Solved Malware Trojan Virus Can't Install Programs and access Internet to complete Install

Status
Not open for further replies.

certifiablejeep

Posts: 14   +0
Hi there.
I am having an issue when trying to remove a piece of malware.
I have read and read and read the forums and basically what I have done is the following

1) Installed HiJackthis and ran it... cleaned up some stuff
2) Cleaned up the hosts file... it wasn't bad, but now it has nothing in there.
3) Installed Ad-Aware and ran it, rebooted, cleaned upa few things.
4) Installed Norton Antivirus, ran it, says that the system is clean
5) Installed SpyBot, had to rename the file, manually update as it can't connect to the Internet to find Updates, ran it, and then fixed the issues, again, nothign much came back.

So, here is the issue... it seems that whenever I try to install a Malware program that needs to connect to the Internet to receive updates, the Malware program is being blocked.

I can't figure out what is causing this as normal browsing is fine, but it will redirect you if you try to go to any known list of sites.

I have tried starting in safe mode and running the programs, renaming them, putting them in different directories, etc. but nothing seems to find what I think to be the Google/Yahoo/Bing/etc. redirect trojan.

If anyone out there has seen simlar behavior and could let me know of a program that I can download and put on my machine to run and attempt to clean this up that doesn't connect to the internet or wouldn't be blocked by the malware, that would be great.

Thank you so much for your time.

Craig
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Complete as many steps, as you can.
 
Thank you for your response... as I said, I have done some of this, but I will follow the instructions provided and supply the information tonight.

Thanks again.
Craig
 
Hey there... sorry for the delay, I had to work late yet again.
The issue seems to be still happening, but from what I saw in the logs, not a ton of stuff popped out at me, I hope that you see something I didn't.

BTW, Malware finally ran after renaming it and running it with the different tname, but as you can see in the picture attached, the updated was not allowed to run... like all programs, even the NAV is blocked from getting out to the Internet.

So, here goes.

---------------------------------------------------------------------------------------

Malware Log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

10/28/2010 6:39:56 AM
mbam-log-2010-10-28 (06-39-56).txt

Scan type: Quick scan
Objects scanned: 123164
Time elapsed: 3 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


-------------------------------------------------------------------------------

gmer log

GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-10-28 21:55:43
Windows 5.1.2600 Service Pack 3
Running: drs648yb.exe; Driver: C:\DOCUME~1\Craig\LOCALS~1\Temp\uxtdqpod.sys


---- System - GMER 1.0.15 ----

SSDT 89786FD0 ZwAlertResumeThread
SSDT 89BC0180 ZwAlertThread
SSDT 89D664F0 ZwAllocateVirtualMemory
SSDT 89782830 ZwAssignProcessToJobObject
SSDT 89BAC890 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0x9E6E2720]
SSDT 896CF1A8 ZwCreateMutant
SSDT 8974D258 ZwCreateSymbolicLinkObject
SSDT 89C1C568 ZwCreateThread
SSDT 89785430 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0x9E6E29A0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0x9E6E2F00]
SSDT 89BFCC38 ZwDuplicateObject
SSDT 89E34008 ZwFreeVirtualMemory
SSDT 89C15CB8 ZwImpersonateAnonymousToken
SSDT 89786610 ZwImpersonateThread
SSDT 89BBD9F8 ZwLoadDriver
SSDT 89D7B9F8 ZwMapViewOfSection
SSDT 89C3B808 ZwOpenEvent
SSDT 89C0F238 ZwOpenProcess
SSDT 89D304C8 ZwOpenProcessToken
SSDT 89C93768 ZwOpenSection
SSDT 89D6A7E8 ZwOpenThread
SSDT 88FF76A0 ZwProtectVirtualMemory
SSDT 89785910 ZwResumeThread
SSDT 89BF90D0 ZwSetContextThread
SSDT 89C8D050 ZwSetInformationProcess
SSDT 89C4DA48 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0x9E6E3150]
SSDT 89C1A650 ZwSuspendProcess
SSDT 896E2278 ZwSuspendThread
SSDT 89D81908 ZwTerminateProcess
SSDT 89BC7218 ZwTerminateThread
SSDT 89D83E98 ZwUnmapViewOfSection
SSDT 89D5F008 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2DC4 80504660 4 Bytes CALL CCDA1D0C
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[2960] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\iaStor -> DriverStartIo \Device\Ide\iaStor0 8A8ECAEA
Device \Driver\iaStor -> DriverStartIo \Device\Ide\IAAStorageDevice-0 8A8ECAEA

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp Lbd.sys (Boot Driver/Lavasoft AB)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device 9C06BD20

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskWDC_WD1600BEVT-75ZCT2___________________11.01A11#4&11fcf6bd&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----


---------------------------------------------------------------------------------

dds.txt


DDS (Ver_10-10-21.02) - NTFSx86
Run by Craig at 21:57:50.01 on Thu 10/28/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3536.2902 [GMT -4:00]

AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Craig\Desktop\dds.scr
C:\WINDOWS\system32\svchost.exe -k netsvcs

============== Pseudo HJT Report ===============

uStart Page = about:blank
mStart Page = about:blank
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\18.1.0.37\IPSBHO.DLL
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} -
Notify: igfxcui - igfxdev.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 wvauth

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\craig\applic~1\mozilla\firefox\profiles\eghensri.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.yahoo.com/
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npwbe.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-10-24 64288]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1201000.025\SymDS.sys [2010-10-25 339504]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1201000.025\SymEFA.sys [2010-10-25 666672]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\bashdefs\20101001.001\BHDrvx86.sys [2010-8-31 692272]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1201000.025\Ironx86.sys [2010-10-25 134704]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2008-12-29 320800]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2009-1-22 808296]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2009-1-22 20840]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-2-6 443168]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-9-23 1357464]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.1.0.37\ccSvcHst.exe [2010-10-25 126904]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-6-13 112512]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2009-6-13 32808]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-6-13 244368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-10-25 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\ipsdefs\20101026.001\IDSXpx86.sys [2010-10-19 341880]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-6-13 109568]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20101027.033\NAVENG.SYS [2010-10-27 86064]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20101027.033\NAVEX15.SYS [2010-10-27 1371184]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2009-6-13 232744]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-9-23 15008]
S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\drivers\nvtsp50.sys --> c:\windows\system32\drivers\NvtSp50.sys [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S4 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-4-19 133968]
S4 SMManager;Smith Micro Connection Manager Service;c:\program files\dell\dell controlpoint\connection manager\SMManager.exe [2009-3-1 77824]

=============== Created Last 30 ================

2010-10-28 00:32:57 -------- d-----w- c:\docume~1\craig\applic~1\Malwarebytes
2010-10-28 00:32:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-28 00:32:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-28 00:32:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-28 00:32:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-28 00:23:11 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-10-27 02:03:30 11701704 ----a-w- C:\abc.exe
2010-10-26 21:30:31 -------- d-----w- c:\windows\system32\appmgmt
2010-10-26 03:11:02 -------- d-----w- c:\docume~1\craig\applic~1\SUPERAntiSpyware.com
2010-10-26 03:11:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-10-26 02:58:33 43952 ----a-r- c:\windows\system32\drivers\SymIM.sys
2010-10-26 02:53:19 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-10-26 02:52:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-10-26 01:46:06 -------- d-----w- C:\death
2010-10-24 19:19:58 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-10-24 18:20:13 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-10-24 18:19:52 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-10-24 18:19:37 -------- d-----w- c:\program files\Lavasoft

==================== Find3M ====================

2010-10-26 02:31:52 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

============= FINISH: 21:59:10.53 ===============


--------------------------------------------------------------------------


attach.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-21.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/24/2009 11:33:15 AM
System Uptime: 10/28/2010 8:29:47 PM (1 hours ago)

Motherboard: Dell Inc. | | 0H635N
Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz | Microprocessor | 2526/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 111.147 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\33539621354FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\33539621354FC000
Service: NIC1394

==== System Restore Points ===================

RP221: 7/14/2010 6:34:10 AM - System Checkpoint
RP222: 7/18/2010 6:48:28 AM - System Checkpoint
RP223: 7/21/2010 8:59:39 AM - System Checkpoint
RP224: 7/22/2010 9:42:25 AM - System Checkpoint
RP225: 7/23/2010 1:14:23 PM - System Checkpoint
RP226: 7/27/2010 7:10:52 AM - System Checkpoint
RP227: 8/3/2010 6:16:14 AM - System Checkpoint
RP228: 8/5/2010 6:33:01 AM - System Checkpoint
RP229: 8/9/2010 6:43:10 AM - System Checkpoint
RP230: 8/12/2010 6:57:47 AM - System Checkpoint
RP231: 8/16/2010 7:16:28 AM - System Checkpoint
RP232: 8/23/2010 7:18:50 AM - System Checkpoint
RP233: 9/1/2010 6:46:16 AM - System Checkpoint
RP234: 9/6/2010 8:11:49 AM - System Checkpoint
RP235: 9/8/2010 6:27:03 AM - System Checkpoint
RP236: 9/9/2010 6:45:22 AM - System Checkpoint
RP237: 9/14/2010 6:37:09 AM - System Checkpoint
RP238: 9/23/2010 6:52:15 AM - System Checkpoint
RP239: 9/26/2010 10:11:48 AM - System Checkpoint
RP240: 10/3/2010 9:01:29 AM - System Checkpoint
RP241: 10/5/2010 7:04:13 AM - System Checkpoint
RP242: 10/11/2010 9:11:58 AM - System Checkpoint
RP243: 10/24/2010 3:13:48 PM - System Checkpoint

==== Installed Programs ======================

Ad-Aware
Adobe Acrobat 9 Standard - English, Français, Deutsch
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 6.0
All Day Battery Life Configuration
AviSynth 2.5
BioAPI Framework
biolsp patch
Broadcom USH Host Components
Choice Guard
DCP32MMWrapper
Dell Control Point
Dell ControlPoint Connection Manager
Dell ControlPoint Security Manager
Dell ControlPoint System Manager
Dell Embassy Trust Suite by Wave Systems
Dell Security Device Driver Pack
Dell Touchpad
Dell Wireless WLAN Card Utility
Document Manager Lite
EMBASSY Security Center
EMBASSY Security Setup
ESC Home Page Plugin
Gemalto
HijackThis 1.99.0
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB945436)
Hotfix for Windows XP (KB949764)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954434)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB958347)
Hotfix for Windows XP (KB959252)
Intel(R) Network Connections 13.0.42.0
Intel(R) PRO Alerting Agent
Intel® Matrix Storage Manager
Java(TM) 6 Update 11
Junk Mail filter update
Malwarebytes' Anti-Malware
MFCLOC
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft Application Error Reporting
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Basic 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Visio 2010
Microsoft Office Visio MUI (English) 2010
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Software Update for Web Folders (English) 12
Microsoft Software Update for Web Folders (English) 14
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visio Premium 2010
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.19)
MSVCRT
Norton AntiVirus
NTRU TCG Software Stack
Octoshape add-in for Adobe Flash Player
PowerDVD DX
Preboot Manager
Private Information Manager
Secure Update
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Wizards
Segoe UI
SO32MMWrapper
Spybot - Search & Destroy
SRS Premium Sound
Trusted Drive Manager
tsp patch
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VuePrint
Wave Infrastructure Installer
Wave Support Software
Web-Based Email Tools
WebFldrs XP
Windows Communication Foundation
Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Presentation Foundation
Windows Search 4.0
Windows Workflow Foundation
XML Paper Specification Shared Components Pack 1.0
XviD MPEG4 Video Codec (remove only)

==== Event Viewer Messages From Past Week ========

10/28/2010 6:31:19 AM, error: Service Control Manager [7034] - The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).
10/27/2010 8:55:13 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
10/27/2010 10:09:29 PM, error: DCOM [10005] - DCOM got error "%230" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
10/27/2010 10:09:29 PM, error: DCOM [10005] - DCOM got error "%230" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/26/2010 9:53:30 PM, error: Service Control Manager [7034] - The WebClient service terminated unexpectedly. It has done this 1 time(s).
10/26/2010 9:53:30 PM, error: Service Control Manager [7034] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s).
10/26/2010 9:53:30 PM, error: Service Control Manager [7034] - The SSDP Discovery Service service terminated unexpectedly. It has done this 1 time(s).
10/26/2010 9:53:30 PM, error: Service Control Manager [7031] - The Remote Registry service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
10/26/2010 9:49:24 PM, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 0024E8B02DB0 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
10/26/2010 7:39:05 PM, error: SCardSvr [610] - Smart Card Reader 'Broadcom Corp Contacted SmartCard 0' rejected IOCTL GET_STATE: The device has been removed.
10/26/2010 6:32:49 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
10/26/2010 6:00:13 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
10/26/2010 5:59:04 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.
10/26/2010 5:30:31 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
10/26/2010 5:25:09 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 eeCtrl Fips intelppm SASDIFSV SASKUTIL SRTSPX SymIRON SYMTDI
10/26/2010 10:09:32 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 eeCtrl Fips intelppm SRTSPX SymIRON SYMTDI
10/26/2010 10:00:34 PM, error: EventLog [6004] - A driver packet received from the I/O subsystem was invalid. The data is the packet.
10/25/2010 9:14:27 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/25/2010 9:14:22 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
10/25/2010 9:13:58 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm
10/25/2010 9:13:40 PM, error: Dhcp [1002] - The IP address lease 192.168.0.4 for the Network Card with network address 0024E8B02DB0 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
10/24/2010 3:57:41 PM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).
10/24/2010 3:57:41 PM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
10/24/2010 2:22:02 PM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: The requested service provider could not be loaded or initialized.
10/24/2010 1:55:23 PM, error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
10/24/2010 1:55:17 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
10/24/2010 1:55:14 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/24/2010 1:54:57 PM, error: Service Control Manager [7034] - The Smart Card service terminated unexpectedly. It has done this 1 time(s).
10/24/2010 1:54:54 PM, error: Service Control Manager [7034] - The Credential Vault Host Storage service terminated unexpectedly. It has done this 1 time(s).
10/24/2010 1:54:51 PM, error: Service Control Manager [7034] - The Dell ControlPoint Button Service service terminated unexpectedly. It has done this 1 time(s).
10/24/2010 1:54:48 PM, error: Service Control Manager [7034] - The Dell ControlPoint System Manager service terminated unexpectedly. It has done this 1 time(s).
10/24/2010 1:54:25 PM, error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
10/24/2010 1:54:18 PM, error: Service Control Manager [7034] - The Credential Vault Host Control Service service terminated unexpectedly. It has done this 1 time(s).
10/24/2010 1:54:14 PM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
10/24/2010 1:54:07 PM, error: Service Control Manager [7034] - The TdmService service terminated unexpectedly. It has done this 1 time(s).
10/24/2010 1:54:04 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
10/24/2010 1:33:45 PM, error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 3 time(s).
10/24/2010 1:33:30 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
10/24/2010 1:33:11 PM, error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
10/21/2010 6:42:45 AM, error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.

==== End Of File ===========================
 

Attachments

  • malwareupdateerror.JPG
    malwareupdateerror.JPG
    22.9 KB · Views: 1
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

========================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.
 
Great news... I was able to download updates for Spybot... and Malwarebytes as well!

The TDS Killer log shows the one file cleaned up. I posted the other MBR one as well.

So basically, I was able to download updates and so faf I was able to be redirected to the correct sites when they are searched and also Norton Antivirus ran its updates as well.

So, I think the initial issue is resolved, now I just was wondeirng what else would need to be done to ensure that this doesn't happen again.

Thanks,
Craig

2010/10/29 19:24:29.0859 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/10/29 19:24:29.0859 ================================================================================
2010/10/29 19:24:29.0859 SystemInfo:
2010/10/29 19:24:29.0859
2010/10/29 19:24:29.0859 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/29 19:24:29.0859 Product type: Workstation
2010/10/29 19:24:29.0859 ComputerName: CB_LAP
2010/10/29 19:24:29.0859 UserName: Craig
2010/10/29 19:24:29.0859 Windows directory: C:\WINDOWS
2010/10/29 19:24:29.0859 System windows directory: C:\WINDOWS
2010/10/29 19:24:29.0859 Processor architecture: Intel x86
2010/10/29 19:24:29.0859 Number of processors: 2
2010/10/29 19:24:29.0859 Page size: 0x1000
2010/10/29 19:24:29.0859 Boot type: Normal boot
2010/10/29 19:24:29.0859 ================================================================================
2010/10/29 19:24:30.0343 Initialize success
2010/10/29 19:24:45.0812 ================================================================================
2010/10/29 19:24:45.0812 Scan started
2010/10/29 19:24:45.0812 Mode: Manual;
2010/10/29 19:24:45.0812 ================================================================================
2010/10/29 19:24:46.0203 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/10/29 19:24:46.0265 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/29 19:24:46.0296 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/10/29 19:24:46.0359 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/10/29 19:24:46.0437 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/29 19:24:46.0500 AESTAud (f21d5e93a94514be9f5b6ebf74a696b2) C:\WINDOWS\system32\drivers\AESTAud.sys
2010/10/29 19:24:46.0546 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/29 19:24:46.0593 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/10/29 19:24:46.0640 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/10/29 19:24:46.0687 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/10/29 19:24:46.0734 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/10/29 19:24:46.0765 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/10/29 19:24:46.0812 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/10/29 19:24:46.0843 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/10/29 19:24:46.0890 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/10/29 19:24:46.0921 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/10/29 19:24:46.0968 ApfiltrService (b83f9da84f7079451c1c6a4a2f140920) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2010/10/29 19:24:47.0031 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/10/29 19:24:47.0062 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/10/29 19:24:47.0109 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/10/29 19:24:47.0125 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/10/29 19:24:47.0187 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/29 19:24:47.0218 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/29 19:24:47.0593 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/29 19:24:47.0640 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/29 19:24:47.0750 BCM43XX (9208c78bd9283f79a30252ad954c77a2) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/10/29 19:24:47.0859 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/29 19:24:48.0140 BHDrvx86 (5138da8715da5f9823b753b6cb36a9a9) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101001.001\BHDrvx86.sys
2010/10/29 19:24:48.0203 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/10/29 19:24:48.0234 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/29 19:24:48.0296 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/10/29 19:24:48.0343 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/10/29 19:24:48.0406 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/29 19:24:48.0468 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/29 19:24:48.0500 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/29 19:24:48.0593 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/10/29 19:24:48.0640 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/10/29 19:24:48.0671 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/10/29 19:24:48.0734 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/10/29 19:24:48.0812 cvusbdrv (a95d9b8d882adf93ef40d7dc9b9bb508) C:\WINDOWS\system32\Drivers\cvusbdrv.sys
2010/10/29 19:24:48.0859 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/10/29 19:24:48.0937 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/10/29 19:24:49.0000 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/29 19:24:49.0062 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/29 19:24:49.0125 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/29 19:24:49.0156 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/29 19:24:49.0218 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/29 19:24:49.0250 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/10/29 19:24:49.0312 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/29 19:24:49.0406 e1yexpress (10cbd2b278ce365b41de378632cb5ddb) C:\WINDOWS\system32\DRIVERS\e1y5132.sys
2010/10/29 19:24:49.0515 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/10/29 19:24:49.0578 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/10/29 19:24:49.0640 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/29 19:24:49.0703 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/10/29 19:24:49.0765 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/29 19:24:49.0796 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/10/29 19:24:49.0843 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/10/29 19:24:49.0859 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/29 19:24:49.0906 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/29 19:24:49.0953 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/29 19:24:49.0984 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/10/29 19:24:50.0015 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/29 19:24:50.0062 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/10/29 19:24:50.0125 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/29 19:24:50.0140 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/10/29 19:24:50.0171 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/10/29 19:24:50.0203 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/29 19:24:50.0390 ialm (3b743262b6456167888d15f1121b3bf7) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/10/29 19:24:50.0609 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\WINDOWS\system32\drivers\iaStor.sys
2010/10/29 19:24:50.0859 IDSxpx86 (74e8463447101ecf0165ddc7e5168b7e) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101026.001\IDSxpx86.sys
2010/10/29 19:24:50.0937 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/29 19:24:50.0984 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/10/29 19:24:51.0046 IntcHdmiAddService (f32a62c765885bd8e4352a1565f702a6) C:\WINDOWS\system32\drivers\IntcHdmi.sys
2010/10/29 19:24:51.0062 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/10/29 19:24:51.0093 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/29 19:24:51.0125 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/10/29 19:24:51.0156 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/29 19:24:51.0187 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/29 19:24:51.0250 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/29 19:24:51.0265 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/29 19:24:51.0281 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/29 19:24:51.0359 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/29 19:24:51.0390 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/29 19:24:51.0406 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/10/29 19:24:51.0453 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/29 19:24:51.0484 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/29 19:24:51.0609 Lavasoft Kernexplorer (32da3fde01f1bb080c2e69521dd8881e) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2010/10/29 19:24:51.0656 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2010/10/29 19:24:51.0703 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/29 19:24:51.0734 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/29 19:24:51.0781 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/29 19:24:51.0796 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/29 19:24:51.0812 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/29 19:24:51.0875 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/10/29 19:24:51.0890 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/29 19:24:51.0953 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/29 19:24:51.0968 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/29 19:24:52.0015 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/29 19:24:52.0046 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/29 19:24:52.0078 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/29 19:24:52.0109 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/29 19:24:52.0156 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/10/29 19:24:52.0171 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/29 19:24:52.0218 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/10/29 19:24:52.0265 NAL (a467e1deb3bb2b57426c8a5993ba933e) C:\WINDOWS\system32\Drivers\iqvw32.sys
2010/10/29 19:24:52.0578 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101027.033\NAVENG.SYS
2010/10/29 19:24:52.0656 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101027.033\NAVEX15.SYS
2010/10/29 19:24:52.0718 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/29 19:24:52.0843 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/10/29 19:24:52.0890 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/29 19:24:52.0921 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/29 19:24:52.0953 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/29 19:24:52.0984 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/29 19:24:53.0015 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/29 19:24:53.0046 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/29 19:24:53.0109 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/10/29 19:24:53.0140 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/29 19:24:53.0218 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/29 19:24:53.0281 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/29 19:24:53.0343 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/29 19:24:53.0359 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/29 19:24:53.0390 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/10/29 19:24:53.0421 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/10/29 19:24:53.0437 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/29 19:24:53.0625 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/29 19:24:53.0671 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\WINDOWS\system32\DRIVERS\PBADRV.sys
2010/10/29 19:24:53.0734 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys
2010/10/29 19:24:53.0765 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/29 19:24:53.0812 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/29 19:24:53.0828 Pcmcia (e159080e844e658d2d5a375be7cc1f76) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/10/29 19:24:53.0828 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\pcmcia.sys. Real md5: e159080e844e658d2d5a375be7cc1f76, Fake md5: 9e89ef60e9ee05e3f2eef2da7397f1c1
2010/10/29 19:24:53.0828 Pcmcia - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/10/29 19:24:53.0875 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/10/29 19:24:53.0890 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/10/29 19:24:53.0937 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/29 19:24:53.0953 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/29 19:24:53.0968 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/29 19:24:54.0015 QCDonner (fddd1aeb9f81ef1e6e48ae1edc2a97d6) C:\WINDOWS\system32\DRIVERS\OVCD.sys
2010/10/29 19:24:54.0046 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/10/29 19:24:54.0062 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/10/29 19:24:54.0343 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/10/29 19:24:54.0390 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/10/29 19:24:54.0421 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/10/29 19:24:54.0453 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/29 19:24:54.0484 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/29 19:24:54.0500 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/29 19:24:54.0515 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/29 19:24:54.0531 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/29 19:24:54.0609 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/29 19:24:54.0640 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/29 19:24:54.0687 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/29 19:24:54.0765 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/29 19:24:54.0843 rimmptsk (ea885e7a56f1be1f14c372337c42fe48) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2010/10/29 19:24:54.0890 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/10/29 19:24:54.0921 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/29 19:24:54.0968 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/29 19:24:55.0000 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/29 19:24:55.0031 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/29 19:24:55.0062 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/10/29 19:24:55.0109 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/10/29 19:24:55.0156 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/10/29 19:24:55.0203 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/29 19:24:55.0218 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/29 19:24:55.0250 SRS_PremiumSound_Service (584477fdfa731af4635f5875c6b52531) C:\WINDOWS\system32\drivers\srs_PremiumSound_i386.sys
2010/10/29 19:24:55.0343 SRTSP (d0ab8e989935d895f1bed8f607fa0948) C:\WINDOWS\system32\drivers\NAV\1201000.025\SRTSP.SYS
2010/10/29 19:24:55.0375 SRTSPX (fae9f5558a1f53670e579f9ffb4a67cc) C:\WINDOWS\system32\drivers\NAV\1201000.025\SRTSPX.SYS
2010/10/29 19:24:55.0390 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/29 19:24:55.0468 STHDA (1b76479b80ff0f6e245ba590a64102be) C:\WINDOWS\system32\drivers\sthda.sys
2010/10/29 19:24:55.0531 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/10/29 19:24:55.0578 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/29 19:24:55.0593 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/29 19:24:55.0640 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/10/29 19:24:55.0703 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/10/29 19:24:55.0812 SymDS (67e83f8c7e80dc898a1d73b38412ba7a) C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMDS.SYS
2010/10/29 19:24:55.0859 SymEFA (3986a8de371e985ba6c82eb8da3b1e98) C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMEFA.SYS
2010/10/29 19:24:55.0937 SymEvent (5c76a63fac8a5580c5a1c4a4ed827782) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2010/10/29 19:24:55.0968 SymIM (16460f6fa750b1e7cc827c4c5a2d6a7b) C:\WINDOWS\system32\DRIVERS\SymIM.sys
2010/10/29 19:24:55.0984 SymIMMP (16460f6fa750b1e7cc827c4c5a2d6a7b) C:\WINDOWS\system32\DRIVERS\SymIM.sys
2010/10/29 19:24:56.0015 SymIRON (8ae632773b5192dce48f4ec8de753863) C:\WINDOWS\system32\drivers\NAV\1201000.025\Ironx86.SYS
2010/10/29 19:24:56.0046 SYMTDI (34ff2368b7914d1b29d16aba865e982d) C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMTDI.SYS
2010/10/29 19:24:56.0093 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/10/29 19:24:56.0125 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/10/29 19:24:56.0171 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/29 19:24:56.0234 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/29 19:24:56.0296 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/29 19:24:56.0328 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/29 19:24:56.0390 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/29 19:24:56.0421 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/10/29 19:24:56.0468 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/29 19:24:56.0515 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/10/29 19:24:56.0562 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/29 19:24:56.0609 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/10/29 19:24:56.0671 usbccgp (c18d6c74953621346df6b0a11f80c1cc) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/29 19:24:56.0703 USBCCID (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\WINDOWS\system32\DRIVERS\usbccid.sys
2010/10/29 19:24:56.0734 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/29 19:24:56.0750 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/29 19:24:56.0781 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/29 19:24:56.0828 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/29 19:24:56.0875 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/29 19:24:56.0890 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/29 19:24:56.0937 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/10/29 19:24:56.0953 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/10/29 19:24:56.0984 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/29 19:24:57.0031 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/29 19:24:57.0046 WavxDMgr (fc2606083f35db9c497d6ba9f554d22c) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
2010/10/29 19:24:57.0109 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/10/29 19:24:57.0140 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/29 19:24:57.0203 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/10/29 19:24:57.0250 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/10/29 19:24:57.0343 ================================================================================
2010/10/29 19:24:57.0343 Scan finished
2010/10/29 19:24:57.0343 ================================================================================
2010/10/29 19:24:57.0343 Detected object count: 1
2010/10/29 19:25:21.0546 Pcmcia (e159080e844e658d2d5a375be7cc1f76) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/10/29 19:25:21.0562 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\pcmcia.sys. Real md5: e159080e844e658d2d5a375be7cc1f76, Fake md5: 9e89ef60e9ee05e3f2eef2da7397f1c1
2010/10/29 19:25:28.0890 Backup copy found, using it..
2010/10/29 19:25:28.0968 C:\WINDOWS\system32\DRIVERS\pcmcia.sys - will be cured after reboot
2010/10/29 19:25:28.0968 Rootkit.Win32.TDSS.tdl3(Pcmcia) - User select action: Cure
2010/10/29 19:25:43.0562 Deinitialize success


---------------------------
MBRCheck

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 141):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F95000 klmdb.sys
0xB9F67000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F56000 pci.sys
0xBA0A8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xB9F38000 tsk9.tmp
0xBA0B8000 MountMgr.sys
0xB9F19000 ftdisk.sys
0xB9EF3000 dmio.sys
0xBA328000 PartMgr.sys
0xBA4C4000 ACPIEC.sys
0xBA670000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xBA0C8000 VolSnap.sys
0xB9E18000 iaStor.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9DF8000 fltMgr.sys
0xB9DA1000 SYMDS.SYS
0xB9D8F000 sr.sys
0xBA0F8000 Lbd.sys
0xB9CE6000 SYMEFA.SYS
0xB9CCF000 KSecDD.sys
0xB9C42000 Ntfs.sys
0xB9C15000 NDIS.sys
0xBA108000 PBADRV.sys
0xBA118000 ohci1394.sys
0xBA128000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9BFB000 Mup.sys
0xBA218000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA228000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA238000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB7688000 \SystemRoot\system32\DRIVERS\ks.sys
0xB708B000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB7077000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB7039000 \SystemRoot\system32\DRIVERS\e1y5132.sys
0xBA3E8000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB7015000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3F0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB6FED000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB6EB2000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xB6E9E000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xB6E8D000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB6E60000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB6DE5000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xBA3F8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA400000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA594000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xBA598000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xBA2D8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB6DAD000 \SystemRoot\system32\drivers\srs_PremiumSound_i386.sys
0xBA78A000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA59C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB6D96000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA308000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA408000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB6D85000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA318000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA410000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA418000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB6D55000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA148000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA158000 \SystemRoot\system32\DRIVERS\SymIM.sys
0xBA626000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB6CF7000 \SystemRoot\system32\DRIVERS\update.sys
0xB9BC7000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB95A2000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB9512000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA65A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA4DA5000 \SystemRoot\system32\drivers\sthda.sys
0xA4D81000 \SystemRoot\system32\drivers\portcls.sys
0xBA278000 \SystemRoot\system32\drivers\drmk.sys
0xA4D65000 \SystemRoot\system32\drivers\AESTAud.sys
0xA4D45000 \SystemRoot\system32\drivers\IntcHdmi.sys
0xA44E0000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xBA656000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xA2202000 \SystemRoot\System32\Drivers\Null.SYS
0xBA65E000 \SystemRoot\System32\Drivers\Beep.SYS
0xA2C54000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA2C4C000 \SystemRoot\System32\drivers\vga.sys
0xBA660000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5B4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA2C44000 \SystemRoot\System32\Drivers\Msfs.SYS
0xA2C3C000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB9BBF000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA1B92000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA1B39000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA1AE0000 \SystemRoot\system32\drivers\NAV\1201000.025\SYMTDI.SYS
0xA1ABA000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA1A94000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xA4CB5000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA1A3C000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101026.001\IDSxpx86.sys
0xA1A14000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA19F2000 \SystemRoot\System32\drivers\afd.sys
0xA4CA5000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA2D5B000 \SystemRoot\system32\DRIVERS\serial.sys
0xA2324000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xA19CF000 \SystemRoot\system32\drivers\NAV\1201000.025\Ironx86.SYS
0x9B6D8000 \SystemRoot\system32\drivers\NAV\1201000.025\SRTSPX.SYS
0x99E01000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x99D91000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9B6C8000 \SystemRoot\System32\Drivers\Fips.SYS
0x9B6B8000 \SystemRoot\System32\Drivers\cvusbdrv.sys
0x9B6A8000 \SystemRoot\system32\DRIVERS\usbccid.sys
0x9C0BB000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
0x99D33000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x99D16000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x99C6A000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101001.001\BHDrvx86.sys
0x9B678000 \SystemRoot\System32\Drivers\Cdfs.SYS
0x99B8F000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0x9BAEF000 \SystemRoot\System32\drivers\Dxapi.sys
0x9BA00000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xA21AB000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF058000 \SystemRoot\System32\igxpdv32.DLL
0xBF2E8000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0x99B1D000 \SystemRoot\system32\DRIVERS\WavxDMgr.sys
0xA4B0F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x99AA0000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0x999FE000 \SystemRoot\system32\DRIVERS\srv.sys
0x9960D000 \SystemRoot\system32\drivers\NAV\1201000.025\SRTSP.SYS
0x994BF000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101027.033\NAVEX15.SYS
0x994AB000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101027.033\NAVENG.SYS
0x993A6000 \SystemRoot\system32\drivers\wdmaud.sys
0xB9552000 \SystemRoot\system32\drivers\sysaudio.sys
0x998CA000 \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
0x98CCB000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 41):
0 System Idle Process
4 System
1216 C:\WINDOWS\system32\smss.exe
1296 csrss.exe
1320 C:\WINDOWS\system32\winlogon.exe
1364 C:\WINDOWS\system32\services.exe
1376 C:\WINDOWS\system32\lsass.exe
1528 C:\WINDOWS\system32\svchost.exe
1612 svchost.exe
1652 C:\WINDOWS\system32\svchost.exe
1804 svchost.exe
1832 svchost.exe
280 C:\WINDOWS\system32\WLTRYSVC.EXE
324 C:\WINDOWS\system32\BCMWLTRY.EXE
352 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
428 C:\WINDOWS\system32\spoolsv.exe
484 C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
496 C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
516 scardsvr.exe
912 C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
992 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1044 C:\WINDOWS\system32\svchost.exe
1068 C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
1596 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
1724 C:\WINDOWS\system32\searchindexer.exe
2040 C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
624 wmiprvse.exe
804 C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
2144 unsecapp.exe
2324 alg.exe
2908 C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
3436 C:\WINDOWS\system32\wuauclt.exe
3456 C:\WINDOWS\explorer.exe
3464 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
3640 C:\Program Files\IDT\WDM\sttray.exe
3648 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3660 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
3668 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
3976 C:\WINDOWS\system32\searchprotocolhost.exe
3992 searchfilterhost.exe
3808 C:\Documents and Settings\Craig\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02800000 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600BEVT-75ZCT2, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Dell Inspiron MBR code detected
SHA1: AE3E0A945D44C8EA304A19A8F50F69065C34344B


Done!
 
MBR looks fine...

1. Run updated MBAM and post fresh log.

2. Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Hi there.
mbam ran fine and the log is attached. When I ran combofix it gave me a blue screen and said that some value wasn't equal to something... I didn't write it down, but didn't want to run this again until I heard from you.

Thanks
Craig

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4994

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

10/30/2010 8:46:30 AM
mbam-log-2010-10-30 (08-46-30).txt

Scan type: Quick scan
Objects scanned: 146282
Time elapsed: 5 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Delete your Combofix file, download fresh one, but rename combofix.exe to broni.exe BEFORE saving it to your desktop.
Run it.
 
OK, that one worked.

ComboFix 10-10-30.01 - Craig 10/30/2010 16:18:21.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3536.2958 [GMT -4:00]
Running from: c:\documents and settings\Craig\Desktop\broni.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
.

((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-30 )))))))))))))))))))))))))))))))
.

2010-10-28 00:32 . 2010-10-28 00:32 -------- d-----w- c:\documents and settings\Craig\Application Data\Malwarebytes
2010-10-28 00:32 . 2010-10-28 00:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-28 00:32 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-28 00:32 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-28 00:32 . 2010-10-28 00:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-28 00:23 . 2010-10-28 00:23 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-10-27 02:03 . 2010-10-27 02:03 11701704 ----a-w- C:\abc.exe
2010-10-26 03:11 . 2010-10-26 03:11 -------- d-----w- c:\documents and settings\Craig\Application Data\SUPERAntiSpyware.com
2010-10-26 03:11 . 2010-10-26 03:11 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-10-26 02:58 . 2010-07-22 01:27 43952 ----a-r- c:\windows\system32\drivers\SymIM.sys
2010-10-26 02:53 . 2010-10-26 03:21 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-10-26 02:52 . 2010-10-26 02:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-10-26 02:31 . 2010-10-26 02:33 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-10-26 02:31 . 2010-10-26 02:31 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-10-26 02:31 . 2010-10-26 02:31 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-10-26 02:31 . 2010-10-26 02:31 -------- d-----w- c:\program files\Symantec
2010-10-26 02:31 . 2010-10-26 02:31 -------- d-----w- c:\windows\system32\drivers\NAV
2010-10-26 02:31 . 2010-10-26 02:31 -------- d-----w- c:\program files\Norton AntiVirus
2010-10-26 02:31 . 2010-10-26 02:31 -------- d-----w- c:\program files\Windows Sidebar
2010-10-26 02:09 . 2010-10-26 02:09 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-10-26 01:46 . 2010-10-30 00:45 -------- d-----w- C:\death
2010-10-26 01:42 . 2010-10-26 01:42 -------- d-s---w- c:\documents and settings\Administrator\UserData
2010-10-24 19:19 . 2010-09-23 07:46 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-10-24 18:20 . 2010-09-23 07:46 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-10-24 18:19 . 2010-10-24 18:19 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-10-24 18:19 . 2010-10-24 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-10-24 18:19 . 2010-10-24 18:19 -------- d-----w- c:\program files\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-29 23:26 . 2008-04-14 00:06 120192 ----a-w- c:\windows\system32\drivers\pcmcia.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-01-14 15:24 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-01-14 15:24 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-17 483420]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/24/2010 2:20 PM 64288]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1201000.025\SymDS.sys [10/25/2010 10:31 PM 339504]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1201000.025\SymEFA.sys [10/25/2010 10:31 PM 666672]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101001.001\BHDrvx86.sys [8/31/2010 6:57 PM 692272]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1201000.025\Ironx86.sys [10/25/2010 10:31 PM 134704]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [12/29/2008 12:07 PM 320800]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [1/22/2009 11:19 AM 808296]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [1/22/2009 11:19 AM 20840]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2/6/2009 9:06 PM 443168]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/23/2010 3:46 AM 1357464]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe [10/25/2010 10:31 PM 126904]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [6/13/2009 6:21 PM 112512]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [6/13/2009 6:21 PM 32808]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [6/13/2009 6:21 PM 244368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/25/2010 10:45 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101028.001\IDSXpx86.sys [10/29/2010 9:05 PM 341880]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [6/13/2009 6:21 PM 109568]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [6/13/2009 3:45 PM 232744]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [9/23/2010 3:46 AM 15008]
S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S4 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [4/19/2007 6:56 AM 133968]
S4 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [3/1/2009 7:09 PM 77824]
.
Contents of the 'Scheduled Tasks' folder

2010-10-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-23 00:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.certifiablejeep.com/
mStart Page = about:blank
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} -
FF - ProfilePath - c:\documents and settings\Craig\Application Data\Mozilla\Firefox\Profiles\eghensri.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.yahoo.com/
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwbe.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Craig\Application Data\Macromedia\Flash Player\



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.1.0.37\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1392)
c:\windows\system32\wvauth.dll

- - - - - - - > 'explorer.exe'(2236)
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
Completion time: 2010-10-30 16:24:23
ComboFix-quarantined-files.txt 2010-10-30 20:24

Pre-Run: 119,111,471,104 bytes free
Post-Run: 119,052,169,216 bytes free

- - End Of File - - CE78309B027CE687AB666142DB8645B7
 
It looks good :)

What are the current issues?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
currently I am not seeing any issues.
I am at work now, but when I get home tonight I will run the OTL thing you mentioned.

Thanks again for this.

Craig
 
2 days now and things look good...thanks again.

OTL logfile created on: 11/1/2010 9:02:54 PM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\Craig\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 83.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.01 Gb Total Space | 110.85 Gb Free Space | 74.39% Space Free | Partition Type: NTFS

Computer Name: CB_LAP | User Name: Craig | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/01 20:38:20 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Craig\Desktop\OTL.exe
PRC - [2010/10/27 20:23:06 | 001,357,464 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/10/27 20:23:06 | 000,864,624 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/07/23 01:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
PRC - [2009/03/16 21:57:38 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/02/11 18:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/02/11 18:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/02/06 21:06:56 | 000,443,168 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
PRC - [2009/01/22 11:19:20 | 000,808,296 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
PRC - [2009/01/22 11:19:20 | 000,020,840 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
PRC - [2009/01/14 11:23:50 | 000,991,232 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2008/12/29 12:07:28 | 000,320,800 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
PRC - [2008/12/04 17:03:00 | 000,226,640 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/06/11 23:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/11/01 20:38:20 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Craig\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010/10/27 20:23:06 | 001,357,464 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/07/23 01:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe -- (NAV)
SRV - [2009/06/13 15:49:10 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/16 21:57:26 | 000,254,034 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- c:\drivers\audio\R213367\stacsv.exe -- (STacSV)
SRV - [2009/03/01 19:09:22 | 000,077,824 | ---- | M] (Smith Micro Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe -- (SMManager)
SRV - [2009/02/11 18:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/02/06 21:06:56 | 000,443,168 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2009/01/22 11:19:20 | 000,808,296 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV - [2009/01/22 11:19:20 | 000,020,840 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV - [2009/01/14 11:23:50 | 000,991,232 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2008/12/29 12:07:28 | 000,320,800 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32)
SRV - [2008/12/12 10:54:00 | 000,638,976 | ---- | M] (Wave Systems Corp.) [Disabled | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2008/12/04 17:03:00 | 000,226,640 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/11/12 14:25:48 | 001,273,856 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2007/04/19 06:56:36 | 000,133,968 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NvtSp50.sys -- (NvtSp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Craig\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/10/25 22:45:04 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101101.035\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/10/25 22:45:04 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/10/25 22:45:04 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101101.035\NAVENG.SYS -- (NAVENG)
DRV - [2010/10/25 22:31:52 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/10/19 16:36:22 | 000,341,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101029.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/09/23 03:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/09/23 03:46:08 | 000,015,008 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/08/31 18:57:04 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101029.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/08/13 05:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/07/28 23:33:05 | 000,666,672 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMEFA.SYS -- (SymEFA)
DRV - [2010/07/28 22:54:36 | 000,489,008 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NAV\1201000.025\SRTSP.SYS -- (SRTSP)
DRV - [2010/07/28 22:54:36 | 000,050,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1201000.025\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/07/21 21:27:14 | 000,043,952 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2010/07/21 21:27:14 | 000,043,952 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2010/07/12 21:20:22 | 000,369,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/06/27 00:05:55 | 000,134,704 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1201000.025\Ironx86.SYS -- (SymIRON)
DRV - [2010/06/13 06:50:57 | 000,339,504 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMDS.SYS -- (SymDS)
DRV - [2009/06/13 15:42:49 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2009/04/22 18:39:50 | 000,329,752 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2009/04/03 00:25:50 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/03/24 16:33:38 | 000,232,744 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service)
DRV - [2009/03/16 21:57:30 | 001,545,795 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009/03/16 21:57:12 | 000,112,512 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/03/01 19:01:04 | 000,027,072 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2009/02/26 17:08:52 | 000,109,568 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2009/02/26 17:08:34 | 006,278,560 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2009/02/22 18:59:26 | 000,244,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel(R)
DRV - [2009/02/22 17:51:20 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/01/22 11:16:14 | 000,032,808 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2009/01/16 17:41:06 | 000,208,824 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2008/07/22 17:27:04 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2008/06/04 14:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2008/04/14 08:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 08:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/14 08:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 01:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/02/20 22:19:56 | 000,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2001/08/17 22:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 22:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 22:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 22:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 22:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 21:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 21:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 21:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 21:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 21:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 21:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 21:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 21:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 21:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 21:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USREL/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.certifiablejeep.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://news.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2010/10/25 22:32:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/01 06:46:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/13 06:48:44 | 000,000,000 | ---D | M]

[2009/06/24 18:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Craig\Application Data\Mozilla\Extensions
[2009/06/24 18:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\eghensri.default\extensions
[2010/10/25 22:35:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/20 14:34:44 | 000,218,624 | ---- | M] (Starfield Technology, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwbe.dll

Hosts file not found
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\IPSBHO.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Craig\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Craig\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/01 20:38:20 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Craig\Desktop\OTL.exe
[2010/10/30 16:17:23 | 000,000,000 | ---D | C] -- C:\broni
[2010/10/30 08:53:17 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/30 08:51:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/30 08:51:35 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/30 08:51:35 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/30 08:51:35 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/30 08:51:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/30 08:51:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/28 06:35:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Craig\Desktop\techspot
[2010/10/28 06:30:48 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Craig\Desktop\TFC.exe
[2010/10/27 20:32:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Craig\Application Data\Malwarebytes
[2010/10/27 20:32:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/27 20:32:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/27 20:32:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/27 20:32:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/27 20:23:11 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/10/26 17:30:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/10/25 23:11:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Craig\Application Data\SUPERAntiSpyware.com
[2010/10/25 23:11:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/10/25 22:58:33 | 000,043,952 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2010/10/25 22:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/10/25 22:52:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/10/25 22:31:52 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/10/25 22:31:52 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/10/25 22:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/10/25 22:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/10/25 22:31:36 | 000,666,672 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymEFA.sys
[2010/10/25 22:31:36 | 000,489,008 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\srtsp.sys
[2010/10/25 22:31:36 | 000,369,072 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\symtdi.sys
[2010/10/25 22:31:36 | 000,339,504 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymDS.sys
[2010/10/25 22:31:36 | 000,331,312 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\symtdiv.sys
[2010/10/25 22:31:36 | 000,294,448 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\symnets.sys
[2010/10/25 22:31:36 | 000,134,704 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\Ironx86.sys
[2010/10/25 22:31:36 | 000,050,096 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\srtspx.sys
[2010/10/25 22:31:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV
[2010/10/25 22:31:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV\1201000.025
[2010/10/25 22:31:08 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2010/10/25 22:31:08 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2010/10/25 21:46:06 | 000,000,000 | ---D | C] -- C:\death
[2010/10/24 14:20:13 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/10/24 14:19:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010/10/24 14:19:37 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/10/24 14:19:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/10/15 07:02:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Craig\My Documents\New Folder (6)

========== Files - Modified Within 30 Days ==========

[2010/11/01 20:38:20 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Craig\Desktop\OTL.exe
[2010/11/01 20:37:24 | 000,467,482 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/01 20:37:24 | 000,080,280 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/01 20:33:58 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/11/01 20:32:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/01 20:32:50 | 3707,658,240 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/01 06:30:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/30 17:44:19 | 000,085,504 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/10/30 16:16:55 | 003,896,496 | R--- | M] () -- C:\Documents and Settings\Craig\Desktop\broni.exe
[2010/10/30 08:53:20 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/10/29 18:46:12 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Craig\Desktop\MBRCheck.exe
[2010/10/29 18:45:56 | 001,207,026 | ---- | M] () -- C:\Documents and Settings\Craig\Desktop\tdsskiller.zip
[2010/10/29 18:41:59 | 000,019,433 | ---- | M] () -- C:\Documents and Settings\Craig\Desktop\wanted.xlsx
[2010/10/28 06:38:08 | 000,545,280 | ---- | M] () -- C:\Documents and Settings\Craig\Desktop\dds.scr
[2010/10/28 06:37:58 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\Craig\Desktop\drs648yb.exe
[2010/10/28 06:30:51 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Craig\Desktop\TFC.exe
[2010/10/27 20:59:48 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/27 20:24:31 | 001,729,668 | ---- | M] () -- C:\Documents and Settings\Craig\Desktop\ProcessExplorer.zip
[2010/10/27 20:23:11 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/10/25 23:27:37 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\Craig\Desktop\SpyBot.lnk
[2010/10/25 22:58:31 | 000,513,838 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\Cat.DB
[2010/10/25 22:31:52 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/10/25 22:31:52 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/10/25 22:31:52 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/10/25 22:31:52 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/10/25 22:31:49 | 000,001,887 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK
[2010/10/24 14:19:52 | 000,000,887 | ---- | M] () -- C:\Documents and Settings\Craig\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/10/24 14:19:52 | 000,000,869 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/10/24 13:41:08 | 000,000,679 | ---- | M] () -- C:\Documents and Settings\Craig\Desktop\Shortcut to HijackThis.exe.lnk
[2010/10/10 09:00:41 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\Craig\Desktop\mortgage-payment-calculator.xls

========== Files Created - No Company Name ==========

[2010/10/30 08:53:20 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/10/30 08:53:18 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/30 08:51:35 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/30 08:51:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/30 08:51:35 | 000,085,504 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/30 08:51:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/30 08:51:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/30 08:42:31 | 003,896,496 | R--- | C] () -- C:\Documents and Settings\Craig\Desktop\broni.exe
[2010/10/29 18:46:12 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Craig\Desktop\MBRCheck.exe
[2010/10/29 18:45:54 | 001,207,026 | ---- | C] () -- C:\Documents and Settings\Craig\Desktop\tdsskiller.zip
[2010/10/28 06:38:08 | 000,545,280 | ---- | C] () -- C:\Documents and Settings\Craig\Desktop\dds.scr
[2010/10/28 06:37:58 | 000,294,912 | ---- | C] () -- C:\Documents and Settings\Craig\Desktop\drs648yb.exe
[2010/10/27 20:32:10 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/27 20:24:19 | 001,729,668 | ---- | C] () -- C:\Documents and Settings\Craig\Desktop\ProcessExplorer.zip
[2010/10/27 06:23:48 | 3707,658,240 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/25 22:31:55 | 000,513,838 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\Cat.DB
[2010/10/25 22:31:52 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/10/25 22:31:52 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/10/25 22:31:49 | 000,001,887 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK
[2010/10/25 22:31:19 | 000,003,373 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymEFA.inf
[2010/10/25 22:31:19 | 000,002,792 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymDS.inf
[2010/10/25 22:31:19 | 000,001,473 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymNetV.inf
[2010/10/25 22:31:19 | 000,001,445 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymNet.inf
[2010/10/25 22:31:19 | 000,001,389 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\srtspx.inf
[2010/10/25 22:31:19 | 000,001,383 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\srtsp.inf
[2010/10/25 22:31:19 | 000,000,741 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\Iron.inf
[2010/10/25 22:31:10 | 000,007,787 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\symnetv.cat
[2010/10/25 22:31:10 | 000,007,446 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymNet.cat
[2010/10/25 22:31:10 | 000,007,444 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymEFA.cat
[2010/10/25 22:31:10 | 000,007,442 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\srtspx.cat
[2010/10/25 22:31:10 | 000,007,438 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymDS.cat
[2010/10/25 22:31:10 | 000,007,438 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\srtsp.cat
[2010/10/25 22:31:10 | 000,007,438 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\iron.cat
[2010/10/25 22:31:10 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\isolate.ini
[2010/10/24 15:19:58 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/10/24 14:23:15 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/10/24 14:19:52 | 000,000,887 | ---- | C] () -- C:\Documents and Settings\Craig\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/10/24 14:19:52 | 000,000,869 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/10/24 13:41:08 | 000,000,679 | ---- | C] () -- C:\Documents and Settings\Craig\Desktop\Shortcut to HijackThis.exe.lnk
[2010/10/08 07:25:05 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\Craig\Desktop\mortgage-payment-calculator.xls
[2010/08/05 06:45:50 | 000,000,579 | ---- | C] () -- C:\Documents and Settings\Craig\Application Data\AutoGK.ini
[2009/06/24 11:33:31 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\Craig\Local Settings\Application Data\setup.txt
[2009/06/13 18:20:38 | 000,001,157 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/06/13 15:58:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/06/13 15:45:19 | 000,232,744 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_PremiumSound_i386.sys
[2009/06/13 15:42:57 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/06/13 15:36:29 | 000,279,888 | ---- | C] () -- C:\WINDOWS\System32\brcmbsp.dll
[2009/06/13 15:36:20 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2009/03/01 19:01:02 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/01/25 17:10:48 | 000,179,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/08 19:01:22 | 000,629,760 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/22 13:13:54 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2008/12/19 19:59:18 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_tr.dll
[2008/12/19 19:59:16 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ro.dll
[2008/12/19 19:59:16 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt-BR.dll
[2008/12/19 19:59:14 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_hu.dll
[2008/12/19 19:59:14 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_he.dll
[2008/12/19 19:59:12 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fi.dll
[2008/12/19 19:59:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_el.dll
[2008/12/19 19:59:10 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_cs.dll
[2008/12/19 19:59:08 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ar.dll
[2008/12/19 19:59:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2008/12/19 19:59:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2008/12/19 19:59:04 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_sv.dll
[2008/12/19 19:59:04 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2008/12/19 19:59:02 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2008/12/19 19:59:00 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pl.dll
[2008/12/19 19:59:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_no.dll
[2008/12/19 19:58:58 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_nl.dll
[2008/12/19 19:58:56 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2008/12/19 19:58:56 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2008/12/19 19:58:54 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2008/12/19 19:58:54 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2008/12/19 19:58:52 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2008/12/19 19:58:50 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2008/12/19 19:58:48 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_da.dll
[2008/12/11 16:51:36 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\Wavx_ESC_Logging.dll
[2008/12/11 13:59:48 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2008/12/11 13:59:46 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2008/12/11 13:59:46 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2008/12/11 13:59:46 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2008/12/11 13:59:44 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2008/12/11 13:59:44 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2008/12/11 13:59:42 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2008/12/11 13:59:42 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2008/12/11 13:59:40 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\AmRes_da.dll
[2008/12/11 13:59:40 | 000,479,232 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2008/12/11 13:59:40 | 000,475,136 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2008/12/11 13:59:38 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_nl.dll
[2008/12/11 13:59:38 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_no.dll
[2008/12/11 13:59:36 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pl.dll
[2008/12/11 13:59:36 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\AmRes_sv.dll
[2008/12/11 13:59:36 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ar.dll
[2008/12/11 13:59:34 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_el.dll
[2008/12/11 13:59:34 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_cs.dll
[2008/12/11 13:59:34 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fi.dll
[2008/12/11 13:59:34 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\AmRes_he.dll
[2008/12/11 13:59:32 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-PT.dll
[2008/12/11 13:59:32 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_hu.dll
[2008/12/11 13:59:30 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ro.dll
[2008/12/11 13:59:30 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\AmRes_tr.dll
[2008/12/11 13:56:30 | 000,544,768 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2008/10/06 19:36:56 | 000,839,680 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2008/04/25 17:42:40 | 000,064,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2008/04/25 17:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/25 05:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/03/25 10:46:00 | 000,077,536 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/04/19 06:52:16 | 000,080,720 | ---- | C] () -- C:\WINDOWS\System32\AsfBios.dll
[2007/04/19 06:28:10 | 000,025,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\netamsg.dll
[2006/06/30 13:58:44 | 000,176,128 | R--- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2006/06/30 13:58:44 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2006/06/12 09:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll
[2004/09/10 14:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 14:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll

========== LOP Check ==========

[2009/06/13 15:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2010/10/25 22:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/06/13 15:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
[2009/09/03 12:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2010/10/24 14:19:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2009/06/13 15:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Craig\Application Data\Broadcom
[2009/08/12 21:17:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Craig\Application Data\Van **** Technologies
[2009/06/13 15:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Craig\Application Data\Wave Systems Corp
[2009/06/13 15:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Craig\Application Data\Windows Desktop Search
[2009/06/24 11:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Craig\Application Data\Windows Search
[2010/11/01 20:33:58 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/08/05 21:41:47 | 000,168,756 | ---- | M] () -- C:\100_0380.jpg
[2009/08/05 21:42:55 | 000,159,994 | ---- | M] () -- C:\100_0384.jpg
[2010/11/01 20:32:49 | 000,006,940 | ---- | M] () -- C:\aaw7boot.log
[2010/10/26 22:03:31 | 011,701,704 | ---- | M] (Microsoft Corporation) -- C:\abc.exe
[2008/04/25 17:29:32 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/06/24 11:33:12 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/10/30 08:53:20 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/10/30 16:24:24 | 000,011,063 | ---- | M] () -- C:\ComboFix.txt
[2008/04/25 17:29:32 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/06/13 18:24:01 | 000,004,886 | RH-- | M] () -- C:\dell.sdr
[2009/09/13 12:59:18 | 000,018,907 | ---- | M] () -- C:\dm_160x450_jun1109_025.jpg
[2010/11/01 20:32:50 | 3707,658,240 | -HS- | M] () -- C:\hiberfil.sys
[2008/04/25 17:29:32 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2010/09/27 09:43:15 | 000,247,079 | ---- | M] () -- C:\isitbern.jpg
[2008/04/25 17:29:32 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2008/04/14 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 08:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/11/01 20:32:49 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/10/26 18:06:49 | 000,000,026 | ---- | M] () -- C:\used.txt

< %systemroot%\Fonts\*.com >
[2006/04/20 04:21:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/07/03 06:37:10 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/20 04:21:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/07/03 06:37:12 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008/04/25 17:29:00 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/10/15 00:43:18 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/15 00:44:44 | 000,671,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\PrintFilterPipelineSvc.exe
 
< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2008/12/04 23:55:20 | 000,307,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/04/25 05:21:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/04/25 05:21:09 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/04/25 05:21:09 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/04/25 17:29:41 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/06/24 11:33:39 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Craig\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2008/04/25 17:33:01 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Craig\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/10/30 16:16:55 | 003,896,496 | R--- | M] () -- C:\Documents and Settings\Craig\Desktop\broni.exe
[2010/10/28 06:37:58 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\Craig\Desktop\drs648yb.exe
[2010/10/29 18:46:12 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Craig\Desktop\MBRCheck.exe
[2010/11/01 20:38:20 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Craig\Desktop\OTL.exe
[2010/10/28 06:30:51 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Craig\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2008/04/14 08:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/06/24 11:33:38 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Craig\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/11/01 20:35:27 | 000,409,600 | ---- | M] () -- C:\Documents and Settings\Craig\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2008/04/14 08:00:00 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 08:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2007/04/03 07:37:24 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2007/04/03 07:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/14 07:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 13:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/03 07:37:24 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/03 07:37:24 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/03 07:37:26 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2007/04/03 07:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2007/04/03 07:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >




OTL Extras logfile created on: 11/1/2010 9:02:54 PM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\Craig\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 83.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.01 Gb Total Space | 110.85 Gb Free Space | 74.39% Space Free | Partition Type: NTFS

Computer Name: CB_LAP | User Name: Craig | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{173497F1-F291-4AA7-943E-61CB9378771D}" = SO32MMWrapper
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2220CF3A-EBD6-4070-94D0-0C7337B537A7}" = All Day Battery Life Configuration
"{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}" = Intel(R) Network Connections 13.0.42.0
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{299CF645-48C7-4FA1-8BCD-5CE200CF180D}" = Microsoft Search Enhancement Pack
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{41573DB1-9DAA-43C7-BCBC-49696A648079}" = Dell ControlPoint Connection Manager
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{4994A7CB-2BF4-4664-8FCE-DB66055ECEBC}" = Broadcom USH Host Components
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}" = Windows Live Sign-in Assistant
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{62F29D1C-D526-40F4-B4D0-840F043C2CC1}" = Dell ControlPoint System Manager
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6705BBE4-4664-40C6-9C1B-0330FA300A5C}" = DCP32MMWrapper
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6EA8A52B-8EA1-4A59-85AB-48132299061A}" = Intel(R) PRO Alerting Agent
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E1E6C75-D67B-48B0-B539-EDCA99C29C9E}" = Dell Control Point
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0013-0000-0000-0000000FF1CE}" = Microsoft Office Basic 2007
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch
"{9C875FEA-B49E-49F7-AE62-0F9B91F90982}" = SRS Premium Sound
"{9EDA3DD1-130D-4EE1-A3D2-5A3D795CC8C9}" = MFCLOC
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A23C3636-4F99-4A34-972C-F395E85DFEC0}" = Wave Infrastructure Installer
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
"{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
"{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C5CFF65B-1E1E-489E-86E2-C2A3AF4C88D9}" = Web-Based Email Tools
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"AviSynth" = AviSynth 2.5
"BASICR" = Microsoft Office Basic 2007
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"HijackThis" = HijackThis 1.99.0
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"NAV" = Norton AntiVirus
"Office14.VISIOR" = Microsoft Visio Premium 2010
"VuePrint" = VuePrint
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/25/2010 10:17:17 PM | Computer Name = CB_LAP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/25/2010 10:17:17 PM | Computer Name = CB_LAP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 10/25/2010 10:17:17 PM | Computer Name = CB_LAP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/25/2010 10:17:17 PM | Computer Name = CB_LAP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 10/25/2010 11:09:26 PM | Computer Name = CB_LAP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3725, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/26/2010 5:59:04 PM | Computer Name = CB_LAP | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x001a624b.

Error - 10/26/2010 9:57:31 PM | Computer Name = CB_LAP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3725, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/26/2010 9:57:43 PM | Computer Name = CB_LAP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3725, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/27/2010 6:25:49 AM | Computer Name = CB_LAP | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x001a624b.

Error - 10/28/2010 8:30:38 PM | Computer Name = CB_LAP | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 10/29/2010 7:23:37 PM | Computer Name = CB_LAP | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Schedule service.

Error - 10/29/2010 7:24:41 PM | Computer Name = CB_LAP | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 10/29/2010 7:26:38 PM | Computer Name = CB_LAP | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 10/29/2010 8:42:56 PM | Computer Name = CB_LAP | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 0024E8B02DB0 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 10/30/2010 8:55:32 AM | Computer Name = CB_LAP | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/30/2010 4:09:25 PM | Computer Name = CB_LAP | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.4 for the Network Card with network
address 0024E8B02DB0 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 10/30/2010 4:10:06 PM | Computer Name = CB_LAP | Source = System Error | ID = 1003
Description = Error code 1000000a, parameter1 00000016, parameter2 0000001c, parameter3
00000000, parameter4 804fa276.

Error - 10/30/2010 4:18:10 PM | Computer Name = CB_LAP | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 11/1/2010 6:35:31 AM | Computer Name = CB_LAP | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 11/1/2010 8:52:59 PM | Computer Name = CB_LAP | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.


< End of report >
 
Good news indeed :)

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

===================================================================

OTL log looks perfectly clean (rare) :)

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
I tried to run the Java stuff, but my registry seems to think I have an older version when I click on the Java icon in the Control Panel... either way, I installed the new version of Java and the old one is not there after running JavaRa, so we are good now with that.

I ran the SecurityCheck.exe

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Norton AntiVirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Malwarebytes' Anti-Malware
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player 10.0.22.87
Mozilla Firefox (3.0.19) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
````````````````````````````````
DNS Vulnerability Check:

Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

``````````End of Log````````````


I ran the file cleaner as well... I didn't get to the last bit yet... not sure if it was required or not as it was a free scan and not sure how long it was going to take and I only had 15 minutes.

Craig
 
OK, here is the Eset log... it founds something.

Craig

C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP242\A0016022.dll Win32/Olmarik.ADF trojan
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP242\A0016023.dll a variant of Win32/Kryptik.HQY trojan
 
That is in your restore points, which we're about to reset. Nothing to worry about :)

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.
 
Things ran well... thanks again for all the help.

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Craig
->Temp folder emptied: 137024 bytes
->Temporary Internet Files folder emptied: 355441 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 76525892 bytes
->Flash cache emptied: 405 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 74.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Craig
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.17.3 log created on 11062010_094934

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Craig\Local Settings\Temp\etilqs_xmk4crXY6rEO8okmBZLd not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_448.dat not found!

Registry entries deleted on Reboot...
 
Status
Not open for further replies.
Back