C15CB8 ZwImpersonateAnonymousToken
    SSDT 89786610 ZwImpersonateThread
    SSDT 89BBD9F8 ZwLoadDriver
    SSDT 89D7B9F8 ZwMapViewOfSection
    SSDT 89C3B808 ZwOpenEvent
    SSDT 89C0F238 ZwOpenProcess
    SSDT 89D304C8 ZwOpenProcessToken
    SSDT 89C93768 ZwOpenSection
    SSDT 89D6A7E8 ZwOpenThread
    SSDT 88FF76A0 ZwProtectVirtualMemory
    SSDT 89785910 ZwResumeThread
    SSDT 89BF90D0 ZwSetContextThread
    SSDT 89C8D050 ZwSetInformationProcess
    SSDT 89C4DA48 ZwSetSystemInformation
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0x9E6E3150]
    SSDT 89C1A650 ZwSuspendProcess
    SSDT 896E2278 ZwSuspendThread
    SSDT 89D81908 ZwTerminateProcess
    SSDT 89BC7218 ZwTerminateThread
    SSDT 89D83E98 ZwUnmapViewOfSection
    SSDT 89D5F008 ZwWriteVirtualMemory

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 2DC4 80504660 4 Bytes CALL CCDA1D0C
    ? SYMDS.SYS The system cannot find the file specified. !
    ? SYMEFA.SYS The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\SearchIndexer.exe[2960] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip Lbd.sys (Boot Driver/Lavasoft AB)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

    Device \Driver\iaStor -> DriverStartIo \Device\Ide\iaStor0 8A8ECAEA
    Device \Driver\iaStor -> DriverStartIo \Device\Ide\IAAStorageDevice-0 8A8ECAEA

    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp Lbd.sys (Boot Driver/Lavasoft AB)

    Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
    Device 9C06BD20

    AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskWDC_WD1600BEVT-75ZCT2___________________11.01A11#4&11fcf6bd&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- EOF - GMER 1.0.15 ----


    ---------------------------------------------------------------------------------

    dds.txt


    DDS (Ver_10-10-21.02) - NTFSx86
    Run by Craig at 21:57:50.01 on Thu 10/28/2010
    Internet Explorer: 6.0.2900.5512
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3536.2902 [GMT -4:00]

    AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
    C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
    C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
    C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Documents and Settings\Craig\Desktop\dds.scr
    C:\WINDOWS\system32\svchost.exe -k netsvcs

    ============== Pseudo HJT Report ===============

    uStart Page = about:blank
    mStart Page = about:blank
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\18.1.0.37\IPSBHO.DLL
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [<NO NAME>]
    mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} -
    Notify: igfxcui - igfxdev.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    LSA: Authentication Packages = msv1_0 wvauth

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\craig\applic~1\mozilla\firefox\profiles\eghensri.default\
    FF - prefs.js: browser.startup.homepage - hxxp://news.yahoo.com/
    FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
    FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\mozilla firefox\plugins\npwbe.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

    ============= SERVICES / DRIVERS ===============

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-10-24 64288]
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1201000.025\SymDS.sys [2010-10-25 339504]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1201000.025\SymEFA.sys [2010-10-25 666672]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\bashdefs\20101001.001\BHDrvx86.sys [2010-8-31 692272]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1201000.025\Ironx86.sys [2010-10-25 134704]
    R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2008-12-29 320800]
    R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2009-1-22 808296]
    R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2009-1-22 20840]
    R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-2-6 443168]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-9-23 1357464]
    R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.1.0.37\ccSvcHst.exe [2010-10-25 126904]
    R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-6-13 112512]
    R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2009-6-13 32808]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-6-13 244368]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-10-25 102448]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\ipsdefs\20101026.001\IDSXpx86.sys [2010-10-19 341880]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-6-13 109568]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20101027.033\NAVENG.SYS [2010-10-27 86064]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20101027.033\NAVEX15.SYS [2010-10-27 1371184]
    R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2009-6-13 232744]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-9-23 15008]
    S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\drivers\nvtsp50.sys --> c:\windows\system32\drivers\NvtSp50.sys [?]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S4 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-4-19 133968]
    S4 SMManager;Smith Micro Connection Manager Service;c:\program files\dell\dell controlpoint\connection manager\SMManager.exe [2009-3-1 77824]

    =============== Created Last 30 ================

    2010-10-28 00:32:57 -------- d-----w- c:\docume~1\craig\applic~1\Malwarebytes
    2010-10-28 00:32:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-28 00:32:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-28 00:32:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-10-28 00:32:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-28 00:23:11 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-10-27 02:03:30 11701704 ----a-w- C:\abc.exe
    2010-10-26 21:30:31 -------- d-----w- c:\windows\system32\appmgmt
    2010-10-26 03:11:02 -------- d-----w- c:\docume~1\craig\applic~1\SUPERAntiSpyware.com
    2010-10-26 03:11:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
    2010-10-26 02:58:33 43952 ----a-r- c:\windows\system32\drivers\SymIM.sys
    2010-10-26 02:53:19 -------- d-----w- c:\program files\Hitman Pro 3.5
    2010-10-26 02:52:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
    2010-10-26 01:46:06 -------- d-----w- C:\death
    2010-10-24 19:19:58 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-10-24 18:20:13 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-10-24 18:19:52 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{E961CE1B-C3EA-4882-9F67-F859B555D097}
    2010-10-24 18:19:37 -------- d-----w- c:\program files\Lavasoft

    ==================== Find3M ====================

    2010-10-26 02:31:52 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

    ============= FINISH: 21:59:10.53 ===============


    --------------------------------------------------------------------------


    attach.txt


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-10-21.02)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 6/24/2009 11:33:15 AM
    System Uptime: 10/28/2010 8:29:47 PM (1 hours ago)

    Motherboard: Dell Inc. | | 0H635N
    Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz | Microprocessor | 2526/266mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 149 GiB total, 111.147 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: 1394 Net Adapter
    Device ID: V1394\NIC1394\33539621354FC000
    Manufacturer: Microsoft
    Name: 1394 Net Adapter
    PNP Device ID: V1394\NIC1394\33539621354FC000
    Service: NIC1394

    ==== System Restore Points ===================

    RP221: 7/14/2010 6:34:10 AM - System Checkpoint
    RP222: 7/18/2010 6:48:28 AM - System Checkpoint
    RP223: 7/21/2010 8:59:39 AM - System Checkpoint
    RP224: 7/22/2010 9:42:25 AM - System Checkpoint
    RP225: 7/23/2010 1:14:23 PM - System Checkpoint
    RP226: 7/27/2010 7:10:52 AM - System Checkpoint
    RP227: 8/3/2010 6:16:14 AM - System Checkpoint
    RP228: 8/5/2010 6:33:01 AM - System Checkpoint
    RP229: 8/9/2010 6:43:10 AM - System Checkpoint
    RP230: 8/12/2010 6:57:47 AM - System Checkpoint
    RP231: 8/16/2010 7:16:28 AM - System Checkpoint
    RP232: 8/23/2010 7:18:50 AM - System Checkpoint
    RP233: 9/1/2010 6:46:16 AM - System Checkpoint
    RP234: 9/6/2010 8:11:49 AM - System Checkpoint
    RP235: 9/8/2010 6:27:03 AM - System Checkpoint
    RP236: 9/9/2010 6:45:22 AM - System Checkpoint
    RP237: 9/14/2010 6:37:09 AM - System Checkpoint
    RP238: 9/23/2010 6:52:15 AM - System Checkpoint
    RP239: 9/26/2010 10:11:48 AM - System Checkpoint
    RP240: 10/3/2010 9:01:29 AM - System Checkpoint
    RP241: 10/5/2010 7:04:13 AM - System Checkpoint
    RP242: 10/11/2010 9:11:58 AM - System Checkpoint
    RP243: 10/24/2010 3:13:48 PM - System Checkpoint

    ==== Installed Programs ======================

    Ad-Aware
    Adobe Acrobat 9 Standard - English, Français, Deutsch
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Photoshop 6.0
    All Day Battery Life Configuration
    AviSynth 2.5
    BioAPI Framework
    biolsp patch
    Broadcom USH Host Components
    Choice Guard
    DCP32MMWrapper
    Dell Control Point
    Dell ControlPoint Connection Manager
    Dell ControlPoint Security Manager
    Dell ControlPoint System Manager
    Dell Embassy Trust Suite by Wave Systems
    Dell Security Device Driver Pack
    Dell Touchpad
    Dell Wireless WLAN Card Utility
    Document Manager Lite
    EMBASSY Security Center
    EMBASSY Security Setup
    ESC Home Page Plugin
    Gemalto
    HijackThis 1.99.0
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB945436)
    Hotfix for Windows XP (KB949764)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB953955)
    Hotfix for Windows XP (KB954434)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB958347)
    Hotfix for Windows XP (KB959252)
    Intel(R) Network Connections 13.0.42.0
    Intel(R) PRO Alerting Agent
    Intel® Matrix Storage Manager
    Java(TM) 6 Update 11
    Junk Mail filter update
    Malwarebytes' Anti-Malware
    MFCLOC
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 2.0 Service Pack 1
    Microsoft .NET Framework 3.0
    Microsoft Application Error Reporting
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Office Basic 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing (English) 2010
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Visio 2010
    Microsoft Office Visio MUI (English) 2010
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Software Update for Web Folders (English) 14
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visio Premium 2010
    Microsoft Visual C++ 2005 Redistributable
    Mozilla Firefox (3.0.19)
    MSVCRT
    Norton AntiVirus
    NTRU TCG Software Stack
    Octoshape add-in for Adobe Flash Player
    PowerDVD DX
    Preboot Manager
    Private Information Manager
    Secure Update
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Wizards
    Segoe UI
    SO32MMWrapper
    Spybot - Search & Destroy
    SRS Premium Sound
    Trusted Drive Manager
    tsp patch
    Update for Windows XP (KB951618-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VuePrint
    Wave Infrastructure Installer
    Wave Support Software
    Web-Based Email Tools
    WebFldrs XP
    Windows Communication Foundation
    Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Presentation Foundation
    Windows Search 4.0
    Windows Workflow Foundation
    XML Paper Specification Shared Components Pack 1.0
    XviD MPEG4 Video Codec (remove only)

    ==== Event Viewer Messages From Past Week ========

    10/28/2010 6:31:19 AM, error: Service Control Manager [7034] - The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).
    10/27/2010 8:55:13 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
    10/27/2010 10:09:29 PM, error: DCOM [10005] - DCOM got error "%230" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    10/27/2010 10:09:29 PM, error: DCOM [10005] - DCOM got error "%230" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/26/2010 9:53:30 PM, error: Service Control Manager [7034] - The WebClient service terminated unexpectedly. It has done this 1 time(s).
    10/26/2010 9:53:30 PM, error: Service Control Manager [7034] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s).
    10/26/2010 9:53:30 PM, error: Service Control Manager [7034] - The SSDP Discovery Service service terminated unexpectedly. It has done this 1 time(s).
    10/26/2010 9:53:30 PM, error: Service Control Manager [7031] - The Remote Registry service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    10/26/2010 9:49:24 PM, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 0024E8B02DB0 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    10/26/2010 7:39:05 PM, error: SCardSvr [610] - Smart Card Reader 'Broadcom Corp Contacted SmartCard 0' rejected IOCTL GET_STATE: The device has been removed.
    10/26/2010 6:32:49 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    10/26/2010 6:00:13 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    10/26/2010 5:59:04 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.
    10/26/2010 5:30:31 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    10/26/2010 5:25:09 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 eeCtrl Fips intelppm SASDIFSV SASKUTIL SRTSPX SymIRON SYMTDI
    10/26/2010 10:09:32 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 eeCtrl Fips intelppm SRTSPX SymIRON SYMTDI
    10/26/2010 10:00:34 PM, error: EventLog [6004] - A driver packet received from the I/O subsystem was invalid. The data is the packet.
    10/25/2010 9:14:27 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/25/2010 9:14:22 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    10/25/2010 9:13:58 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm
    10/25/2010 9:13:40 PM, error: Dhcp [1002] - The IP address lease 192.168.0.4 for the Network Card with network address 0024E8B02DB0 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    10/24/2010 3:57:41 PM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).
    10/24/2010 3:57:41 PM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
    10/24/2010 2:22:02 PM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: The requested service provider could not be loaded or initialized.
    10/24/2010 1:55:23 PM, error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
    10/24/2010 1:55:17 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
    10/24/2010 1:55:14 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/24/2010 1:54:57 PM, error: Service Control Manager [7034] - The Smart Card service terminated unexpectedly. It has done this 1 time(s).
    10/24/2010 1:54:54 PM, error: Service Control Manager [7034] - The Credential Vault Host Storage service terminated unexpectedly. It has done this 1 time(s).
    10/24/2010 1:54:51 PM, error: Service Control Manager [7034] - The Dell ControlPoint Button Service service terminated unexpectedly. It has done this 1 time(s).
    10/24/2010 1:54:48 PM, error: Service Control Manager [7034] - The Dell ControlPoint System Manager service terminated unexpectedly. It has done this 1 time(s).
    10/24/2010 1:54:25 PM, error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    10/24/2010 1:54:18 PM, error: Service Control Manager [7034] - The Credential Vault Host Control Service service terminated unexpectedly. It has done this 1 time(s).
    10/24/2010 1:54:14 PM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
    10/24/2010 1:54:07 PM, error: Service Control Manager [7034] - The TdmService service terminated unexpectedly. It has done this 1 time(s).
    10/24/2010 1:54:04 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
    10/24/2010 1:33:45 PM, error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 3 time(s).
    10/24/2010 1:33:30 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    10/24/2010 1:33:11 PM, error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    10/21/2010 6:42:45 AM, error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.

    ==== End Of File ===========================

    Attached Files:

  6. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ========================================================================

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.
  7. certifiablejeep

    certifiablejeep TS Rookie Topic Starter

    Thanks for the reply... I am off to work again, so I hope to get to this during the evening.

    Craig
  8. certifiablejeep

    certifiablejeep TS Rookie Topic Starter

    Great news... I was able to download updates for Spybot... and Malwarebytes as well!

    The TDS Killer log shows the one file cleaned up. I posted the other MBR one as well.

    So basically, I was able to download updates and so faf I was able to be redirected to the correct sites when they are searched and also Norton Antivirus ran its updates as well.

    So, I think the initial issue is resolved, now I just was wondeirng what else would need to be done to ensure that this doesn't happen again.

    Thanks,
    Craig

    2010/10/29 19:24:29.0859 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
    2010/10/29 19:24:29.0859 ================================================================================
    2010/10/29 19:24:29.0859 SystemInfo:
    2010/10/29 19:24:29.0859
    2010/10/29 19:24:29.0859 OS Version: 5.1.2600 ServicePack: 3.0
    2010/10/29 19:24:29.0859 Product type: Workstation
    2010/10/29 19:24:29.0859 ComputerName: CB_LAP
    2010/10/29 19:24:29.0859 UserName: Craig
    2010/10/29 19:24:29.0859 Windows directory: C:\WINDOWS
    2010/10/29 19:24:29.0859 System windows directory: C:\WINDOWS
    2010/10/29 19:24:29.0859 Processor architecture: Intel x86
    2010/10/29 19:24:29.0859 Number of processors: 2
    2010/10/29 19:24:29.0859 Page size: 0x1000
    2010/10/29 19:24:29.0859 Boot type: Normal boot
    2010/10/29 19:24:29.0859 ================================================================================
    2010/10/29 19:24:30.0343 Initialize success
    2010/10/29 19:24:45.0812 ================================================================================
    2010/10/29 19:24:45.0812 Scan started
    2010/10/29 19:24:45.0812 Mode: Manual;
    2010/10/29 19:24:45.0812 ================================================================================
    2010/10/29 19:24:46.0203 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    2010/10/29 19:24:46.0265 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2010/10/29 19:24:46.0296 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    2010/10/29 19:24:46.0359 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    2010/10/29 19:24:46.0437 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2010/10/29 19:24:46.0500 AESTAud (f21d5e93a94514be9f5b6ebf74a696b2) C:\WINDOWS\system32\drivers\AESTAud.sys
    2010/10/29 19:24:46.0546 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2010/10/29 19:24:46.0593 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    2010/10/29 19:24:46.0640 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    2010/10/29 19:24:46.0687 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    2010/10/29 19:24:46.0734 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    2010/10/29 19:24:46.0765 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    2010/10/29 19:24:46.0812 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    2010/10/29 19:24:46.0843 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    2010/10/29 19:24:46.0890 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    2010/10/29 19:24:46.0921 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    2010/10/29 19:24:46.0968 ApfiltrService (b83f9da84f7079451c1c6a4a2f140920) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
    2010/10/29 19:24:47.0031 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2010/10/29 19:24:47.0062 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    2010/10/29 19:24:47.0109 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    2010/10/29 19:24:47.0125 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    2010/10/29 19:24:47.0187 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2010/10/29 19:24:47.0218 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2010/10/29 19:24:47.0593 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2010/10/29 19:24:47.0640 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2010/10/29 19:24:47.0750 BCM43XX (9208c78bd9283f79a30252ad954c77a2) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
    2010/10/29 19:24:47.0859 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2010/10/29 19:24:48.0140 BHDrvx86 (5138da8715da5f9823b753b6cb36a9a9) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101001.001\BHDrvx86.sys
    2010/10/29 19:24:48.0203 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    2010/10/29 19:24:48.0234 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2010/10/29 19:24:48.0296 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2010/10/29 19:24:48.0343 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    2010/10/29 19:24:48.0406 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2010/10/29 19:24:48.0468 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2010/10/29 19:24:48.0500 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2010/10/29 19:24:48.0593 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    2010/10/29 19:24:48.0640 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    2010/10/29 19:24:48.0671 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    2010/10/29 19:24:48.0734 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    2010/10/29 19:24:48.0812 cvusbdrv (a95d9b8d882adf93ef40d7dc9b9bb508) C:\WINDOWS\system32\Drivers\cvusbdrv.sys
    2010/10/29 19:24:48.0859 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    2010/10/29 19:24:48.0937 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    2010/10/29 19:24:49.0000 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2010/10/29 19:24:49.0062 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2010/10/29 19:24:49.0125 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2010/10/29 19:24:49.0156 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2010/10/29 19:24:49.0218 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2010/10/29 19:24:49.0250 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    2010/10/29 19:24:49.0312 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2010/10/29 19:24:49.0406 e1yexpress (10cbd2b278ce365b41de378632cb5ddb) C:\WINDOWS\system32\DRIVERS\e1y5132.sys
    2010/10/29 19:24:49.0515 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    2010/10/29 19:24:49.0578 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    2010/10/29 19:24:49.0640 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2010/10/29 19:24:49.0703 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    2010/10/29 19:24:49.0765 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2010/10/29 19:24:49.0796 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    2010/10/29 19:24:49.0843 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    2010/10/29 19:24:49.0859 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2010/10/29 19:24:49.0906 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2010/10/29 19:24:49.0953 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2010/10/29 19:24:49.0984 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2010/10/29 19:24:50.0015 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2010/10/29 19:24:50.0062 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    2010/10/29 19:24:50.0125 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
    2010/10/29 19:24:50.0140 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    2010/10/29 19:24:50.0171 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    2010/10/29 19:24:50.0203 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2010/10/29 19:24:50.0390 ialm (3b743262b6456167888d15f1121b3bf7) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    2010/10/29 19:24:50.0609 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\WINDOWS\system32\drivers\iaStor.sys
    2010/10/29 19:24:50.0859 IDSxpx86 (74e8463447101ecf0165ddc7e5168b7e) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101026.001\IDSxpx86.sys
    2010/10/29 19:24:50.0937 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2010/10/29 19:24:50.0984 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    2010/10/29 19:24:51.0046 IntcHdmiAddService (f32a62c765885bd8e4352a1565f702a6) C:\WINDOWS\system32\drivers\IntcHdmi.sys
    2010/10/29 19:24:51.0062 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2010/10/29 19:24:51.0093 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2010/10/29 19:24:51.0125 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    2010/10/29 19:24:51.0156 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2010/10/29 19:24:51.0187 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2010/10/29 19:24:51.0250 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2010/10/29 19:24:51.0265 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2010/10/29 19:24:51.0281 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2010/10/29 19:24:51.0359 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2010/10/29 19:24:51.0390 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2010/10/29 19:24:51.0406 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2010/10/29 19:24:51.0453 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2010/10/29 19:24:51.0484 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
    2010/10/29 19:24:51.0609 Lavasoft Kernexplorer (32da3fde01f1bb080c2e69521dd8881e) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
    2010/10/29 19:24:51.0656 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
    2010/10/29 19:24:51.0703 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2010/10/29 19:24:51.0734 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2010/10/29 19:24:51.0781 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2010/10/29 19:24:51.0796 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2010/10/29 19:24:51.0812 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2010/10/29 19:24:51.0875 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    2010/10/29 19:24:51.0890 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2010/10/29 19:24:51.0953 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2010/10/29 19:24:51.0968 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2010/10/29 19:24:52.0015 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2010/10/29 19:24:52.0046 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2010/10/29 19:24:52.0078 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2010/10/29 19:24:52.0109 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2010/10/29 19:24:52.0156 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2010/10/29 19:24:52.0171 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2010/10/29 19:24:52.0218 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2010/10/29 19:24:52.0265 NAL (a467e1deb3bb2b57426c8a5993ba933e) C:\WINDOWS\system32\Drivers\iqvw32.sys
    2010/10/29 19:24:52.0578 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101027.033\NAVENG.SYS
    2010/10/29 19:24:52.0656 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101027.033\NAVEX15.SYS
    2010/10/29 19:24:52.0718 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2010/10/29 19:24:52.0843 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2010/10/29 19:24:52.0890 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2010/10/29 19:24:52.0921 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2010/10/29 19:24:52.0953 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2010/10/29 19:24:52.0984 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    2010/10/29 19:24:53.0015 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2010/10/29 19:24:53.0046 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2010/10/29 19:24:53.0109 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2010/10/29 19:24:53.0140 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2010/10/29 19:24:53.0218 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2010/10/29 19:24:53.0281 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2010/10/29 19:24:53.0343 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2010/10/29 19:24:53.0359 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2010/10/29 19:24:53.0390 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2010/10/29 19:24:53.0421 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    2010/10/29 19:24:53.0437 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2010/10/29 19:24:53.0625 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2010/10/29 19:24:53.0671 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\WINDOWS\system32\DRIVERS\PBADRV.sys
    2010/10/29 19:24:53.0734 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys
    2010/10/29 19:24:53.0765 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2010/10/29 19:24:53.0812 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2010/10/29 19:24:53.0828 Pcmcia (e159080e844e658d2d5a375be7cc1f76) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    2010/10/29 19:24:53.0828 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\pcmcia.sys. Real md5: e159080e844e658d2d5a375be7cc1f76, Fake md5: 9e89ef60e9ee05e3f2eef2da7397f1c1
    2010/10/29 19:24:53.0828 Pcmcia - detected Rootkit.Win32.TDSS.tdl3 (0)
    2010/10/29 19:24:53.0875 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    2010/10/29 19:24:53.0890 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    2010/10/29 19:24:53.0937 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2010/10/29 19:24:53.0953 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2010/10/29 19:24:53.0968 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2010/10/29 19:24:54.0015 QCDonner (fddd1aeb9f81ef1e6e48ae1edc2a97d6) C:\WINDOWS\system32\DRIVERS\OVCD.sys
    2010/10/29 19:24:54.0046 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    2010/10/29 19:24:54.0062 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    2010/10/29 19:24:54.0343 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    2010/10/29 19:24:54.0390 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    2010/10/29 19:24:54.0421 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    2010/10/29 19:24:54.0453 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2010/10/29 19:24:54.0484 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2010/10/29 19:24:54.0500 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2010/10/29 19:24:54.0515 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2010/10/29 19:24:54.0531 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2010/10/29 19:24:54.0609 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2010/10/29 19:24:54.0640 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2010/10/29 19:24:54.0687 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2010/10/29 19:24:54.0765 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2010/10/29 19:24:54.0843 rimmptsk (ea885e7a56f1be1f14c372337c42fe48) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
    2010/10/29 19:24:54.0890 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
    2010/10/29 19:24:54.0921 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2010/10/29 19:24:54.0968 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2010/10/29 19:24:55.0000 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2010/10/29 19:24:55.0031 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2010/10/29 19:24:55.0062 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    2010/10/29 19:24:55.0109 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2010/10/29 19:24:55.0156 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    2010/10/29 19:24:55.0203 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2010/10/29 19:24:55.0218 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2010/10/29 19:24:55.0250 SRS_PremiumSound_Service (584477fdfa731af4635f5875c6b52531) C:\WINDOWS\system32\drivers\srs_PremiumSound_i386.sys
    2010/10/29 19:24:55.0343 SRTSP (d0ab8e989935d895f1bed8f607fa0948) C:\WINDOWS\system32\drivers\NAV\1201000.025\SRTSP.SYS
    2010/10/29 19:24:55.0375 SRTSPX (fae9f5558a1f53670e579f9ffb4a67cc) C:\WINDOWS\system32\drivers\NAV\1201000.025\SRTSPX.SYS
    2010/10/29 19:24:55.0390 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
    2010/10/29 19:24:55.0468 STHDA (1b76479b80ff0f6e245ba590a64102be) C:\WINDOWS\system32\drivers\sthda.sys
    2010/10/29 19:24:55.0531 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2010/10/29 19:24:55.0578 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2010/10/29 19:24:55.0593 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2010/10/29 19:24:55.0640 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    2010/10/29 19:24:55.0703 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    2010/10/29 19:24:55.0812 SymDS (67e83f8c7e80dc898a1d73b38412ba7a) C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMDS.SYS
    2010/10/29 19:24:55.0859 SymEFA (3986a8de371e985ba6c82eb8da3b1e98) C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMEFA.SYS
    2010/10/29 19:24:55.0937 SymEvent (5c76a63fac8a5580c5a1c4a4ed827782) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    2010/10/29 19:24:55.0968 SymIM (16460f6fa750b1e7cc827c4c5a2d6a7b) C:\WINDOWS\system32\DRIVERS\SymIM.sys
    2010/10/29 19:24:55.0984 SymIMMP (16460f6fa750b1e7cc827c4c5a2d6a7b) C:\WINDOWS\system32\DRIVERS\SymIM.sys
    2010/10/29 19:24:56.0015 SymIRON (8ae632773b5192dce48f4ec8de753863) C:\WINDOWS\system32\drivers\NAV\1201000.025\Ironx86.SYS
    2010/10/29 19:24:56.0046 SYMTDI (34ff2368b7914d1b29d16aba865e982d) C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMTDI.SYS
    2010/10/29 19:24:56.0093 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    2010/10/29 19:24:56.0125 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    2010/10/29 19:24:56.0171 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2010/10/29 19:24:56.0234 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2010/10/29 19:24:56.0296 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2010/10/29 19:24:56.0328 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2010/10/29 19:24:56.0390 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2010/10/29 19:24:56.0421 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    2010/10/29 19:24:56.0468 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2010/10/29 19:24:56.0515 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    2010/10/29 19:24:56.0562 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2010/10/29 19:24:56.0609 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    2010/10/29 19:24:56.0671 usbccgp (c18d6c74953621346df6b0a11f80c1cc) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2010/10/29 19:24:56.0703 USBCCID (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\WINDOWS\system32\DRIVERS\usbccid.sys
    2010/10/29 19:24:56.0734 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2010/10/29 19:24:56.0750 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2010/10/29 19:24:56.0781 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2010/10/29 19:24:56.0828 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2010/10/29 19:24:56.0875 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2010/10/29 19:24:56.0890 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2010/10/29 19:24:56.0937 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    2010/10/29 19:24:56.0953 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    2010/10/29 19:24:56.0984 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2010/10/29 19:24:57.0031 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2010/10/29 19:24:57.0046 WavxDMgr (fc2606083f35db9c497d6ba9f554d22c) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
    2010/10/29 19:24:57.0109 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    2010/10/29 19:24:57.0140 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2010/10/29 19:24:57.0203 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    2010/10/29 19:24:57.0250 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2010/10/29 19:24:57.0343 ================================================================================
    2010/10/29 19:24:57.0343 Scan finished
    2010/10/29 19:24:57.0343 ================================================================================
    2010/10/29 19:24:57.0343 Detected object count: 1
    2010/10/29 19:25:21.0546 Pcmcia (e159080e844e658d2d5a375be7cc1f76) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    2010/10/29 19:25:21.0562 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\pcmcia.sys. Real md5: e159080e844e658d2d5a375be7cc1f76, Fake md5: 9e89ef60e9ee05e3f2eef2da7397f1c1
    2010/10/29 19:25:28.0890 Backup copy found, using it..
    2010/10/29 19:25:28.0968 C:\WINDOWS\system32\DRIVERS\pcmcia.sys - will be cured after reboot
    2010/10/29 19:25:28.0968 Rootkit.Win32.TDSS.tdl3(Pcmcia) - User select action: Cure
    2010/10/29 19:25:43.0562 Deinitialize success


    ---------------------------
    MBRCheck

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000000c

    Kernel Drivers (total 141):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E4000 \WINDOWS\system32\hal.dll
    0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
    0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
    0xB9F95000 klmdb.sys
    0xB9F67000 ACPI.sys
    0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xB9F56000 pci.sys
    0xBA0A8000 isapnp.sys
    0xBA4BC000 compbatt.sys
    0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
    0xB9F38000 tsk9.tmp
    0xBA0B8000 MountMgr.sys
    0xB9F19000 ftdisk.sys
    0xB9EF3000 dmio.sys
    0xBA328000 PartMgr.sys
    0xBA4C4000 ACPIEC.sys
    0xBA670000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    0xBA0C8000 VolSnap.sys
    0xB9E18000 iaStor.sys
    0xBA0D8000 disk.sys
    0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xB9DF8000 fltMgr.sys
    0xB9DA1000 SYMDS.SYS
    0xB9D8F000 sr.sys
    0xBA0F8000 Lbd.sys
    0xB9CE6000 SYMEFA.SYS
    0xB9CCF000 KSecDD.sys
    0xB9C42000 Ntfs.sys
    0xB9C15000 NDIS.sys
    0xBA108000 PBADRV.sys
    0xBA118000 ohci1394.sys
    0xBA128000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xB9BFB000 Mup.sys
    0xBA218000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xBA228000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xBA238000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xB7688000 \SystemRoot\system32\DRIVERS\ks.sys
    0xB708B000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
    0xB7077000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xB7039000 \SystemRoot\system32\DRIVERS\e1y5132.sys
    0xBA3E8000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xB7015000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xBA3F0000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xB6FED000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xB6EB2000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
    0xB6E9E000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0xB6E8D000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
    0xBA2A8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xB6E60000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
    0xBA2B8000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
    0xB6DE5000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
    0xBA3F8000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xBA400000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xBA594000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0xBA598000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0xBA2D8000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xB6DAD000 \SystemRoot\system32\drivers\srs_PremiumSound_i386.sys
    0xBA78A000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xBA2E8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xBA59C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB6D96000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xBA2F8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xBA308000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xBA408000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xB6D85000 \SystemRoot\system32\DRIVERS\psched.sys
    0xBA318000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xBA410000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xBA418000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xB6D55000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xBA148000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xBA158000 \SystemRoot\system32\DRIVERS\SymIM.sys
    0xBA626000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB6CF7000 \SystemRoot\system32\DRIVERS\update.sys
    0xB9BC7000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xB95A2000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xB9512000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xBA65A000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xA4DA5000 \SystemRoot\system32\drivers\sthda.sys
    0xA4D81000 \SystemRoot\system32\drivers\portcls.sys
    0xBA278000 \SystemRoot\system32\drivers\drmk.sys
    0xA4D65000 \SystemRoot\system32\drivers\AESTAud.sys
    0xA4D45000 \SystemRoot\system32\drivers\IntcHdmi.sys
    0xA44E0000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xBA656000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xA2202000 \SystemRoot\System32\Drivers\Null.SYS
    0xBA65E000 \SystemRoot\System32\Drivers\Beep.SYS
    0xA2C54000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xA2C4C000 \SystemRoot\System32\drivers\vga.sys
    0xBA660000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xBA5B4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xA2C44000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xA2C3C000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xB9BBF000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xA1B92000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xA1B39000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xA1AE0000 \SystemRoot\system32\drivers\NAV\1201000.025\SYMTDI.SYS
    0xA1ABA000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xA1A94000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    0xA4CB5000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xA1A3C000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101026.001\IDSxpx86.sys
    0xA1A14000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xA19F2000 \SystemRoot\System32\drivers\afd.sys
    0xA4CA5000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xA2D5B000 \SystemRoot\system32\DRIVERS\serial.sys
    0xA2324000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xA19CF000 \SystemRoot\system32\drivers\NAV\1201000.025\Ironx86.SYS
    0x9B6D8000 \SystemRoot\system32\drivers\NAV\1201000.025\SRTSPX.SYS
    0x99E01000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x99D91000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x9B6C8000 \SystemRoot\System32\Drivers\Fips.SYS
    0x9B6B8000 \SystemRoot\System32\Drivers\cvusbdrv.sys
    0x9B6A8000 \SystemRoot\system32\DRIVERS\usbccid.sys
    0x9C0BB000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
    0x99D33000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    0x99D16000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    0x99C6A000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101001.001\BHDrvx86.sys
    0x9B678000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0x99B8F000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0xBF800000 \SystemRoot\System32\win32k.sys
    0x9BAEF000 \SystemRoot\System32\drivers\Dxapi.sys
    0x9BA00000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xA21AB000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF024000 \SystemRoot\System32\igxpgd32.dll
    0xBF012000 \SystemRoot\System32\igxprd32.dll
    0xBF058000 \SystemRoot\System32\igxpdv32.DLL
    0xBF2E8000 \SystemRoot\System32\igxpdx32.DLL
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0x99B1D000 \SystemRoot\system32\DRIVERS\WavxDMgr.sys
    0xA4B0F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x99AA0000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0x999FE000 \SystemRoot\system32\DRIVERS\srv.sys
    0x9960D000 \SystemRoot\system32\drivers\NAV\1201000.025\SRTSP.SYS
    0x994BF000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101027.033\NAVEX15.SYS
    0x994AB000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101027.033\NAVENG.SYS
    0x993A6000 \SystemRoot\system32\drivers\wdmaud.sys
    0xB9552000 \SystemRoot\system32\drivers\sysaudio.sys
    0x998CA000 \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
    0x98CCB000 \SystemRoot\System32\Drivers\HTTP.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 41):
    0 System Idle Process
    4 System
    1216 C:\WINDOWS\system32\smss.exe
    1296 csrss.exe
    1320 C:\WINDOWS\system32\winlogon.exe
    1364 C:\WINDOWS\system32\services.exe
    1376 C:\WINDOWS\system32\lsass.exe
    1528 C:\WINDOWS\system32\svchost.exe
    1612 svchost.exe
    1652 C:\WINDOWS\system32\svchost.exe
    1804 svchost.exe
    1832 svchost.exe
    280 C:\WINDOWS\system32\WLTRYSVC.EXE
    324 C:\WINDOWS\system32\BCMWLTRY.EXE
    352 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    428 C:\WINDOWS\system32\spoolsv.exe
    484 C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
    496 C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
    516 scardsvr.exe
    912 C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
    992 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    1044 C:\WINDOWS\system32\svchost.exe
    1068 C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    1596 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    1724 C:\WINDOWS\system32\searchindexer.exe
    2040 C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
    624 wmiprvse.exe
    804 C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
    2144 unsecapp.exe
    2324 alg.exe
    2908 C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
    3436 C:\WINDOWS\system32\wuauclt.exe
    3456 C:\WINDOWS\explorer.exe
    3464 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    3640 C:\Program Files\IDT\WDM\sttray.exe
    3648 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    3660 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
    3668 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    3976 C:\WINDOWS\system32\searchprotocolhost.exe
    3992 searchfilterhost.exe
    3808 C:\Documents and Settings\Craig\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02800000 (NTFS)

    PhysicalDrive0 Model Number: WDCWD1600BEVT-75ZCT2, Rev: 11.01A11

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Dell Inspiron MBR code detected
    SHA1: AE3E0A945D44C8EA304A19A8F50F69065C34344B


    Done!
  9. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    MBR looks fine...

    1. Run updated MBAM and post fresh log.

    2. Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  10. certifiablejeep

    certifiablejeep TS Rookie Topic Starter

    Hi there.
    mbam ran fine and the log is attached. When I ran combofix it gave me a blue screen and said that some value wasn't equal to something... I didn't write it down, but didn't want to run this again until I heard from you.

    Thanks
    Craig

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4994

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    10/30/2010 8:46:30 AM
    mbam-log-2010-10-30 (08-46-30).txt

    Scan type: Quick scan
    Objects scanned: 146282
    Time elapsed: 5 minute(s), 4 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  11. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Delete your Combofix file, download fresh one, but rename combofix.exe to broni.exe BEFORE saving it to your desktop.
    Run it.
     
  12. certifiablejeep

    certifiablejeep TS Rookie Topic Starter

    OK, that one worked.

    ComboFix 10-10-30.01 - Craig 10/30/2010 16:18:21.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3536.2958 [GMT -4:00]
    Running from: c:\documents and settings\Craig\Desktop\broni.exe
    AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
    .

    ((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-30 )))))))))))))))))))))))))))))))
    .

    2010-10-28 00:32 . 2010-10-28 00:32 -------- d-----w- c:\documents and settings\Craig\Application Data\Malwarebytes
    2010-10-28 00:32 . 2010-10-28 00:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-10-28 00:32 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-28 00:32 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-28 00:32 . 2010-10-28 00:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-28 00:23 . 2010-10-28 00:23 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-10-27 02:03 . 2010-10-27 02:03 11701704 ----a-w- C:\abc.exe
    2010-10-26 03:11 . 2010-10-26 03:11 -------- d-----w- c:\documents and settings\Craig\Application Data\SUPERAntiSpyware.com
    2010-10-26 03:11 . 2010-10-26 03:11 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2010-10-26 02:58 . 2010-07-22 01:27 43952 ----a-r- c:\windows\system32\drivers\SymIM.sys
    2010-10-26 02:53 . 2010-10-26 03:21 -------- d-----w- c:\program files\Hitman Pro 3.5
    2010-10-26 02:52 . 2010-10-26 02:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
    2010-10-26 02:31 . 2010-10-26 02:33 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2010-10-26 02:31 . 2010-10-26 02:31 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2010-10-26 02:31 . 2010-10-26 02:31 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-10-26 02:31 . 2010-10-26 02:31 -------- d-----w- c:\program files\Symantec
    2010-10-26 02:31 . 2010-10-26 02:31 -------- d-----w- c:\windows\system32\drivers\NAV
    2010-10-26 02:31 . 2010-10-26 02:31 -------- d-----w- c:\program files\Norton AntiVirus
    2010-10-26 02:31 . 2010-10-26 02:31 -------- d-----w- c:\program files\Windows Sidebar
    2010-10-26 02:09 . 2010-10-26 02:09 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
    2010-10-26 01:46 . 2010-10-30 00:45 -------- d-----w- C:\death
    2010-10-26 01:42 . 2010-10-26 01:42 -------- d-s---w- c:\documents and settings\Administrator\UserData
    2010-10-24 19:19 . 2010-09-23 07:46 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-10-24 18:20 . 2010-09-23 07:46 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-10-24 18:19 . 2010-10-24 18:19 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
    2010-10-24 18:19 . 2010-10-24 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2010-10-24 18:19 . 2010-10-24 18:19 -------- d-----w- c:\program files\Lavasoft

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-29 23:26 . 2008-04-14 00:06 120192 ----a-w- c:\windows\system32\drivers\pcmcia.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
    @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
    [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
    2009-01-14 15:24 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
    @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
    [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
    2009-01-14 15:24 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-17 483420]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 wvauth

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/24/2010 2:20 PM 64288]
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1201000.025\SymDS.sys [10/25/2010 10:31 PM 339504]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1201000.025\SymEFA.sys [10/25/2010 10:31 PM 666672]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101001.001\BHDrvx86.sys [8/31/2010 6:57 PM 692272]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1201000.025\Ironx86.sys [10/25/2010 10:31 PM 134704]
    R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [12/29/2008 12:07 PM 320800]
    R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [1/22/2009 11:19 AM 808296]
    R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [1/22/2009 11:19 AM 20840]
    R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2/6/2009 9:06 PM 443168]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/23/2010 3:46 AM 1357464]
    R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe [10/25/2010 10:31 PM 126904]
    R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [6/13/2009 6:21 PM 112512]
    R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [6/13/2009 6:21 PM 32808]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [6/13/2009 6:21 PM 244368]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/25/2010 10:45 PM 102448]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101028.001\IDSXpx86.sys [10/29/2010 9:05 PM 341880]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [6/13/2009 6:21 PM 109568]
    R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [6/13/2009 3:45 PM 232744]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [9/23/2010 3:46 AM 15008]
    S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
    S4 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [4/19/2007 6:56 AM 133968]
    S4 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [3/1/2009 7:09 PM 77824]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-23 00:23]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.certifiablejeep.com/
    mStart Page = about:blank
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} -
    FF - ProfilePath - c:\documents and settings\Craig\Application Data\Mozilla\Firefox\Profiles\eghensri.default\
    FF - prefs.js: browser.startup.homepage - hxxp://news.yahoo.com/
    FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll
    FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npwbe.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    .
    - - - - ORPHANS REMOVED - - - -

    SafeBoot-klmdb.sys
    AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Craig\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe



    **************************************************************************
    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]
    "ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.1.0.37\diMaster.dll\" /prefetch:1"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'lsass.exe'(1392)
    c:\windows\system32\wvauth.dll

    - - - - - - - > 'explorer.exe'(2236)
    c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
    .
    Completion time: 2010-10-30 16:24:23
    ComboFix-quarantined-files.txt 2010-10-30 20:24

    Pre-Run: 119,111,471,104 bytes free
    Post-Run: 119,052,169,216 bytes free

    - - End Of File - - CE78309B027CE687AB666142DB8645B7
  13. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    It looks good :)

    What are the current issues?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  14. certifiablejeep

    certifiablejeep TS Rookie Topic Starter

    currently I am not seeing any issues.
    I am at work now, but when I get home tonight I will run the OTL thing you mentioned.

    Thanks again for this.

    Craig
  15. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    You're very welcome [​IMG]
  16. certifiablejeep

    certifiablejeep TS Rookie Topic Starter

    2 days now and things look good...thanks again.

    OTL logfile created on: 11/1/2010 9:02:54 PM - Run 1
    OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\Craig\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 83.00% Memory free
    5.00 Gb Paging File | 5.00 Gb Available in Paging File | 91.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.01 Gb Total Space | 110.85 Gb Free Space | 74.39% Space Free | Partition Type: NTFS

    Computer Name: CB_LAP | User Name: Craig | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/01 20:38:20 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Craig\Desktop\OTL.exe
    PRC - [2010/10/27 20:23:06 | 001,357,464 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    PRC - [2010/10/27 20:23:06 | 000,864,624 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    PRC - [2010/07/23 01:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
    PRC - [2009/03/16 21:57:38 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
    PRC - [2009/02/11 18:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2009/02/11 18:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2009/02/06 21:06:56 | 000,443,168 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
    PRC - [2009/01/22 11:19:20 | 000,808,296 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
    PRC - [2009/01/22 11:19:20 | 000,020,840 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
    PRC - [2009/01/14 11:23:50 | 000,991,232 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    PRC - [2008/12/29 12:07:28 | 000,320,800 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
    PRC - [2008/12/04 17:03:00 | 000,226,640 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    PRC - [2008/06/11 23:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/11/01 20:38:20 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Craig\Desktop\OTL.exe


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2010/10/27 20:23:06 | 001,357,464 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
    SRV - [2010/07/23 01:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe -- (NAV)
    SRV - [2009/06/13 15:49:10 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009/03/16 21:57:26 | 000,254,034 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- c:\drivers\audio\R213367\stacsv.exe -- (STacSV)
    SRV - [2009/03/01 19:09:22 | 000,077,824 | ---- | M] (Smith Micro Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe -- (SMManager)
    SRV - [2009/02/11 18:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2009/02/06 21:06:56 | 000,443,168 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
    SRV - [2009/01/22 11:19:20 | 000,808,296 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
    SRV - [2009/01/22 11:19:20 | 000,020,840 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
    SRV - [2009/01/14 11:23:50 | 000,991,232 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
    SRV - [2008/12/29 12:07:28 | 000,320,800 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32)
    SRV - [2008/12/12 10:54:00 | 000,638,976 | ---- | M] (Wave Systems Corp.) [Disabled | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
    SRV - [2008/12/04 17:03:00 | 000,226,640 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2008/11/12 14:25:48 | 001,273,856 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
    SRV - [2007/04/19 06:56:36 | 000,133,968 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NvtSp50.sys -- (NvtSp50)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Craig\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2010/10/25 22:45:04 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101101.035\NAVEX15.SYS -- (NAVEX15)
    DRV - [2010/10/25 22:45:04 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2010/10/25 22:45:04 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101101.035\NAVENG.SYS -- (NAVENG)
    DRV - [2010/10/25 22:31:52 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2010/10/19 16:36:22 | 000,341,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101029.001\IDSXpx86.sys -- (IDSxpx86)
    DRV - [2010/09/23 03:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
    DRV - [2010/09/23 03:46:08 | 000,015,008 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
    DRV - [2010/08/31 18:57:04 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101029.001\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2010/08/13 05:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2010/07/28 23:33:05 | 000,666,672 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMEFA.SYS -- (SymEFA)
    DRV - [2010/07/28 22:54:36 | 000,489,008 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NAV\1201000.025\SRTSP.SYS -- (SRTSP)
    DRV - [2010/07/28 22:54:36 | 000,050,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1201000.025\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV - [2010/07/21 21:27:14 | 000,043,952 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
    DRV - [2010/07/21 21:27:14 | 000,043,952 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
    DRV - [2010/07/12 21:20:22 | 000,369,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMTDI.SYS -- (SYMTDI)
    DRV - [2010/06/27 00:05:55 | 000,134,704 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1201000.025\Ironx86.SYS -- (SymIRON)
    DRV - [2010/06/13 06:50:57 | 000,339,504 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMDS.SYS -- (SymDS)
    DRV - [2009/06/13 15:42:49 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2009/04/22 18:39:50 | 000,329,752 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
    DRV - [2009/04/03 00:25:50 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2009/03/24 16:33:38 | 000,232,744 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service)
    DRV - [2009/03/16 21:57:30 | 001,545,795 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2009/03/16 21:57:12 | 000,112,512 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
    DRV - [2009/03/01 19:01:04 | 000,027,072 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
    DRV - [2009/02/26 17:08:52 | 000,109,568 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
    DRV - [2009/02/26 17:08:34 | 006,278,560 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
    DRV - [2009/02/22 18:59:26 | 000,244,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel(R)
    DRV - [2009/02/22 17:51:20 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2009/01/22 11:16:14 | 000,032,808 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cvusbdrv.sys -- (cvusbdrv)
    DRV - [2009/01/16 17:41:06 | 000,208,824 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)
    DRV - [2008/07/22 17:27:04 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
    DRV - [2008/06/04 14:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)
    DRV - [2008/04/14 08:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/14 08:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2008/04/14 08:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2008/04/14 01:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2008/02/20 22:19:56 | 000,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
    DRV - [2001/08/17 22:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2001/08/17 22:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/17 22:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/17 22:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/17 22:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 21:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2001/08/17 21:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2001/08/17 21:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2001/08/17 21:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2001/08/17 21:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2001/08/17 21:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2001/08/17 21:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2001/08/17 21:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2001/08/17 21:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2001/08/17 21:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USREL/1

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.certifiablejeep.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://news.yahoo.com/"
    FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0

    FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
    FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2010/10/25 22:32:05 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/01 06:46:54 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/13 06:48:44 | 000,000,000 | ---D | M]

    [2009/06/24 18:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Craig\Application Data\Mozilla\Extensions
    [2009/06/24 18:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\eghensri.default\extensions
    [2010/10/25 22:35:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2009/11/20 14:34:44 | 000,218,624 | ---- | M] (Starfield Technology, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwbe.dll

    Hosts file not found
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\IPSBHO.dll (Symantec Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Craig\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Craig\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
    O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
    Drivers32: VIDC.YV12 - C:\WINDOWS\System32\xvidvfw.dll ()

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/01 20:38:20 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Craig\Desktop\OTL.exe
    [2010/10/30 16:17:23 | 000,000,000 | ---D | C] -- C:\broni
    [2010/10/30 08:53:17 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/10/30 08:51:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/10/30 08:51:35 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/10/30 08:51:35 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/10/30 08:51:35 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/10/30 08:51:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/10/30 08:51:13 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/10/28 06:35:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Craig\Desktop\techspot
    [2010/10/28 06:30:48 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Craig\Desktop\TFC.exe
    [2010/10/27 20:32:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Craig\Application Data\Malwarebytes
    [2010/10/27 20:32:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/10/27 20:32:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/10/27 20:32:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/10/27 20:32:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/10/27 20:23:11 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2010/10/26 17:30:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
    [2010/10/25 23:11:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Craig\Application Data\SUPERAntiSpyware.com
    [2010/10/25 23:11:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2010/10/25 22:58:33 | 000,043,952 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
    [2010/10/25 22:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
    [2010/10/25 22:52:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
    [2010/10/25 22:31:52 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
    [2010/10/25 22:31:52 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
    [2010/10/25 22:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
    [2010/10/25 22:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
    [2010/10/25 22:31:36 | 000,666,672 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymEFA.sys
    [2010/10/25 22:31:36 | 000,489,008 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\srtsp.sys
    [2010/10/25 22:31:36 | 000,369,072 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\symtdi.sys
    [2010/10/25 22:31:36 | 000,339,504 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymDS.sys
    [2010/10/25 22:31:36 | 000,331,312 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\symtdiv.sys
    [2010/10/25 22:31:36 | 000,294,448 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\symnets.sys
    [2010/10/25 22:31:36 | 000,134,704 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\Ironx86.sys
    [2010/10/25 22:31:36 | 000,050,096 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\srtspx.sys
    [2010/10/25 22:31:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV
    [2010/10/25 22:31:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV\1201000.025
    [2010/10/25 22:31:08 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
    [2010/10/25 22:31:08 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
    [2010/10/25 21:46:06 | 000,000,000 | ---D | C] -- C:\death
    [2010/10/24 14:20:13 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
    [2010/10/24 14:19:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
    [2010/10/24 14:19:37 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
    [2010/10/24 14:19:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
    [2010/10/15 07:02:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Craig\My Documents\New Folder (6)

    ========== Files - Modified Within 30 Days ==========

    [2010/11/01 20:38:20 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Craig\Desktop\OTL.exe
    [2010/11/01 20:37:24 | 000,467,482 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/11/01 20:37:24 | 000,080,280 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/11/01 20:33:58 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2010/11/01 20:32:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/11/01 20:32:50 | 3707,658,240 | -HS- | M] () -- C:\hiberfil.sys
    [2010/11/01 06:30:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/10/30 17:44:19 | 000,085,504 | ---- | M] () -- C:\WINDOWS\MBR.exe
    [2010/10/30 16:16:55 | 003,896,496 | R--- | M] () -- C:\Documents and Settings\Craig\Desktop\broni.exe
    [2010/10/30 08:53:20 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2010/10/29 18:46:12 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Craig\Desktop\MBRCheck.exe
    [2010/10/29 18:45:56 | 001,207,026 | ---- | M] () -- C:\Documents and Settings\Craig\Desktop\tdsskiller.zip
    [2010/10/29 18:41:59 | 000,019,433 | ---- | M] () -- C:\Documents and Settings\Craig\Desktop\wanted.xlsx
    [2010/10/28 06:38:08 | 000,545,280 | ---- | M] () -- C:\Documents and Settings\Craig\Desktop\dds.scr
    [2010/10/28 06:37:58 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\Craig\Desktop\drs648yb.exe
    [2010/10/28 06:30:51 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Craig\Desktop\TFC.exe
    [2010/10/27 20:59:48 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/27 20:24:31 | 001,729,668 | ---- | M] () -- C:\Documents and Settings\Craig\Desktop\ProcessExplorer.zip
    [2010/10/27 20:23:11 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2010/10/25 23:27:37 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\Craig\Desktop\SpyBot.lnk
    [2010/10/25 22:58:31 | 000,513,838 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\Cat.DB
    [2010/10/25 22:31:52 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
    [2010/10/25 22:31:52 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
    [2010/10/25 22:31:52 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
    [2010/10/25 22:31:52 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
    [2010/10/25 22:31:49 | 000,001,887 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK
    [2010/10/24 14:19:52 | 000,000,887 | ---- | M] () -- C:\Documents and Settings\Craig\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
    [2010/10/24 14:19:52 | 000,000,869 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
    [2010/10/24 13:41:08 | 000,000,679 | ---- | M] () -- C:\Documents and Settings\Craig\Desktop\Shortcut to HijackThis.exe.lnk
    [2010/10/10 09:00:41 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\Craig\Desktop\mortgage-payment-calculator.xls

    ========== Files Created - No Company Name ==========

    [2010/10/30 08:53:20 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/10/30 08:53:18 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/10/30 08:51:35 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/10/30 08:51:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/10/30 08:51:35 | 000,085,504 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/10/30 08:51:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/10/30 08:51:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/10/30 08:42:31 | 003,896,496 | R--- | C] () -- C:\Documents and Settings\Craig\Desktop\broni.exe
    [2010/10/29 18:46:12 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Craig\Desktop\MBRCheck.exe
    [2010/10/29 18:45:54 | 001,207,026 | ---- | C] () -- C:\Documents and Settings\Craig\Desktop\tdsskiller.zip
    [2010/10/28 06:38:08 | 000,545,280 | ---- | C] () -- C:\Documents and Settings\Craig\Desktop\dds.scr
    [2010/10/28 06:37:58 | 000,294,912 | ---- | C] () -- C:\Documents and Settings\Craig\Desktop\drs648yb.exe
    [2010/10/27 20:32:10 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/27 20:24:19 | 001,729,668 | ---- | C] () -- C:\Documents and Settings\Craig\Desktop\ProcessExplorer.zip
    [2010/10/27 06:23:48 | 3707,658,240 | -HS- | C] () -- C:\hiberfil.sys
    [2010/10/25 22:31:55 | 000,513,838 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\Cat.DB
    [2010/10/25 22:31:52 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
    [2010/10/25 22:31:52 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
    [2010/10/25 22:31:49 | 000,001,887 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK
    [2010/10/25 22:31:19 | 000,003,373 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymEFA.inf
    [2010/10/25 22:31:19 | 000,002,792 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymDS.inf
    [2010/10/25 22:31:19 | 000,001,473 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymNetV.inf
    [2010/10/25 22:31:19 | 000,001,445 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymNet.inf
    [2010/10/25 22:31:19 | 000,001,389 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\srtspx.inf
    [2010/10/25 22:31:19 | 000,001,383 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\srtsp.inf
    [2010/10/25 22:31:19 | 000,000,741 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\Iron.inf
    [2010/10/25 22:31:10 | 000,007,787 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\symnetv.cat
    [2010/10/25 22:31:10 | 000,007,446 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymNet.cat
    [2010/10/25 22:31:10 | 000,007,444 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymEFA.cat
    [2010/10/25 22:31:10 | 000,007,442 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\srtspx.cat
    [2010/10/25 22:31:10 | 000,007,438 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymDS.cat
    [2010/10/25 22:31:10 | 000,007,438 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\srtsp.cat
    [2010/10/25 22:31:10 | 000,007,438 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\iron.cat
    [2010/10/25 22:31:10 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\isolate.ini
    [2010/10/24 15:19:58 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
    [2010/10/24 14:23:15 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2010/10/24 14:19:52 | 000,000,887 | ---- | C] () -- C:\Documents and Settings\Craig\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
    [2010/10/24 14:19:52 | 000,000,869 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
    [2010/10/24 13:41:08 | 000,000,679 | ---- | C] () -- C:\Documents and Settings\Craig\Desktop\Shortcut to HijackThis.exe.lnk
    [2010/10/08 07:25:05 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\Craig\Desktop\mortgage-payment-calculator.xls
    [2010/08/05 06:45:50 | 000,000,579 | ---- | C] () -- C:\Documents and Settings\Craig\Application Data\AutoGK.ini
    [2009/06/24 11:33:31 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\Craig\Local Settings\Application Data\setup.txt
    [2009/06/13 18:20:38 | 000,001,157 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2009/06/13 15:58:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2009/06/13 15:45:19 | 000,232,744 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_PremiumSound_i386.sys
    [2009/06/13 15:42:57 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
    [2009/06/13 15:36:29 | 000,279,888 | ---- | C] () -- C:\WINDOWS\System32\brcmbsp.dll
    [2009/06/13 15:36:20 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
    [2009/03/01 19:01:02 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\preflib.dll
    [2009/01/25 17:10:48 | 000,179,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2009/01/08 19:01:22 | 000,629,760 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2008/12/22 13:13:54 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
    [2008/12/19 19:59:18 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_tr.dll
    [2008/12/19 19:59:16 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ro.dll
    [2008/12/19 19:59:16 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt-BR.dll
    [2008/12/19 19:59:14 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_hu.dll
    [2008/12/19 19:59:14 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_he.dll
    [2008/12/19 19:59:12 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fi.dll
    [2008/12/19 19:59:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_el.dll
    [2008/12/19 19:59:10 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_cs.dll
    [2008/12/19 19:59:08 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ar.dll
    [2008/12/19 19:59:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
    [2008/12/19 19:59:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
    [2008/12/19 19:59:04 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_sv.dll
    [2008/12/19 19:59:04 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
    [2008/12/19 19:59:02 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
    [2008/12/19 19:59:00 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pl.dll
    [2008/12/19 19:59:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_no.dll
    [2008/12/19 19:58:58 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_nl.dll
    [2008/12/19 19:58:56 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
    [2008/12/19 19:58:56 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
    [2008/12/19 19:58:54 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
    [2008/12/19 19:58:54 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
    [2008/12/19 19:58:52 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
    [2008/12/19 19:58:50 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
    [2008/12/19 19:58:48 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_da.dll
    [2008/12/11 16:51:36 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\Wavx_ESC_Logging.dll
    [2008/12/11 13:59:48 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
    [2008/12/11 13:59:46 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
    [2008/12/11 13:59:46 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
    [2008/12/11 13:59:46 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
    [2008/12/11 13:59:44 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
    [2008/12/11 13:59:44 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
    [2008/12/11 13:59:42 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
    [2008/12/11 13:59:42 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
    [2008/12/11 13:59:40 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\AmRes_da.dll
    [2008/12/11 13:59:40 | 000,479,232 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
    [2008/12/11 13:59:40 | 000,475,136 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
    [2008/12/11 13:59:38 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_nl.dll
    [2008/12/11 13:59:38 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_no.dll
    [2008/12/11 13:59:36 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pl.dll
    [2008/12/11 13:59:36 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\AmRes_sv.dll
    [2008/12/11 13:59:36 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ar.dll
    [2008/12/11 13:59:34 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_el.dll
    [2008/12/11 13:59:34 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_cs.dll
    [2008/12/11 13:59:34 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fi.dll
    [2008/12/11 13:59:34 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\AmRes_he.dll
    [2008/12/11 13:59:32 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-PT.dll
    [2008/12/11 13:59:32 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_hu.dll
    [2008/12/11 13:59:30 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ro.dll
    [2008/12/11 13:59:30 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\AmRes_tr.dll
    [2008/12/11 13:56:30 | 000,544,768 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
    [2008/10/06 19:36:56 | 000,839,680 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
    [2008/04/25 17:42:40 | 000,064,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2008/04/25 17:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2008/04/25 05:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2008/03/25 10:46:00 | 000,077,536 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
    [2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
    [2007/04/19 06:52:16 | 000,080,720 | ---- | C] () -- C:\WINDOWS\System32\AsfBios.dll
    [2007/04/19 06:28:10 | 000,025,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\netamsg.dll
    [2006/06/30 13:58:44 | 000,176,128 | R--- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
    [2006/06/30 13:58:44 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\bioapi100.dll
    [2006/06/12 09:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll
    [2004/09/10 14:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
    [2004/09/10 14:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll

    ========== LOP Check ==========

    [2009/06/13 15:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
    [2010/10/25 22:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
    [2009/06/13 15:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
    [2009/09/03 12:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
    [2010/10/24 14:19:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
    [2009/06/13 15:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Craig\Application Data\Broadcom
    [2009/08/12 21:17:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Craig\Application Data\Van **** Technologies
    [2009/06/13 15:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Craig\Application Data\Wave Systems Corp
    [2009/06/13 15:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Craig\Application Data\Windows Desktop Search
    [2009/06/24 11:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Craig\Application Data\Windows Search
    [2010/11/01 20:33:58 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/08/05 21:41:47 | 000,168,756 | ---- | M] () -- C:\100_0380.jpg
    [2009/08/05 21:42:55 | 000,159,994 | ---- | M] () -- C:\100_0384.jpg
    [2010/11/01 20:32:49 | 000,006,940 | ---- | M] () -- C:\aaw7boot.log
    [2010/10/26 22:03:31 | 011,701,704 | ---- | M] (Microsoft Corporation) -- C:\abc.exe
    [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2009/06/24 11:33:12 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/10/30 08:53:20 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2010/10/30 16:24:24 | 000,011,063 | ---- | M] () -- C:\ComboFix.txt
    [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2009/06/13 18:24:01 | 000,004,886 | RH-- | M] () -- C:\dell.sdr
    [2009/09/13 12:59:18 | 000,018,907 | ---- | M] () -- C:\dm_160x450_jun1109_025.jpg
    [2010/11/01 20:32:50 | 3707,658,240 | -HS- | M] () -- C:\hiberfil.sys
    [2008/04/25 17:29:32 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2010/09/27 09:43:15 | 000,247,079 | ---- | M] () -- C:\isitbern.jpg
    [2008/04/25 17:29:32 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
    [2008/04/14 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/04/14 08:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/11/01 20:32:49 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2010/10/26 18:06:49 | 000,000,026 | ---- | M] () -- C:\used.txt

    < %systemroot%\Fonts\*.com >
    [2006/04/20 04:21:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/07/03 06:37:10 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/20 04:21:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/07/03 06:37:12 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2008/04/25 17:29:00 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/10/15 00:43:18 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2006/10/15 00:44:44 | 000,671,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\PrintFilterPipelineSvc.exe
  17. certifiablejeep

    certifiablejeep TS Rookie Topic Starter

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2008/12/04 23:55:20 | 000,307,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/04/25 05:21:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2008/04/25 05:21:09 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2008/04/25 05:21:09 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/04/25 17:29:41 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/06/24 11:33:39 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Craig\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2008/04/25 17:33:01 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Craig\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2010/10/30 16:16:55 | 003,896,496 | R--- | M] () -- C:\Documents and Settings\Craig\Desktop\broni.exe
    [2010/10/28 06:37:58 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\Craig\Desktop\drs648yb.exe
    [2010/10/29 18:46:12 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Craig\Desktop\MBRCheck.exe
    [2010/11/01 20:38:20 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Craig\Desktop\OTL.exe
    [2010/10/28 06:30:51 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Craig\Desktop\TFC.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2008/04/14 08:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/06/24 11:33:38 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Craig\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2010/11/01 20:35:27 | 000,409,600 | ---- | M] () -- C:\Documents and Settings\Craig\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2008/04/14 08:00:00 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/14 08:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2007/04/03 07:37:24 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2007/04/03 07:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/14 07:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/14 13:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2007/04/03 07:37:24 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2007/04/03 07:37:24 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2007/04/03 07:37:26 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2007/04/03 07:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2007/04/03 07:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >




    OTL Extras logfile created on: 11/1/2010 9:02:54 PM - Run 1
    OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\Craig\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 83.00% Memory free
    5.00 Gb Paging File | 5.00 Gb Available in Paging File | 91.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.01 Gb Total Space | 110.85 Gb Free Space | 74.39% Space Free | Partition Type: NTFS

    Computer Name: CB_LAP | User Name: Craig | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
    "{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
    "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
    "{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
    "{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
    "{173497F1-F291-4AA7-943E-61CB9378771D}" = SO32MMWrapper
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{2220CF3A-EBD6-4070-94D0-0C7337B537A7}" = All Day Battery Life Configuration
    "{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}" = Intel(R) Network Connections 13.0.42.0
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
    "{299CF645-48C7-4FA1-8BCD-5CE200CF180D}" = Microsoft Search Enhancement Pack
    "{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
    "{41573DB1-9DAA-43C7-BCBC-49696A648079}" = Dell ControlPoint Connection Manager
    "{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
    "{4994A7CB-2BF4-4664-8FCE-DB66055ECEBC}" = Broadcom USH Host Components
    "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
    "{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}" = Windows Live Sign-in Assistant
    "{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
    "{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
    "{62F29D1C-D526-40F4-B4D0-840F043C2CC1}" = Dell ControlPoint System Manager
    "{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
    "{6705BBE4-4664-40C6-9C1B-0330FA300A5C}" = DCP32MMWrapper
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
    "{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
    "{6EA8A52B-8EA1-4A59-85AB-48132299061A}" = Intel(R) PRO Alerting Agent
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8E1E6C75-D67B-48B0-B539-EDCA99C29C9E}" = Dell Control Point
    "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{91120000-0013-0000-0000-0000000FF1CE}" = Microsoft Office Basic 2007
    "{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch
    "{9C875FEA-B49E-49F7-AE62-0F9B91F90982}" = SRS Premium Sound
    "{9EDA3DD1-130D-4EE1-A3D2-5A3D795CC8C9}" = MFCLOC
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A23C3636-4F99-4A34-972C-F395E85DFEC0}" = Wave Infrastructure Installer
    "{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
    "{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
    "{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
    "{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
    "{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C5CFF65B-1E1E-489E-86E2-C2A3AF4C88D9}" = Web-Based Email Tools
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
    "{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
    "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
    "{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
    "{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
    "{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
    "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
    "{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
    "{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
    "{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
    "9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
    "Ad-Aware" = Ad-Aware
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Photoshop 6.0" = Adobe Photoshop 6.0
    "AviSynth" = AviSynth 2.5
    "BASICR" = Microsoft Office Basic 2007
    "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
    "HijackThis" = HijackThis 1.99.0
    "InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
    "InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
    "InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
    "InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
    "InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
    "InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
    "InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
    "InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
    "Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
    "NAV" = Norton AntiVirus
    "Office14.VISIOR" = Microsoft Visio Premium 2010
    "VuePrint" = VuePrint
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
    "XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 10/25/2010 10:17:17 PM | Computer Name = CB_LAP | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 10/25/2010 10:17:17 PM | Computer Name = CB_LAP | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 10/25/2010 10:17:17 PM | Computer Name = CB_LAP | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 10/25/2010 10:17:17 PM | Computer Name = CB_LAP | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 10/25/2010 11:09:26 PM | Computer Name = CB_LAP | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 1.9.0.3725, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 10/26/2010 5:59:04 PM | Computer Name = CB_LAP | Source = Application Error | ID = 1000
    Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x001a624b.

    Error - 10/26/2010 9:57:31 PM | Computer Name = CB_LAP | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 1.9.0.3725, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 10/26/2010 9:57:43 PM | Computer Name = CB_LAP | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 1.9.0.3725, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 10/27/2010 6:25:49 AM | Computer Name = CB_LAP | Source = Application Error | ID = 1000
    Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x001a624b.

    Error - 10/28/2010 8:30:38 PM | Computer Name = CB_LAP | Source = Application Error | ID = 1004
    Description = Faulting application svchost.exe, version 0.0.0.0, faulting module
    unknown, version 0.0.0.0, fault address 0x00000000.

    [ System Events ]
    Error - 10/29/2010 7:23:37 PM | Computer Name = CB_LAP | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the Schedule service.

    Error - 10/29/2010 7:24:41 PM | Computer Name = CB_LAP | Source = Service Control Manager | ID = 7032
    Description = The Service Control Manager tried to take a corrective action (Restart
    the service) after the unexpected termination of the Windows Management Instrumentation
    service, but this action failed with the following error: %%1056

    Error - 10/29/2010 7:26:38 PM | Computer Name = CB_LAP | Source = sr | ID = 1
    Description = The System Restore filter encountered the unexpected error '0xC0000001'
    while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
    the volume.

    Error - 10/29/2010 8:42:56 PM | Computer Name = CB_LAP | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.0.2 for the Network Card with network
    address 0024E8B02DB0 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
    sent a DHCPNACK message).

    Error - 10/30/2010 8:55:32 AM | Computer Name = CB_LAP | Source = Service Control Manager | ID = 7034
    Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 10/30/2010 4:09:25 PM | Computer Name = CB_LAP | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.0.4 for the Network Card with network
    address 0024E8B02DB0 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
    sent a DHCPNACK message).

    Error - 10/30/2010 4:10:06 PM | Computer Name = CB_LAP | Source = System Error | ID = 1003
    Description = Error code 1000000a, parameter1 00000016, parameter2 0000001c, parameter3
    00000000, parameter4 804fa276.

    Error - 10/30/2010 4:18:10 PM | Computer Name = CB_LAP | Source = Service Control Manager | ID = 7034
    Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 11/1/2010 6:35:31 AM | Computer Name = CB_LAP | Source = iaStor | ID = 262153
    Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
    period.

    Error - 11/1/2010 8:52:59 PM | Computer Name = CB_LAP | Source = iaStor | ID = 262153
    Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
    period.


    < End of report >
  18. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Good news indeed :)

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ===================================================================

    OTL log looks perfectly clean (rare) :)

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  19. certifiablejeep

    certifiablejeep TS Rookie Topic Starter

    I tried to run the Java stuff, but my registry seems to think I have an older version when I click on the Java icon in the Control Panel... either way, I installed the new version of Java and the old one is not there after running JavaRa, so we are good now with that.

    I ran the SecurityCheck.exe

    Results of screen317's Security Check version 0.99.5
    Windows XP Service Pack 3
    Internet Explorer 6 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Norton AntiVirus
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Ad-Aware
    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 22
    Out of date Java installed!
    Adobe Flash Player 10.0.22.87
    Mozilla Firefox (3.0.19) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Norton ccSvcHst.exe
    Ad-Aware AAWService.exe
    Ad-Aware AAWTray.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

    ``````````End of Log````````````


    I ran the file cleaner as well... I didn't get to the last bit yet... not sure if it was required or not as it was a free scan and not sure how long it was going to take and I only had 15 minutes.

    Craig
  20. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Yes, I need Eset log.
  21. certifiablejeep

    certifiablejeep TS Rookie Topic Starter

    OK, here is the Eset log... it founds something.

    Craig

    C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP242\A0016022.dll Win32/Olmarik.ADF trojan
    C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP242\A0016023.dll a variant of Win32/Kryptik.HQY trojan
  22. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    That is in your restore points, which we're about to reset. Nothing to worry about :)

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how is your computer doing.
  23. certifiablejeep

    certifiablejeep TS Rookie Topic Starter

    Things ran well... thanks again for all the help.

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Craig
    ->Temp folder emptied: 137024 bytes
    ->Temporary Internet Files folder emptied: 355441 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 76525892 bytes
    ->Flash cache emptied: 405 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 65984 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 16384 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 74.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Craig
    ->Flash cache emptied: 0 bytes

    User: Default User

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.17.3 log created on 11062010_094934

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\Craig\Local Settings\Temp\etilqs_xmk4crXY6rEO8okmBZLd not found!
    File\Folder C:\WINDOWS\temp\Perflib_Perfdata_448.dat not found!

    Registry entries deleted on Reboot...
  24. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Whenever you're ready...
  25. certifiablejeep

    certifiablejeep TS Rookie Topic Starter

    Everything is running great... everything works and nothing looks funny.

    Craig
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.