TechSpot

Redirected from Google search results to other malicious websites

Solved
By across151
Dec 8, 2010
Topic Status:
Not open for further replies.
  1. -google search results being redirected to random sites
    -rouge antivirus installed itself (possibly from mis-clicking one of the malicious sites that i was redirected to)
    -cannot open any other web browser except firefox, so i tried to reinstall google chrome but it crashes during installation

    i've gotten rid of the rouge AV with a malwarebytes full scan but everything else is still there.
    I also used Dr. Web CureIt! after scanning it with malwarebytes it found and deleted one backdoor


    Logs:
    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5274

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18975

    12/8/2010 4:03:32 PM
    mbam-log-2010-12-08 (16-03-32).txt

    Scan type: Quick scan
    Objects scanned: 144350
    Time elapsed: 4 minute(s), 24 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 7
    Registry Values Infected: 1
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 7

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\_VOID (Rootkit.TDSS) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\_VOIDd.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\7bde84a2-f58f-46ec-9eac-f1f90fead080 (Malware.Trace) -> Value: 7bde84a2-f58f-46ec-9eac-f1f90fead080 -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Windows\x32dott.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
    c:\programdata\fiosejgfse.dll (Rogue.Trace) -> Quarantined and deleted successfully.
    c:\Users\default.default-pc\favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.
    c:\Windows\System32\_voidufyppipkmi.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
    c:\Windows\System32\jeruvote.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    c:\Windows\System32\lugikeso.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    c:\Windows\System32\warning.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.







    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2010-12-08 21:01:11
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdePort0 FUJITSU_MHZ2320BH_G1 rev.0040020C
    Running: 6qh1o9rb.exe; Driver: C:\Users\DEFAUL~1.DEF\AppData\Local\Temp\pxrdifod.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 01: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 02: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 03: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 04: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 05: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 06: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 08: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 29: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 39: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 49: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sectors 625142192 (+255): rootkit-like behavior;

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdePort0 859251F8
    Device \Driver\atapi \Device\Ide\IdePort1 859251F8
    Device \Driver\atapi \Device\Ide\IdePort2 859251F8
    Device \Driver\atapi \Device\Ide\IdePort3 859251F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-3 859251F8
    Device \Driver\msahci \Device\Ide\PciIde0Channel0 859261F8
    Device \Driver\msahci \Device\Ide\PciIde0Channel1 859261F8
    Device \Driver\msahci \Device\Ide\PciIde0Channel4 859261F8
    Device \Driver\msahci \Device\Ide\PciIde0Channel5 859261F8
    Device \Driver\ayw0f0ry \Device\Scsi\ayw0f0ry1 86C4E1F8
    Device \Driver\ayw0f0ry \Device\Scsi\ayw0f0ry1Port5Path0Target0Lun0 86C4E1F8
    Device \FileSystem\Ntfs \Ntfs 859271F8

    AttachedDevice \Driver\tdx \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    Device \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskFUJITSU_MHZ2320BH_G1____________________0040020C#5&2fad11e1&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- EOF - GMER 1.0.15 ----








    DDS (Ver_10-12-05.01) - NTFSx86
    Run by Default at 21:02:25.27 on Wed 12/08/2010
    Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_20
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.2026 [GMT -5:00]

    AV: Norton 360 *On-access scanning disabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
    AV: Your Protection *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    SP: Norton 360 *disabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
    FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Users\Default.Default-PC\Downloads\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    uStart Page = hxxp://www.yahoo.com/
    uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
    uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    mStart Page = hxxp://www.yahoo.com
    mDefault_Page_URL = hxxp://www.yahoo.com
    mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBho.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.5\UIBHO.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [Google Update] "c:\users\default.default-pc\appdata\local\google\update\GoogleUpdate.exe" /c
    mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [NDSTray.exe] NDSTray.exe
    mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    AppInit_DLLs: merulizo.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    LSA: Notification Packages = scecli merulizo.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\defaul~1.def\appdata\roaming\mozilla\firefox\profiles\5tq1v4q7.default\
    FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    FF - plugin: c:\users\default.default-pc\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Extension: Skype extension for Firefox: {B13721C7-F507-4982-B2E5-502A71474FED} - c:\program files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\users\defaul~1.def\appdata\roaming\mozilla\firefox\profiles\5tq1v4q7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\defaul~1.def\appdata\roaming\mozilla\firefox\profiles\5tq1v4q7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Extension: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - c:\users\defaul~1.def\appdata\roaming\mozilla\firefox\profiles\5tq1v4q7.default\extensions\battlefieldheroespatcher@ea.com

    ============= SERVICES / DRIVERS ===============

    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 106208]
    R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20090625.001\IDSvix86.sys [2009-6-30 272432]
    R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
    R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-2-6 727720]
    R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-2-6 38240]
    R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-2-12 7168]
    R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 Ias;Windows Protected Services;c:\windows\system32\svchost.exe -k netsvcs [2008-1-20 21504]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2007-9-6 13824]
    S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2007-10-12 99200]
    S3 SQTECH9051;DB VGA Cam;c:\windows\system32\drivers\Capt9051.sys [2010-2-28 41216]
    S3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2007-1-9 38200]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]
    S4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
    S4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2008-2-12 1251720]
    S4 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]

    =============== Created Last 30 ================

    2010-12-09 00:37:47 -------- d-----w- c:\users\default.default-pc\DoctorWeb
    2010-12-08 22:27:23 48640 ---ha-w- c:\windows\system32\cselntui.dll
    2010-12-08 20:57:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-08 20:57:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-08 20:57:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-08 20:56:12 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{ecc51ce2-0aca-4c6c-bf54-d5fa89c12a44}\mpengine.dll
    2010-12-08 20:15:02 0 ----a-w- c:\users\defaul~1.def\appdata\local\Bcizusevihe.bin
    2010-12-08 20:15:00 -------- d-----w- c:\users\defaul~1.def\appdata\local\{3BAD1186-0B92-489D-A9A2-81E73CD607BC}
    2010-11-24 13:49:14 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
    2010-11-23 23:28:20 -------- d-----w- c:\users\defaul~1.def\appdata\local\FalloutNV
    2010-11-17 23:09:27 -------- d-----w- c:\program files\iPod
    2010-11-17 23:08:49 -------- d-----w- c:\program files\iTunes
    2010-11-10 21:46:35 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

    ==================== Find3M ====================

    2010-12-04 19:12:29 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
    2010-12-04 19:12:29 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
    2010-12-04 19:12:26 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
    2010-12-03 01:44:19 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
    2010-10-26 02:06:29 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-10-14 06:36:52 15451288 ----a-w- c:\windows\system32\xlive.dll
    2010-10-14 06:36:50 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
    2010-09-28 20:44:52 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
    2010-09-13 13:56:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL

    =================== ROOTKIT ====================

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.0.6002 Disk: FUJITSU_MHZ2320BH_G1 rev.0040020C -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x86870555]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x868767b0]; MOV EAX, [0x8687682c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x82255962] -> \Device\Harddisk0\DR0[0x861D3AC8]
    3 CLASSPNP[0x8A7138B3] -> ntkrnlpa!IofCallDriver[0x82255962] -> [0x8597F860]
    5 acpi[0x807BE6BC] -> ntkrnlpa!IofCallDriver[0x82255962] -> [0x859A7230]
    \Driver\atapi[0x862D61A8] -> IRP_MJ_CREATE -> 0x86870555
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
    detected disk devices:
    \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskFUJITSU_MHZ2320BH_G1____________________0040020C#5&2fad11e1&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    \Driver\atapi -> 0x859251f8
    user != kernel MBR !!!
    sectors 625142446 (+255): user != kernel
    Warning: possible TDL4 rootkit infection !
    TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

    ============= FINISH: 21:04:04.00 ===============









    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-05.01)

    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 6/8/2009 6:59:00 PM
    System Uptime: 12/8/2010 8:49:27 PM (1 hours ago)

    Motherboard: TOSHIBA | | Portable PC
    Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz | CPU | 2000/800mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 290 GiB total, 31.763 GiB free.
    D: is CDROM ()
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: Chicony USB 2.0 Camera
    Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_FF1E1179&REV_03\3&21436425&0&FB
    Manufacturer: Chicony
    Name: SM Bus Controller
    PNP Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_FF1E1179&REV_03\3&21436425&0&FB
    Service: usbvideo

    ==== System Restore Points ===================


    ==== Installed Programs ======================

    µTorrent
    AC3Filter (remove only)
    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Help Center 1.0
    Adobe Photoshop CS2
    Adobe Reader 8.2.3
    Adobe Stock Photos 1.0
    Any Video Converter 3.1.2
    AppCore
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Atheros Driver Installation Program
    ATI Catalyst Install Manager
    Auslogics Disk Defrag
    AV
    Bluetooth Stack for Windows by Toshiba
    BlueWare
    Bonjour
    Call of Duty(R) 4 - Modern Warfare(TM)
    Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
    Camera Assistant Software for Toshiba
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center Localization Chinese Standard
    Catalyst Control Center Localization Chinese Traditional
    Catalyst Control Center Localization Dutch
    Catalyst Control Center Localization French
    Catalyst Control Center Localization German
    Catalyst Control Center Localization Italian
    Catalyst Control Center Localization Japanese
    Catalyst Control Center Localization Korean
    Catalyst Control Center Localization Portuguese
    Catalyst Control Center Localization Spanish
    Catalyst Control Center Localization Swedish
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Dutch
    CCC Help English
    CCC Help French
    CCC Help German
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Portuguese
    CCC Help Spanish
    CCC Help Swedish
    ccCommon
    CCleaner
    CD/DVD Drive Acoustic Silencer
    Creative WebCam Instant Driver (1.01.02.0729)
    CyberLink PowerCinema for TOSHIBA
    DB VGA Cam
    Dead Space™
    Detector Tools
    Digital Blue Photo Downloader
    Dragon Age: Origins
    DVD MovieFactory for TOSHIBA
    ESET Smart Security
    Fallout New Vegas
    foobar2000 v1.1
    GearDrvs
    GeoGebra
    Google Chrome
    Google Desktop
    Guitar Pro 5.2
    Half-Life 2
    Half-Life 2: Deathmatch
    HamsterFreeVideoConverter
    Hitman Pro 3.5
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP USB Disk Storage Format Tool
    Interactive Precalculus Sixth Edition
    iPodCopy
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 20
    Java(TM) 6 Update 3
    Juniper Networks Setup Client
    Juniper Networks Setup Client Activex Control
    K-Lite Codec Pack 5.0.5 (Basic)
    Lexmark 2400 Series
    LimeWire 5.5.16
    LiveUpdate 3.2 (Symantec Corporation)
    LiveUpdate Notice (Symantec Corporation)
    Malwarebytes' Anti-Malware
    Memeo AutoBackup
    Messenger Plus! Live
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft XML Parser
    Mobile Broadband Generic Drivers
    Mozilla Firefox (3.6.6)
    MSVCRT
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    My Secret Circle
    Napster
    Napster Burn Engine
    Norton 360
    Norton 360 (Symantec Corporation)
    Norton 360 Help
    Norton Confidential Browser Component
    Norton Confidential Web Authentification Component
    Norton Confidential Web Protection Component
    NVIDIA PhysX
    Octoshape add-in for Adobe Flash Player
    OGA Notifier 2.0.0048.0
    ooVoo
    PartitionMagic
    PeerGuardian 2.0
    Picasa 2
    Portal
    PowerQuest PartitionMagic 8.0
    QiGODiscoveryAgent
    QuickBooks Financial Center
    QuickTime
    Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
    Realtek High Definition Audio Driver
    RESIDENT EVIL 5
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office Outlook 2007 (KB2288953)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB982124)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Media Encoder (KB954156)
    Security Update for Windows Media Encoder (KB979332)
    Skins
    Skype web features
    Skype™ 4.1
    SPBBC 32bit
    Sprint Mobile Broadband (Novatel Wireless) - Lite
    StarCraft II
    Steam
    SuppSoft
    Symantec Real Time Storage Protection Component
    Symantec Technical Support Controls
    SymNet
    Synaptics Pointing Device Driver
    System Requirements Lab
    System Requirements Lab CYRI
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Disc Creator
    TOSHIBA DVD PLAYER
    TOSHIBA Extended Tiles for Windows Mobility Center
    TOSHIBA Face Recognition
    TOSHIBA Games
    TOSHIBA Hardware Setup
    TOSHIBA Recovery Disc Creator
    Toshiba Registration
    TOSHIBA SD Memory Utilities
    TOSHIBA Software Modem
    TOSHIBA Software Upgrades
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2443839)
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Warhammer® 40,000™: Dawn of War® II
    Winamp
    Winamp Detector Plug-in
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Messenger
    Windows Live Upload Tool
    Windows Media Encoder 9 Series
    WinRAR archiver
    Yahoo! Messenger
    Yahoo! Toolbar
    YouTube Downloader 2.5.4

    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ========================================================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  3. across151

    across151 TS Rookie Topic Starter Posts: 23

    2010/12/09 15:46:52.0698 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
    2010/12/09 15:46:52.0698 ================================================================================
    2010/12/09 15:46:52.0698 SystemInfo:
    2010/12/09 15:46:52.0698
    2010/12/09 15:46:52.0698 OS Version: 6.0.6002 ServicePack: 2.0
    2010/12/09 15:46:52.0698 Product type: Workstation
    2010/12/09 15:46:52.0698 ComputerName: DEFAULT-PC
    2010/12/09 15:46:52.0698 UserName: Default
    2010/12/09 15:46:52.0698 Windows directory: C:\Windows
    2010/12/09 15:46:52.0698 System windows directory: C:\Windows
    2010/12/09 15:46:52.0698 Processor architecture: Intel x86
    2010/12/09 15:46:52.0698 Number of processors: 2
    2010/12/09 15:46:52.0698 Page size: 0x1000
    2010/12/09 15:46:52.0698 Boot type: Normal boot
    2010/12/09 15:46:52.0698 ================================================================================
    2010/12/09 15:46:58.0330 Initialize success
    2010/12/09 15:47:05.0256 ================================================================================
    2010/12/09 15:47:05.0256 Scan started
    2010/12/09 15:47:05.0256 Mode: Manual;
    2010/12/09 15:47:05.0256 ================================================================================
    2010/12/09 15:47:05.0740 61883 (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys
    2010/12/09 15:47:05.0802 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    2010/12/09 15:47:05.0927 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    2010/12/09 15:47:06.0005 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    2010/12/09 15:47:06.0052 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    2010/12/09 15:47:06.0099 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    2010/12/09 15:47:06.0192 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
    2010/12/09 15:47:06.0364 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
    2010/12/09 15:47:06.0489 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    2010/12/09 15:47:06.0551 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2010/12/09 15:47:06.0598 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
    2010/12/09 15:47:06.0660 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    2010/12/09 15:47:06.0723 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
    2010/12/09 15:47:06.0769 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    2010/12/09 15:47:06.0801 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
    2010/12/09 15:47:06.0910 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    2010/12/09 15:47:06.0988 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    2010/12/09 15:47:07.0066 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    2010/12/09 15:47:07.0113 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    2010/12/09 15:47:07.0284 atikmdag (d5ab32f003780f21325f1c1df613f867) C:\Windows\system32\DRIVERS\atikmdag.sys
    2010/12/09 15:47:07.0456 Avc (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys
    2010/12/09 15:47:07.0549 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    2010/12/09 15:47:07.0627 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    2010/12/09 15:47:07.0752 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
    2010/12/09 15:47:07.0861 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2010/12/09 15:47:07.0908 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2010/12/09 15:47:07.0986 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2010/12/09 15:47:08.0064 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2010/12/09 15:47:08.0127 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2010/12/09 15:47:08.0173 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2010/12/09 15:47:08.0251 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    2010/12/09 15:47:08.0392 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    2010/12/09 15:47:08.0439 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\Windows\system32\drivers\Cdr4_xp.sys
    2010/12/09 15:47:08.0470 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\Windows\system32\drivers\Cdralw2k.sys
    2010/12/09 15:47:08.0563 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    2010/12/09 15:47:08.0673 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
    2010/12/09 15:47:08.0735 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    2010/12/09 15:47:08.0875 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    2010/12/09 15:47:08.0953 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
    2010/12/09 15:47:09.0000 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    2010/12/09 15:47:09.0094 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    2010/12/09 15:47:09.0156 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    2010/12/09 15:47:09.0281 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
    2010/12/09 15:47:09.0390 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    2010/12/09 15:47:09.0515 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
    2010/12/09 15:47:09.0577 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    2010/12/09 15:47:09.0640 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
    2010/12/09 15:47:09.0749 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    2010/12/09 15:47:09.0843 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
    2010/12/09 15:47:09.0921 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2010/12/09 15:47:10.0061 eamon (59d9e5dbcfef1e0e3dbac1b55c718f2d) C:\Windows\system32\DRIVERS\eamon.sys
    2010/12/09 15:47:10.0342 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    2010/12/09 15:47:10.0435 eeCtrl (70aeac5d481b2904b40f2173e280b1b5) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    2010/12/09 15:47:10.0576 ehdrv (3bd67a869964bf57266cbbd1dca38c6a) C:\Windows\system32\DRIVERS\ehdrv.sys
    2010/12/09 15:47:10.0716 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    2010/12/09 15:47:10.0794 epfw (1a7384d0684adc204178f593994194b1) C:\Windows\system32\DRIVERS\epfw.sys
    2010/12/09 15:47:10.0825 Epfwndis (82ccb9d92dd674f3a4758f4a6a18fc1c) C:\Windows\system32\DRIVERS\Epfwndis.sys
    2010/12/09 15:47:10.0950 epfwwfp (a42d685fba0055386871c8f0a9bb40a5) C:\Windows\system32\DRIVERS\epfwwfp.sys
    2010/12/09 15:47:11.0044 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
    2010/12/09 15:47:11.0153 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    2010/12/09 15:47:11.0215 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    2010/12/09 15:47:11.0325 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    2010/12/09 15:47:11.0418 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    2010/12/09 15:47:11.0465 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    2010/12/09 15:47:11.0512 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    2010/12/09 15:47:11.0574 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    2010/12/09 15:47:11.0730 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    2010/12/09 15:47:11.0824 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
    2010/12/09 15:47:11.0886 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    2010/12/09 15:47:11.0980 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
    2010/12/09 15:47:12.0120 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    2010/12/09 15:47:12.0198 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2010/12/09 15:47:12.0276 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    2010/12/09 15:47:12.0323 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    2010/12/09 15:47:12.0432 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    2010/12/09 15:47:12.0510 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
    2010/12/09 15:47:12.0588 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    2010/12/09 15:47:12.0666 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    2010/12/09 15:47:12.0760 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    2010/12/09 15:47:12.0885 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    2010/12/09 15:47:13.0041 IDSvix86 (74f2b7d99b8613eac36edf22a2ab3b08) C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20090625.001\IDSvix86.sys
    2010/12/09 15:47:13.0134 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2010/12/09 15:47:13.0290 IntcAzAudAddService (8a4341616976e47712b60f18c7049dcc) C:\Windows\system32\drivers\RTKVHDA.sys
    2010/12/09 15:47:13.0353 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    2010/12/09 15:47:13.0384 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    2010/12/09 15:47:13.0509 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2010/12/09 15:47:13.0602 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
    2010/12/09 15:47:13.0680 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    2010/12/09 15:47:13.0758 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    2010/12/09 15:47:13.0852 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    2010/12/09 15:47:13.0914 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    2010/12/09 15:47:13.0977 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2010/12/09 15:47:14.0039 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2010/12/09 15:47:14.0070 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2010/12/09 15:47:14.0179 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
    2010/12/09 15:47:14.0257 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
    2010/12/09 15:47:14.0351 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
    2010/12/09 15:47:14.0413 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    2010/12/09 15:47:14.0585 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    2010/12/09 15:47:14.0632 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
    2010/12/09 15:47:14.0694 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
    2010/12/09 15:47:14.0772 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
    2010/12/09 15:47:14.0835 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    2010/12/09 15:47:14.0991 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
    2010/12/09 15:47:15.0100 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
    2010/12/09 15:47:15.0209 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    2010/12/09 15:47:15.0287 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    2010/12/09 15:47:15.0365 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    2010/12/09 15:47:15.0412 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    2010/12/09 15:47:15.0443 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    2010/12/09 15:47:15.0490 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
    2010/12/09 15:47:15.0552 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    2010/12/09 15:47:15.0630 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2010/12/09 15:47:15.0708 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    2010/12/09 15:47:15.0755 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2010/12/09 15:47:15.0802 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2010/12/09 15:47:15.0895 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2010/12/09 15:47:15.0989 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
    2010/12/09 15:47:16.0036 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
    2010/12/09 15:47:16.0129 MSDV (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys
    2010/12/09 15:47:16.0207 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    2010/12/09 15:47:16.0285 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    2010/12/09 15:47:16.0379 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    2010/12/09 15:47:16.0426 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    2010/12/09 15:47:16.0473 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    2010/12/09 15:47:16.0551 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    2010/12/09 15:47:16.0597 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    2010/12/09 15:47:16.0691 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    2010/12/09 15:47:16.0738 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    2010/12/09 15:47:16.0847 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    2010/12/09 15:47:17.0065 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    2010/12/09 15:47:17.0159 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    2010/12/09 15:47:17.0190 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    2010/12/09 15:47:17.0284 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2010/12/09 15:47:17.0346 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    2010/12/09 15:47:17.0377 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    2010/12/09 15:47:17.0455 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    2010/12/09 15:47:17.0643 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
    2010/12/09 15:47:17.0845 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
    2010/12/09 15:47:18.0017 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    2010/12/09 15:47:18.0095 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    2010/12/09 15:47:18.0157 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    2010/12/09 15:47:18.0220 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    2010/12/09 15:47:18.0329 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    2010/12/09 15:47:18.0438 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
    2010/12/09 15:47:18.0485 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    2010/12/09 15:47:18.0547 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
    2010/12/09 15:47:18.0641 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
    2010/12/09 15:47:18.0703 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
    2010/12/09 15:47:18.0813 NWADI (67fb86eeb94059177642050718d57460) C:\Windows\system32\DRIVERS\NWADIenum.sys
    2010/12/09 15:47:18.0969 NWUSBCDFIL (ab2155b8acdf07e63e26c9a0ed07b825) C:\Windows\system32\DRIVERS\NwUsbCdFil.sys
    2010/12/09 15:47:19.0015 NWUSBModem (4e651808b35656ac88a4dcdaf6cc1169) C:\Windows\system32\DRIVERS\nwusbmdm.sys
    2010/12/09 15:47:19.0047 NWUSBPort (4e651808b35656ac88a4dcdaf6cc1169) C:\Windows\system32\DRIVERS\nwusbser.sys
    2010/12/09 15:47:19.0062 NWUSBPort2 (4e651808b35656ac88a4dcdaf6cc1169) C:\Windows\system32\DRIVERS\nwusbser2.sys
    2010/12/09 15:47:19.0171 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
    2010/12/09 15:47:19.0281 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    2010/12/09 15:47:19.0343 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    2010/12/09 15:47:19.0390 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    2010/12/09 15:47:19.0483 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\Drivers\PCASp50.sys
    2010/12/09 15:47:19.0561 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    2010/12/09 15:47:19.0624 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
    2010/12/09 15:47:19.0702 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    2010/12/09 15:47:19.0811 PD0620VID (4431f2fa27f56f4bc654b0af5810cc91) C:\Windows\system32\DRIVERS\P0620Vid.sys
    2010/12/09 15:47:19.0920 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2010/12/09 15:47:20.0061 pgfilter (2cf226173b467ab48f89d77e89936951) C:\Program Files\PeerGuardian2\pgfilter.sys
    2010/12/09 15:47:20.0201 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    2010/12/09 15:47:20.0326 PQNTDrv (4228630829c0e521c43d882a00533374) C:\Windows\system32\drivers\PQNTDrv.sys
    2010/12/09 15:47:20.0388 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
    2010/12/09 15:47:20.0466 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    2010/12/09 15:47:20.0529 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\Windows\system32\Drivers\PxHelp20.sys
    2010/12/09 15:47:20.0638 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
    2010/12/09 15:47:20.0716 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2010/12/09 15:47:20.0763 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    2010/12/09 15:47:20.0809 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    2010/12/09 15:47:20.0872 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2010/12/09 15:47:20.0950 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    2010/12/09 15:47:21.0012 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    2010/12/09 15:47:21.0059 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    2010/12/09 15:47:21.0121 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2010/12/09 15:47:21.0184 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
    2010/12/09 15:47:21.0246 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    2010/12/09 15:47:21.0309 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    2010/12/09 15:47:21.0433 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
    2010/12/09 15:47:21.0511 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
    2010/12/09 15:47:21.0558 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
    2010/12/09 15:47:21.0667 RMCAST (eec7ee5675294b03e88aa868540007c1) C:\Windows\system32\DRIVERS\RMCAST.sys
    2010/12/09 15:47:21.0745 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    2010/12/09 15:47:21.0855 RTHDMIAzAudService (9bb3b278b082acd7dad7b6f4fa442e30) C:\Windows\system32\drivers\RtHDMIV.sys
    2010/12/09 15:47:21.0901 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
    2010/12/09 15:47:21.0979 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    2010/12/09 15:47:22.0120 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
    2010/12/09 15:47:22.0213 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    2010/12/09 15:47:22.0291 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    2010/12/09 15:47:22.0369 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    2010/12/09 15:47:22.0447 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
    2010/12/09 15:47:22.0525 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
    2010/12/09 15:47:22.0603 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
    2010/12/09 15:47:22.0666 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    2010/12/09 15:47:22.0744 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
    2010/12/09 15:47:22.0791 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
    2010/12/09 15:47:22.0869 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
    2010/12/09 15:47:22.0962 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    2010/12/09 15:47:23.0087 SPBBCDrv (cdea9a0a0e547fef4c44ccae35a9b09c) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
    2010/12/09 15:47:23.0149 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    2010/12/09 15:47:23.0290 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
    2010/12/09 15:47:23.0290 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
    2010/12/09 15:47:23.0305 sptd - detected Locked file (1)
    2010/12/09 15:47:23.0399 SQTECH9051 (2a2a3630f0c4771319b90d1b63c4b999) C:\Windows\system32\Drivers\Capt9051.sys
    2010/12/09 15:47:23.0493 SRTSP (655773f2f1a3730c6cf20280a49f4ee1) C:\Windows\system32\Drivers\SRTSP.SYS
    2010/12/09 15:47:23.0571 SRTSPL (2a0aaf370d4c6574a34ae2f4a0709cae) C:\Windows\system32\Drivers\SRTSPL.SYS
    2010/12/09 15:47:23.0617 SRTSPX (3104bdceace2d5710776dd05e6a286c1) C:\Windows\system32\Drivers\SRTSPX.SYS
    2010/12/09 15:47:23.0680 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
    2010/12/09 15:47:23.0742 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
    2010/12/09 15:47:23.0805 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
    2010/12/09 15:47:23.0914 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    2010/12/09 15:47:23.0961 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2010/12/09 15:47:24.0023 SYMDNS (a16d76baa5d2cbe45c57fa582c1208e5) C:\Windows\System32\Drivers\SYMDNS.SYS
    2010/12/09 15:47:24.0085 SymEvent (06b95820df51502099a8a15c93e87986) C:\Windows\system32\Drivers\SYMEVENT.SYS
    2010/12/09 15:47:24.0163 SYMFW (c64d200569a18ea6c676266dee3ac158) C:\Windows\System32\Drivers\SYMFW.SYS
    2010/12/09 15:47:24.0226 SYMIDS (7764d3d7a3c858f04ced3c1f16410d89) C:\Windows\System32\Drivers\SYMIDS.SYS
    2010/12/09 15:47:24.0319 SYMNDISV (d193684004658fe4f3f143ca6dd9ef8b) C:\Windows\System32\Drivers\SYMNDISV.SYS
    2010/12/09 15:47:24.0397 SYMREDRV (829830a3ca1c5e329d68e26c9cd2de8d) C:\Windows\System32\Drivers\SYMREDRV.SYS
    2010/12/09 15:47:24.0444 SYMTDI (b1aa9704124b494c34e8d372e6654196) C:\Windows\System32\Drivers\SYMTDI.SYS
    2010/12/09 15:47:24.0522 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2010/12/09 15:47:24.0585 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2010/12/09 15:47:24.0663 SynTP (70534d1e4f9ac990536d5fb5b550b3de) C:\Windows\system32\DRIVERS\SynTP.sys
    2010/12/09 15:47:24.0772 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
    2010/12/09 15:47:24.0850 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
    2010/12/09 15:47:24.0912 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    2010/12/09 15:47:25.0006 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
    2010/12/09 15:47:25.0068 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    2010/12/09 15:47:25.0146 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    2010/12/09 15:47:25.0224 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    2010/12/09 15:47:25.0287 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    2010/12/09 15:47:25.0489 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys
    2010/12/09 15:47:25.0567 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
    2010/12/09 15:47:25.0661 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2010/12/09 15:47:25.0708 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    2010/12/09 15:47:25.0786 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    2010/12/09 15:47:25.0848 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
    2010/12/09 15:47:25.0911 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
    2010/12/09 15:47:25.0989 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    2010/12/09 15:47:26.0067 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
    2010/12/09 15:47:26.0160 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
    2010/12/09 15:47:26.0238 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2010/12/09 15:47:26.0316 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2010/12/09 15:47:26.0363 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    2010/12/09 15:47:26.0425 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
    2010/12/09 15:47:26.0488 usbbus (5353218b3265e3b8190335059f697a11) C:\Windows\system32\DRIVERS\lgusbbus.sys
    2010/12/09 15:47:26.0597 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    2010/12/09 15:47:26.0659 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    2010/12/09 15:47:26.0722 UsbDiag (7dd3eefc62a1ef44e5f940fa651ed9ed) C:\Windows\system32\DRIVERS\lgusbdiag.sys
    2010/12/09 15:47:26.0800 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    2010/12/09 15:47:26.0862 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    2010/12/09 15:47:26.0940 USBModem (083031a78822eccbd7510bccd3e20d4c) C:\Windows\system32\DRIVERS\lgusbmodem.sys
    2010/12/09 15:47:27.0018 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    2010/12/09 15:47:27.0096 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    2010/12/09 15:47:27.0190 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    2010/12/09 15:47:27.0299 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2010/12/09 15:47:27.0346 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    2010/12/09 15:47:27.0424 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    2010/12/09 15:47:27.0455 UVCFTR (8c5094a8ab24de7496c7c19942f2df04) C:\Windows\system32\Drivers\UVCFTR_S.SYS
    2010/12/09 15:47:27.0533 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    2010/12/09 15:47:27.0611 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    2010/12/09 15:47:27.0658 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
    2010/12/09 15:47:27.0736 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
    2010/12/09 15:47:27.0829 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
    2010/12/09 15:47:27.0876 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    2010/12/09 15:47:27.0954 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    2010/12/09 15:47:28.0032 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    2010/12/09 15:47:28.0095 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
    2010/12/09 15:47:28.0188 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2010/12/09 15:47:28.0251 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/12/09 15:47:28.0282 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/12/09 15:47:28.0375 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    2010/12/09 15:47:28.0438 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    2010/12/09 15:47:28.0594 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
    2010/12/09 15:47:28.0703 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
    2010/12/09 15:47:28.0797 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    2010/12/09 15:47:28.0890 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
    2010/12/09 15:47:28.0999 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2010/12/09 15:47:29.0093 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2010/12/09 15:47:29.0093 ================================================================================
    2010/12/09 15:47:29.0093 Scan finished
    2010/12/09 15:47:29.0093 ================================================================================
    2010/12/09 15:47:29.0109 Detected object count: 2
    2010/12/09 15:47:44.0365 Locked file(sptd) - User select action: Skip
    2010/12/09 15:47:44.0381 \HardDisk0 - will be cured after reboot
    2010/12/09 15:47:44.0381 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2010/12/09 15:47:53.0023 Deinitialize success
     
  4. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    Good :)
    How is redirection?

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =====================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.pif
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. across151

    across151 TS Rookie Topic Starter Posts: 23

    redirect issue's gone, thank you.

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 32-bit
    Base Board Manufacturer: TOSHIBA
    BIOS Manufacturer: INSYDE
    System Manufacturer: TOSHIBA
    System Product Name: Satellite A305
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 166):
    0x82250000 \SystemRoot\system32\ntkrnlpa.exe
    0x8221D000 \SystemRoot\system32\hal.dll
    0x80407000 \SystemRoot\system32\kdcom.dll
    0x8040E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x8047E000 \SystemRoot\system32\PSHED.dll
    0x8048F000 \SystemRoot\system32\BOOTVID.dll
    0x80497000 \SystemRoot\system32\CLFS.SYS
    0x804D8000 \SystemRoot\system32\CI.dll
    0x80609000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x80685000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x80692000 \SystemRoot\System32\Drivers\spyz.sys
    0x80785000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x8078E000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x807B4000 \SystemRoot\system32\drivers\acpi.sys
    0x80600000 \SystemRoot\system32\drivers\msisadrv.sys
    0x805B8000 \SystemRoot\system32\drivers\pci.sys
    0x805DF000 \SystemRoot\System32\drivers\partmgr.sys
    0x807FA000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x805EE000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x82C02000 \SystemRoot\system32\drivers\volmgr.sys
    0x82C11000 \SystemRoot\System32\drivers\volmgrx.sys
    0x82C5B000 \SystemRoot\system32\drivers\intelide.sys
    0x82C62000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x82C70000 \SystemRoot\System32\drivers\mountmgr.sys
    0x82C80000 \SystemRoot\system32\drivers\atapi.sys
    0x82C88000 \SystemRoot\system32\drivers\ataport.SYS
    0x82CA6000 \SystemRoot\system32\drivers\msahci.sys
    0x82CB0000 \SystemRoot\system32\drivers\fltmgr.sys
    0x82CE2000 \SystemRoot\system32\drivers\fileinfo.sys
    0x82CF2000 \SystemRoot\System32\Drivers\PxHelp20.sys
    0x82CFB000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x82E0B000 \SystemRoot\system32\drivers\ndis.sys
    0x82F16000 \SystemRoot\system32\drivers\msrpc.sys
    0x82F41000 \SystemRoot\system32\drivers\NETIO.SYS
    0x8A60A000 \SystemRoot\System32\drivers\tcpip.sys
    0x8A6F4000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8A80E000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x8A91E000 \SystemRoot\system32\drivers\volsnap.sys
    0x8A957000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
    0x8A95C000 \SystemRoot\system32\DRIVERS\tos_sps32.sys
    0x8A9A7000 \SystemRoot\System32\Drivers\spldr.sys
    0x8A9AF000 \SystemRoot\System32\Drivers\mup.sys
    0x8A9BE000 \SystemRoot\System32\drivers\ecache.sys
    0x8A9E5000 \SystemRoot\system32\drivers\disk.sys
    0x8A70F000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x8A9F6000 \SystemRoot\system32\drivers\crcdisk.sys
    0x8A745000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x8A750000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x8A759000 \SystemRoot\system32\DRIVERS\FwLnk.sys
    0x8A761000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x8A770000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x8E207000 \SystemRoot\system32\DRIVERS\atikmdag.sys
    0x8E6AB000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x8E74C000 \SystemRoot\System32\drivers\watchdog.sys
    0x8E758000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x8E7E5000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x8A774000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x8E7F0000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x8A7B2000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
    0x8EA08000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
    0x8EDC9000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
    0x8EDD8000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
    0x82F7C000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
    0x8EDEC000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x8A7F3000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x82FCD000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x8EA00000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x82E00000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x8EA02000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
    0x82D6C000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8E200000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    0x82DA5000 \SystemRoot\System32\Drivers\ks.sys
    0x8EE08000 \SystemRoot\System32\Drivers\azor3w8m.SYS
    0x8EE41000 \SystemRoot\system32\DRIVERS\Epfwndis.sys
    0x8EE4C000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x8EE7B000 \SystemRoot\system32\DRIVERS\storport.sys
    0x8EEBC000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8EEC7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8EEDE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8EEE9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x8EF0C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x8EF1B000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x8EF2F000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x8EF44000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8EF54000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x8EF56000 \SystemRoot\system32\DRIVERS\NWADIenum.sys
    0x8EF8A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x8EF94000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x8EFA1000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x8EFD6000 \SystemRoot\system32\drivers\RtHDMIV.sys
    0x82DCF000 \SystemRoot\system32\drivers\portcls.sys
    0x90009000 \SystemRoot\system32\drivers\drmk.sys
    0x90600000 \SystemRoot\system32\drivers\RTKVHDA.sys
    0x9002E000 \SystemRoot\system32\DRIVERS\AGRSM.sys
    0x9014A000 \SystemRoot\system32\drivers\modem.sys
    0x90157000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x907F7000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
    0x907F8000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
    0x90168000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x907F9000 \SystemRoot\System32\Drivers\Null.SYS
    0x90171000 \SystemRoot\System32\Drivers\Beep.SYS
    0x90178000 \SystemRoot\system32\DRIVERS\ehdrv.sys
    0x90194000 \SystemRoot\System32\drivers\vga.sys
    0x901A0000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x901C1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x901C9000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x901D1000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x901DC000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x901EA000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x82D84000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x90A0C000 \SystemRoot\System32\Drivers\SYMTDI.SYS
    0x90A3A000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
    0x90A5F000 \SystemRoot\system32\DRIVERS\smb.sys
    0x90A73000 \SystemRoot\system32\drivers\afd.sys
    0x90ABB000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x90AED000 \SystemRoot\system32\drivers\ws2ifsl.sys
    0x90AF6000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x90B0C000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x90B1A000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x90B2D000 \SystemRoot\System32\Drivers\SRTSPX.SYS
    0x90B37000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x90B73000 \SystemRoot\System32\Drivers\PQNTDrv.SYS
    0x90B74000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x90B7E000 \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20090625.001\IDSvix86.sys
    0x91002000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    0x91060000 \SystemRoot\System32\Drivers\dfsc.sys
    0x91077000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x91084000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x9108F000 \SystemRoot\System32\Drivers\dump_msahci.sys
    0x91099000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x910B0000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x910B9000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x910C9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x910D0000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x98EB0000 \SystemRoot\System32\win32k.sys
    0x910D8000 \SystemRoot\System32\drivers\Dxapi.sys
    0x910E2000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x990D0000 \SystemRoot\System32\TSDDD.dll
    0x990F0000 \SystemRoot\System32\cdd.dll
    0x910F1000 \SystemRoot\system32\DRIVERS\eamon.sys
    0x911AD000 \SystemRoot\system32\DRIVERS\epfw.sys
    0x9C202000 \SystemRoot\system32\drivers\spsys.sys
    0x9C2B2000 \SystemRoot\system32\DRIVERS\RMCAST.sys
    0x9C2E2000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x9C2F2000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x9C31C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x9C326000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x9C339000 \SystemRoot\system32\drivers\HTTP.sys
    0x9C3A6000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x9C3C3000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x9C3DC000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x911D0000 \SystemRoot\system32\drivers\mrxdav.sys
    0x90BC4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x9EA0B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x9EA44000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x9EA5C000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x9EA84000 \SystemRoot\System32\DRIVERS\srv.sys
    0x9EAD2000 \SystemRoot\system32\DRIVERS\epfwwfp.sys
    0x9EAE0000 \SystemRoot\system32\drivers\peauth.sys
    0x9EBBE000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x9EBCA000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x9EBE0000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0x90BE3000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x9C3F1000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x77B50000 \Windows\System32\ntdll.dll
    0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll

    Processes (total 55):
    0 System Idle Process
    4 System
    572 C:\Windows\System32\smss.exe
    644 csrss.exe
    704 C:\Windows\System32\wininit.exe
    716 csrss.exe
    748 C:\Windows\System32\services.exe
    776 C:\Windows\System32\winlogon.exe
    792 C:\Windows\System32\lsass.exe
    804 C:\Windows\System32\lsm.exe
    968 C:\Windows\System32\svchost.exe
    1008 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    1052 C:\Windows\System32\svchost.exe
    1104 C:\Windows\System32\svchost.exe
    1160 C:\Windows\System32\svchost.exe
    1188 C:\Windows\System32\svchost.exe
    1204 C:\Windows\System32\svchost.exe
    1292 C:\Windows\System32\audiodg.exe
    1328 C:\Windows\System32\svchost.exe
    1344 C:\Windows\System32\SLsvc.exe
    1400 C:\Windows\System32\svchost.exe
    1592 C:\Windows\System32\svchost.exe
    1900 C:\Windows\System32\spoolsv.exe
    1952 C:\Windows\System32\svchost.exe
    2032 C:\Windows\System32\dwm.exe
    204 C:\Windows\explorer.exe
    428 C:\Windows\System32\taskeng.exe
    1492 C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
    1688 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1988 C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
    2228 C:\Windows\System32\taskeng.exe
    2268 C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    2344 C:\Program Files\Windows Defender\MSASCui.exe
    2392 C:\Windows\System32\PnkBstrA.exe
    2420 C:\Windows\System32\svchost.exe
    2448 C:\Windows\System32\svchost.exe
    2500 C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    2664 C:\Windows\System32\svchost.exe
    2740 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    2944 C:\Windows\System32\SearchIndexer.exe
    3056 C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
    3124 C:\Program Files\ESET\ESET Smart Security\egui.exe
    3160 C:\Windows\ehome\ehtray.exe
    3172 C:\Program Files\Windows Media Player\wmpnscfg.exe
    3352 C:\Windows\ehome\ehmsas.exe
    3624 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    3740 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4080 C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
    1532 dllhost.exe
    3980 C:\Program Files\Windows Media Player\wmpnscfg.exe
    3412 C:\Windows\System32\wuauclt.exe
    2736 C:\Program Files\iPod\bin\iPodService.exe
    5008 C:\Program Files\Mozilla Firefox\firefox.exe
    3860 C:\Program Files\Mozilla Firefox\plugin-container.exe
    1368 C:\Users\Default.Default-PC\Downloads\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)

    PhysicalDrive0 Model Number: FUJITSUMHZ2320BHG1, Rev: 0040020C

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
    SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61


    Done!



    ComboFix 10-12-08.04 - Default 12/09/2010 23:35:29.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1972 [GMT -5:00]
    Running from: c:\users\Default.Default-PC\Downloads\ComboFix.exe
    AV: Norton 360 *On-access scanning disabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
    FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
    SP: Norton 360 *disabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\Default.Default-PC\AppData\Local\{3BAD1186-0B92-489D-A9A2-81E73CD607BC}
    c:\users\Default.Default-PC\AppData\Local\{3BAD1186-0B92-489D-A9A2-81E73CD607BC}\chrome\content\overlay.xul
    c:\users\Default.Default-PC\AppData\Local\{3BAD1186-0B92-489D-A9A2-81E73CD607BC}\install.rdf
    c:\users\Default.Default-PC\AppData\Roaming\Adobe\AdobeUpdate .exe
    c:\users\Default.Default-PC\AppData\Roaming\Adobe\plugs
    c:\users\Default.Default-PC\AppData\Roaming\Microsoft\Windows\Recent\Half-Life 2.url
    c:\windows\system32\11478.exe
    c:\windows\system32\15724.exe
    c:\windows\system32\18467.exe
    c:\windows\system32\19169.exe
    c:\windows\system32\24464.exe
    c:\windows\system32\26500.exe
    c:\windows\system32\26962.exe
    c:\windows\system32\29358.exe
    c:\windows\system32\5705.exe
    c:\windows\system32\6334.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy__VOIDXXQIUVICII
    -------\Service__VOIDxxqiuvicii
    -------\Service_Ias


    ((((((((((((((((((((((((( Files Created from 2010-11-10 to 2010-12-10 )))))))))))))))))))))))))))))))
    .

    2010-12-10 04:41 . 2010-12-10 04:44 -------- d-----w- c:\users\Default.Default-PC\AppData\Local\temp
    2010-12-10 04:41 . 2010-12-10 04:41 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-12-10 01:48 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1EB5788-6C0C-4149-9951-E4371AF75F55}\mpengine.dll
    2010-12-09 00:37 . 2010-12-09 00:37 -------- d-----w- c:\users\Default.Default-PC\DoctorWeb
    2010-12-08 22:27 . 2010-12-08 22:27 48640 ---ha-w- c:\windows\system32\cselntui.dll
    2010-12-08 20:57 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-08 20:57 . 2010-12-08 20:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-08 20:57 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-08 20:15 . 2010-12-08 20:15 0 ----a-w- c:\users\Default.Default-PC\AppData\Local\Bcizusevihe.bin
    2010-11-24 13:49 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
    2010-11-23 23:28 . 2010-11-23 23:28 -------- d-----w- c:\users\Default.Default-PC\AppData\Local\FalloutNV
    2010-11-17 23:09 . 2010-11-17 23:09 -------- d-----w- c:\program files\iPod
    2010-11-17 23:08 . 2010-11-17 23:11 -------- d-----w- c:\program files\iTunes
    2010-11-10 21:46 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-08 20:54 . 2010-04-03 04:17 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2010-12-04 19:12 . 2009-06-11 02:50 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2010-12-04 19:12 . 2009-06-11 04:28 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
    2010-12-04 19:12 . 2009-06-11 02:50 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
    2010-12-04 19:12 . 2009-06-11 02:50 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
    2010-12-03 01:44 . 2009-06-11 02:50 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
    2010-11-17 22:05 . 2009-08-18 16:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
    2010-11-17 22:05 . 2009-08-18 16:24 17816 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2010-10-26 02:06 . 2009-08-29 20:00 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    2010-10-19 15:41 . 2009-10-21 15:49 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-10-14 06:36 . 2010-10-14 06:36 15451288 ----a-w- c:\windows\system32\xlive.dll
    2010-10-14 06:36 . 2010-10-14 06:36 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
    2010-09-28 20:44 . 2010-09-28 20:44 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2010-09-28 20:44 . 2010-09-28 20:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
    2010-09-13 13:56 . 2010-10-13 23:09 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NDSTray.exe"="NDSTray.exe" [BU]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKLM\~\startupfolder\C:^Users^Default.Default-PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    path=c:\users\Default.Default-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
    backup=c:\windows\pss\Adobe Gamma.lnk.Startup
    backupExtension=.Startup

    [HKLM\~\startupfolder\C:^Users^Default.Default-PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^QiGO Discovery Agent.lnk]
    path=c:\users\Default.Default-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QiGO Discovery Agent.lnk
    backup=c:\windows\pss\QiGO Discovery Agent.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-06-17 06:24 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
    2008-09-26 18:22 417792 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    2007-01-10 05:59 115816 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
    2008-02-14 19:08 184320 ----a-w- c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
    2006-12-11 15:11 82864 ----a-w- c:\program files\Lexmark 2400 Series\ezprint.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2008-02-13 02:51 1862144 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-11-11 05:40 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCRCATS]
    2006-11-21 16:27 106496 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\lxcrtime.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcrmon.exe]
    2006-12-11 15:11 291760 ----a-w- c:\program files\Lexmark 2400 Series\lxcrmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2009-05-27 03:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMAgent]
    2007-12-14 03:52 143360 ----a-w- c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    2008-01-30 01:51 4911104 ----a-w- c:\windows\RtHDVCpl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2009-10-09 18:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    2006-11-10 19:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2010-09-19 19:41 1242448 ----a-w- c:\program files\Steam\steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
    2008-01-29 22:38 583048 ----a-w- c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    2008-08-14 15:40 1348904 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
    2010-09-28 21:55 328056 ----a-w- c:\program files\uTorrent\uTorrent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    2010-07-12 16:32 74752 ----a-w- c:\program files\Winamp\winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil.sys [2007-09-06 13824]
    R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2007-10-12 99200]
    R3 SQTECH9051;DB VGA Cam;c:\windows\system32\Drivers\Capt9051.sys [2008-02-14 41216]
    R3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2007-01-09 38200]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
    R4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
    R4 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-02 691696]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
    S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20090625.001\IDSvix86.sys [2009-05-28 272432]
    S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-02-06 727720]
    S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-02-06 38240]
    S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
    S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]


    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - COMHOST

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    mStart Page = hxxp://www.yahoo.com
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Default.Default-PC\AppData\Roaming\Mozilla\Firefox\Profiles\5tq1v4q7.default\
    FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Extension: Skype extension for Firefox: {B13721C7-F507-4982-B2E5-502A71474FED} - c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\users\Default.Default-PC\AppData\Roaming\Mozilla\Firefox\Profiles\5tq1v4q7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\Default.Default-PC\AppData\Roaming\Mozilla\Firefox\Profiles\5tq1v4q7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Extension: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - c:\users\Default.Default-PC\AppData\Roaming\Mozilla\Firefox\Profiles\5tq1v4q7.default\extensions\battlefieldheroespatcher@ea.com
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    MSConfigStartUp-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    MSConfigStartUp-diledevibe - zosusewa.dll
    MSConfigStartUp-Google Update - c:\users\Default.Default-PC\AppData\Local\Google\Update\GoogleUpdate.exe
    MSConfigStartUp-ITSecMng - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
    MSConfigStartUp-mplay32xe - c:\users\DEFAUL~1.DEF\AppData\Local\Temp\mplay32xe.exe
    MSConfigStartUp-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    MSConfigStartUp-TOSCDSPD - TOSCDSPD.EXE
    MSConfigStartUp-Your Protection - c:\program files\Your Protection\urpprot.exe
    AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Default.Default-PC\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-09 23:45
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3577462695-2815796255-52762183-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:ae,25,c7,8c,59,96,dd,88,07,c6,19,a9,2d,cf,2c,1f,04,e9,8e,c1,55,ca,90,
    57,27,c0,b9,0c,65,ea,ff,54,3a,0a,90,50,16,aa,74,18,cf,7a,a5,b1,09,93,78,31,\
    "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

    [HKEY_USERS\S-1-5-21-3577462695-2815796255-52762183-1000\Software\SecuROM\License information*]
    "datasecu"=hex:bb,7b,ee,7b,57,36,b1,ad,8a,c5,df,d0,93,69,0f,82,2e,76,01,74,a4,
    7c,a5,1f,13,5d,45,47,65,7c,6f,24,e5,e6,b8,39,52,a2,ef,f7,8d,33,2f,97,78,ca,\
    "rkeysecu"=hex:74,26,ca,e4,f6,4d,93,0c,35,af,4d,7d,3f,b8,04,28

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\system32\PnkBstrA.exe
    c:\program files\Toshiba\Power Saver\TosCoSrv.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\Toshiba\Power Saver\TPwrMain.exe
    c:\program files\Toshiba\ConfigFree\NDSTray.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\Hitman Pro 3.5\djfkdjsf.exe
    c:\program files\Toshiba\ConfigFree\CFSwMgr.exe
    c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
    .
    **************************************************************************
    .
    Completion time: 2010-12-09 23:50:40 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-12-10 04:50

    Pre-Run: 39,916,163,072 bytes free
    Post-Run: 39,531,044,864 bytes free

    - - End Of File - - C35005661DC385B47EA5AB4B14F2EB45
     
  6. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    Good news :)

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\users\Default.Default-PC\AppData\Local\Bcizusevihe.bin
    :\windows\system32\DRIVERS\epfwwfp.sys
    
    
    Folder::
    c:\program files\ESET
    
    
    Driver::
    ekrn
    epfwwfp
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=-
    
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  7. across151

    across151 TS Rookie Topic Starter Posts: 23

    Combofix deleted my antivirus, should i reinstall or just leave it?







    ComboFix 10-12-09.04 - Default 12/10/2010 16:18:54.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1954 [GMT -5:00]
    Running from: c:\users\Default.Default-PC\Downloads\ComboFix.exe
    Command switches used :: c:\users\Default.Default-PC\Downloads\CFScript.txt
    AV: Norton 360 *On-access scanning disabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
    FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
    SP: Norton 360 *disabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    FILE ::
    "c:\users\Default.Default-PC\AppData\Local\Bcizusevihe.bin"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\ESET\ESET Smart Security\Drivers\eamon\eamon.cat
    c:\program files\ESET\ESET Smart Security\Drivers\eamon\eamon.inf
    c:\program files\ESET\ESET Smart Security\Drivers\eamon\eamon.sys
    c:\program files\ESET\ESET Smart Security\Drivers\ehdrv\ehdrv.cat
    c:\program files\ESET\ESET Smart Security\Drivers\ehdrv\ehdrv.inf
    c:\program files\ESET\ESET Smart Security\Drivers\ehdrv\ehdrv.sys
    c:\program files\ESET\ESET Smart Security\Drivers\epfw\epfw.cat
    c:\program files\ESET\ESET Smart Security\Drivers\epfw\epfw.inf
    c:\program files\ESET\ESET Smart Security\Drivers\epfw\epfw.sys
    c:\program files\ESET\ESET Smart Security\Drivers\epfwndis\epfwnd_m.inf
    c:\program files\ESET\ESET Smart Security\Drivers\epfwndis\epfwndis.cat
    c:\program files\ESET\ESET Smart Security\Drivers\epfwndis\epfwndis.inf
    c:\program files\ESET\ESET Smart Security\Drivers\epfwndis\epfwndis.sys
    c:\program files\ESET\ESET Smart Security\Drivers\epfwwfp\epfwwfp.cat
    c:\program files\ESET\ESET Smart Security\Drivers\epfwwfp\EpfwWfp.inf
    c:\program files\ESET\ESET Smart Security\Drivers\epfwwfp\EpfwWfp.sys
    c:\program files\ESET\ESET Smart Security\mod_comp.dat
    c:\program files\ESET\ESET Smart Security\Mozilla Thunderbird\chrome.manifest
    c:\users\Default.Default-PC\AppData\Local\Bcizusevihe.bin
    c:\program files\ESET . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\callmsi.exe . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\DMON.dll . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\ecls.exe . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\ecmd.exe . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\eeclnt.exe . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\egui.exe . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\eguiAmon.dll . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\eguiDmon.dll . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\eguiEmon.dll . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\eguiEpfw.dll . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\eguiMailPlugins.dll . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\eguiProduct.dll . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\eguiScan.dll . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\eguiSmon.dll . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\eguiUpdate.dll . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\EHttpSrv.exe . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\ekrn.exe . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\ekrnAmon.dll . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\ekrnDmon.dll . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\ekrnEmon.dll . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\ekrnEpfw.dll . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\ekrnMailPlugins.dll . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\ekrnScan.dll . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\ekrnSmon.dll . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\ekrnSmonEngine.dll . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\ekrnUpdate.dll . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\em000_32.dat . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\em001_32.dat . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\em002_32.dat . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\em003_32.dat . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\em004_32.dat . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\em005_32.dat . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\em006_32.dat . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\em008_32.dat . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\em009_32.dat . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\em010_32.dat . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\em013_32.dat . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\eplgHooks.dll . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\eplgOE.dll . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\eplgOEEmon.dll . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\eplgOESmon.dll . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\eplgOutlook.dll . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\eplgOutlookEmon.dll . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\eplgOutlookSmon.dll . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\eplgTbEmon.dll . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\eplgTbSmon.dll . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\eset.chm . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\eula.rtf . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\http_dll.dll . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\mfc80.dll . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\mfc80u.dll . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\Microsoft.VC80.CRT.manifest . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\Microsoft.VC80.MFC.manifest . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\Microsoft.VC80.MFCLOC.manifest . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\Mozilla Thunderbird\Components\eplgTb.dll . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\Mozilla Thunderbird\Components\eplgTb.xpt . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\Mozilla Thunderbird\install.rdf . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\msvcp80.dll . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\msvcr80.dll . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\PPESET.dll . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\PPEset.inf . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\shellExt.dll . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\SysInspector.exe . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\SysRescue.exe . . . . Failed to delete
    c:\program files\ESET\ESET Smart Security\updater.dll . . . . Failed to delete

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_EPFWWFP
    -------\Service_ekrn
    -------\Service_epfwwfp
    -------\Service_monitor
    -------\Service_EhttpSrv
    -------\Service_EhttpSrv


    ((((((((((((((((((((((((( Files Created from 2010-11-10 to 2010-12-10 )))))))))))))))))))))))))))))))
    .

    2010-12-10 21:25 . 2010-12-10 21:29 -------- d-----w- c:\users\Default.Default-PC\AppData\Local\temp
    2010-12-10 01:48 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1EB5788-6C0C-4149-9951-E4371AF75F55}\mpengine.dll
    2010-12-09 00:37 . 2010-12-09 00:37 -------- d-----w- c:\users\Default.Default-PC\DoctorWeb
    2010-12-08 22:27 . 2010-12-08 22:27 48640 ---ha-w- c:\windows\system32\cselntui.dll
    2010-12-08 20:57 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-08 20:57 . 2010-12-08 20:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-08 20:57 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-24 13:49 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
    2010-11-23 23:28 . 2010-11-23 23:28 -------- d-----w- c:\users\Default.Default-PC\AppData\Local\FalloutNV
    2010-11-17 23:09 . 2010-11-17 23:09 -------- d-----w- c:\program files\iPod
    2010-11-17 23:08 . 2010-11-17 23:11 -------- d-----w- c:\program files\iTunes
    2010-11-10 21:46 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-10 21:11 . 2010-04-03 04:17 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2010-12-04 19:12 . 2009-06-11 02:50 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2010-12-04 19:12 . 2009-06-11 04:28 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
    2010-12-04 19:12 . 2009-06-11 02:50 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
    2010-12-04 19:12 . 2009-06-11 02:50 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
    2010-12-03 01:44 . 2009-06-11 02:50 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
    2010-11-17 22:05 . 2009-08-18 16:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
    2010-11-17 22:05 . 2009-08-18 16:24 17816 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2010-10-26 02:06 . 2009-08-29 20:00 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    2010-10-19 15:41 . 2009-10-21 15:49 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-10-14 06:36 . 2010-10-14 06:36 15451288 ----a-w- c:\windows\system32\xlive.dll
    2010-10-14 06:36 . 2010-10-14 06:36 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
    2010-09-28 20:44 . 2010-09-28 20:44 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2010-09-28 20:44 . 2010-09-28 20:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
    2010-09-13 13:56 . 2010-10-13 23:09 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NDSTray.exe"="NDSTray.exe" [BU]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-12-10 2021400]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKLM\~\startupfolder\C:^Users^Default.Default-PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    path=c:\users\Default.Default-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
    backup=c:\windows\pss\Adobe Gamma.lnk.Startup
    backupExtension=.Startup

    [HKLM\~\startupfolder\C:^Users^Default.Default-PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^QiGO Discovery Agent.lnk]
    path=c:\users\Default.Default-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QiGO Discovery Agent.lnk
    backup=c:\windows\pss\QiGO Discovery Agent.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-06-17 06:24 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
    2008-09-26 18:22 417792 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    2007-01-10 05:59 115816 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
    2008-02-14 19:08 184320 ----a-w- c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
    2006-12-11 15:11 82864 ----a-w- c:\program files\Lexmark 2400 Series\ezprint.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2008-02-13 02:51 1862144 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-11-11 05:40 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCRCATS]
    2006-11-21 16:27 106496 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\lxcrtime.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcrmon.exe]
    2006-12-11 15:11 291760 ----a-w- c:\program files\Lexmark 2400 Series\lxcrmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2009-05-27 03:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMAgent]
    2007-12-14 03:52 143360 ----a-w- c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    2008-01-30 01:51 4911104 ----a-w- c:\windows\RtHDVCpl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2009-10-09 18:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    2006-11-10 19:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2010-09-19 19:41 1242448 ----a-w- c:\program files\Steam\steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
    2008-01-29 22:38 583048 ----a-w- c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    2008-08-14 15:40 1348904 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
    2010-09-28 21:55 328056 ----a-w- c:\program files\uTorrent\uTorrent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    2010-07-12 16:32 74752 ----a-w- c:\program files\Winamp\winampa.exe

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil.sys [2007-09-06 13824]
    R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2007-10-12 99200]
    R3 SQTECH9051;DB VGA Cam;c:\windows\system32\Drivers\Capt9051.sys [2008-02-14 41216]
    R3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2007-01-09 38200]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
    R4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
    R4 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-02 691696]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
    S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20090625.001\IDSvix86.sys [2009-05-28 272432]
    S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
    S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
    S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]


    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - COMHOST

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    mStart Page = hxxp://www.yahoo.com
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Default.Default-PC\AppData\Roaming\Mozilla\Firefox\Profiles\5tq1v4q7.default\
    FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Extension: Skype extension for Firefox: {B13721C7-F507-4982-B2E5-502A71474FED} - c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\users\Default.Default-PC\AppData\Roaming\Mozilla\Firefox\Profiles\5tq1v4q7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\Default.Default-PC\AppData\Roaming\Mozilla\Firefox\Profiles\5tq1v4q7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Extension: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - c:\users\Default.Default-PC\AppData\Roaming\Mozilla\Firefox\Profiles\5tq1v4q7.default\extensions\battlefieldheroespatcher@ea.com
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-10 16:29
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3577462695-2815796255-52762183-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:ae,25,c7,8c,59,96,dd,88,07,c6,19,a9,2d,cf,2c,1f,04,e9,8e,c1,55,ca,90,
    57,27,c0,b9,0c,65,ea,ff,54,3a,0a,90,50,16,aa,74,18,cf,7a,a5,b1,09,93,78,31,\
    "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

    [HKEY_USERS\S-1-5-21-3577462695-2815796255-52762183-1000\Software\SecuROM\License information*]
    "datasecu"=hex:bb,7b,ee,7b,57,36,b1,ad,8a,c5,df,d0,93,69,0f,82,2e,76,01,74,a4,
    7c,a5,1f,13,5d,45,47,65,7c,6f,24,e5,e6,b8,39,52,a2,ef,f7,8d,33,2f,97,78,ca,\
    "rkeysecu"=hex:74,26,ca,e4,f6,4d,93,0c,35,af,4d,7d,3f,b8,04,28

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\system32\PnkBstrA.exe
    c:\program files\Toshiba\Power Saver\TosCoSrv.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\Toshiba\ConfigFree\NDSTray.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\Toshiba\ConfigFree\CFSwMgr.exe
    c:\windows\system32\WerCon.exe
    .
    **************************************************************************
    .
    Completion time: 2010-12-10 16:34:58 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-12-10 21:34
    ComboFix2.txt 2010-12-10 04:50

    Pre-Run: 39,466,622,976 bytes free
    Post-Run: 39,344,390,144 bytes free

    - - End Of File - - 61BCFF3C458072DD214A5FAFAC892C4E
     
  8. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    That would be my fault, I guess.
    I assumed, Norton was your AV program.
    If it's Eset, please reinstall it and run Norton Removal Tool: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN
    I apologize for my mistake :)

    Combofix log looks good.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  9. across151

    across151 TS Rookie Topic Starter Posts: 23

    ok now i cant download anything, i tried downloading OTL over firefox and IE, it didnt appear where it was supposed to be saved, when i checked the download history on firefox, it appeared to be downloaded but when i right clicked the file to open, the options are greyed out.

    also i cant reinstall my antivirus because combofix didnt delete everything in the ESET folder, whenever i try to reinstall, it gives out an error saying i need permission to delete the files even though my account is an administrator
    [​IMG]
     
  10. Broni

    Broni Malware Annihilator Posts: 46,865   +254

  11. across151

    across151 TS Rookie Topic Starter Posts: 23

    same result as when i tried to download OTL, it wasn't where it was supposed to be saved, tried to download it from internet explorer too and clicked the "run" option but still nothing. i tried to use Search but the files weren't found
     
     
  12. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    Download needed files on another working computer and move them to THIS computer using USB flash drive.
     
  13. across151

    across151 TS Rookie Topic Starter Posts: 23

    eset removal tool did not work, an error box popped up and nothing happened. OTL worked though. Extras.txt didnt pop up
    Error box:
    [​IMG]
    i clicked yes because 'no' didnt seem to do anything. This appeared afterwards.
    [​IMG]


    OTL Log Part 1

    OTL logfile created on: 12/12/2010 6:01:04 PM - Run 3
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Default.Default-PC\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18975)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 87.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 290.26 Gb Total Space | 30.38 Gb Free Space | 10.47% Space Free | Partition Type: NTFS

    Computer Name: DEFAULT-PC | User Name: Default | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/12/12 17:27:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Default.Default-PC\Desktop\OTL.exe
    PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/01/17 18:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    PRC - [2008/01/09 17:02:08 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
    PRC - [2007/12/25 16:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
    PRC - [2007/12/25 16:06:52 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/12/12 17:27:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Default.Default-PC\Desktop\OTL.exe
    MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- C:\Windows\System32\FastUv32.dll -- (FastUserSwitchingCompatibility)
    SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/12/15 15:07:16 | 000,025,832 | ---- | M] (BioWare) [Disabled | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
    SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2009/06/11 02:27:33 | 001,251,720 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
    SRV - [2008/02/12 21:51:41 | 001,862,144 | ---- | M] (Google) [Disabled | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)
    SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
    SRV - [2008/01/21 18:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
    SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2008/01/17 18:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV - [2007/12/25 16:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
    SRV - [2007/12/12 16:08:46 | 000,155,648 | ---- | M] (Sprint Spectrum, L.L.C) [Disabled | Stopped] -- C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe -- (OSCM Utility Service)
    SRV - [2007/12/03 19:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
    SRV - [2007/11/21 19:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
    SRV - [2007/10/23 19:27:16 | 000,066,928 | ---- | M] () [Disabled | Stopped] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
    SRV - [2007/09/28 19:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
    SRV - [2007/09/24 20:38:00 | 000,181,784 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2007/09/12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
    SRV - [2007/01/25 21:47:50 | 000,136,816 | ---- | M] () [Disabled | Stopped] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
    SRV - [2007/01/12 22:40:58 | 000,049,248 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
    SRV - [2007/01/10 00:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
    SRV - [2007/01/10 00:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
    SRV - [2007/01/10 00:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
    SRV - [2007/01/10 00:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
    SRV - [2006/12/11 10:12:06 | 000,537,520 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\System32\lxcrcoms.exe -- (lxcr_device)
    SRV - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
    SRV - [2005/11/14 04:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090702.005\NAVEX15.SYS -- (NAVEX15)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090702.005\NAVENG.SYS -- (NAVENG)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\DEFAUL~1.DEF\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2010/06/23 08:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2010/02/02 15:20:43 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2009/06/11 02:29:41 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2009/05/27 23:13:24 | 000,272,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20090625.001\IDSvix86.sys -- (IDSvix86)
    DRV - [2009/05/13 08:23:24 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2009/04/10 23:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
    DRV - [2009/02/06 14:24:22 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
    DRV - [2009/02/06 14:24:18 | 000,130,952 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
    DRV - [2009/02/06 14:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
    DRV - [2009/02/06 14:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
    DRV - [2008/11/17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
    DRV - [2008/08/14 10:40:40 | 000,203,312 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2008/02/14 18:01:06 | 000,041,216 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Capt9051.sys -- (SQTECH9051)
    DRV - [2008/01/30 18:24:00 | 003,483,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2008/01/30 13:34:20 | 002,058,528 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2008/01/21 17:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
    DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
    DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2008/01/20 21:23:26 | 000,052,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msdv.sys -- (MSDV)
    DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2008/01/20 21:23:23 | 000,045,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\61883.sys -- (61883)
    DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2008/01/20 21:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV - [2008/01/20 21:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
    DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2008/01/20 21:23:20 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc.sys -- (Avc)
    DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2007/12/17 13:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
    DRV - [2007/11/30 23:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
    DRV - [2007/11/30 23:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
    DRV - [2007/11/30 23:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
    DRV - [2007/11/09 16:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
    DRV - [2007/10/12 17:04:38 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser2.sys -- (NWUSBPort2)
    DRV - [2007/10/12 17:04:38 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser.sys -- (NWUSBPort)
    DRV - [2007/10/12 17:04:38 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm.sys -- (NWUSBModem)
    DRV - [2007/09/06 16:30:28 | 000,013,824 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
    DRV - [2007/09/06 16:30:24 | 000,194,048 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
    DRV - [2007/06/02 13:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
    DRV - [2007/05/14 12:10:02 | 000,135,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
    DRV - [2007/04/19 11:09:42 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
    DRV - [2007/04/14 02:49:32 | 000,418,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
    DRV - [2007/03/22 01:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2007/02/24 17:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2007/01/23 19:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2007/01/09 17:32:14 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
    DRV - [2007/01/09 17:32:14 | 000,145,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
    DRV - [2007/01/09 17:32:14 | 000,040,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
    DRV - [2007/01/09 17:32:14 | 000,038,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
    DRV - [2007/01/09 17:32:14 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
    DRV - [2007/01/09 17:32:14 | 000,012,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
    DRV - [2006/11/28 17:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2006/11/20 17:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
    DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
    DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
    DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
    DRV - [2006/10/23 19:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
    DRV - [2006/10/18 13:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV - [2006/10/04 21:42:42 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
    DRV - [2006/10/04 21:42:42 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
    DRV - [2005/06/24 17:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
    DRV - [2005/05/26 10:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
    DRV - [2005/05/26 10:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
    DRV - [2004/07/29 13:14:22 | 000,091,577 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\P0620Vid.sys -- (PD0620VID)
    DRV - [2002/09/16 16:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\PQNTDRV.sys -- (PQNTDrv)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial"
    FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0
    FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20


    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/11 10:07:08 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/11 10:07:08 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/12/11 10:53:41 | 000,000,000 | ---D | M]

    [2009/07/27 13:16:32 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Extensions
    [2009/07/27 13:16:32 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
    [2010/12/12 14:41:12 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\5tq1v4q7.default\extensions
    [2009/06/24 23:13:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\5tq1v4q7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2009/06/13 23:38:32 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\5tq1v4q7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2009/10/21 15:45:38 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\5tq1v4q7.default\extensions\battlefieldheroespatcher@ea.com
    [2010/12/12 18:00:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/06/12 11:12:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/06/12 11:12:17 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/07/12 11:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

    O1 HOSTS File: ([2010/12/10 16:29:04 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O4 - HKLM..\Run: [NDSTray.exe] File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\toshiba_1920x1200-3.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\toshiba_1920x1200-3.jpg
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - C:\Windows\System32\FastUv32.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
    Drivers32: VIDC.I420 - msh263.drv File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/12/12 17:30:26 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Default.Default-PC\Desktop\OTL.exe
    [2010/12/10 16:35:00 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Local\temp
    [2010/12/10 16:29:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2010/12/10 16:25:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2010/12/10 16:15:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2010/12/09 23:34:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2010/12/09 23:34:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2010/12/09 23:34:04 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2010/12/09 23:34:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2010/12/09 23:33:42 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/12/08 19:37:47 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\DoctorWeb
    [2010/12/08 15:57:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/12/08 15:57:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/12/08 15:57:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/11/23 18:28:20 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Local\FalloutNV
    [2010/11/18 16:47:51 | 000,000,000 | ---D | C] -- C:\WCamInst
    [2010/11/17 18:09:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/11/17 18:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2009/09/12 18:15:04 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCRhcp.dll
    [2006/11/06 15:37:46 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcrpmui.dll
    [2006/11/06 15:35:50 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxcrserv.dll
    [2006/11/06 15:28:08 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcrcomm.dll
    [2006/11/06 15:26:14 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcrlmpm.dll
    [2006/11/06 15:24:44 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcriesc.dll
    [2006/11/06 15:21:48 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcrpplc.dll
    [2006/11/06 15:20:48 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcrcomc.dll
    [2006/11/06 15:20:14 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcrprox.dll
    [2006/11/06 15:12:44 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcrinpa.dll
    [2006/11/06 15:11:58 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxcrusb1.dll

    ========== Files - Modified Within 30 Days ==========

    [2010/12/12 17:54:20 | 000,015,716 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\lel.jpg
    [2010/12/12 17:53:57 | 000,010,052 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\lelel.jpg
    [2010/12/12 17:30:32 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/12/12 17:30:32 | 000,105,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/12/12 17:28:48 | 000,181,156 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\nod32removal.exe
    [2010/12/12 17:27:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Default.Default-PC\Desktop\OTL.exe
    [2010/12/12 16:06:01 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/12/12 16:06:01 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/12/12 15:10:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/12/12 14:41:05 | 000,151,140 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\Untitled.jpg
    [2010/12/10 18:29:58 | 000,138,160 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
    [2010/12/10 18:29:51 | 000,271,200 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
    [2010/12/10 18:29:47 | 000,271,200 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
    [2010/12/10 16:29:04 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2010/12/10 16:11:46 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
    [2010/12/09 22:46:14 | 000,049,664 | ---- | M] () -- C:\Users\Default.Default-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/12/08 19:19:17 | 000,001,753 | ---- | M] () -- C:\Users\Default.Default-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/12/08 17:27:23 | 000,048,640 | -H-- | M] () -- C:\Windows\System32\cselntui.dll
    [2010/12/08 16:00:37 | 000,001,753 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\Mozilla Firefox.lnk
    [2010/12/08 15:57:54 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/12/08 15:15:02 | 000,000,120 | ---- | M] () -- C:\Users\Default.Default-PC\AppData\Local\Htili.dat
    [2010/11/30 16:37:21 | 000,013,713 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\fnv.docx
    [2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/11/27 17:55:18 | 000,001,356 | ---- | M] () -- C:\Users\Default.Default-PC\AppData\Local\d3d9caps.dat
    [2010/11/23 23:44:57 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2010/11/23 17:16:48 | 000,001,665 | ---- | M] () -- C:\Users\Public\Desktop\Fallout New Vegas.lnk
    [2010/11/17 18:11:58 | 000,001,675 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010/11/16 20:46:48 | 000,000,815 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2010/11/12 19:37:04 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\ooVoo.lnk

    ========== Files Created - No Company Name ==========

    [2010/12/12 17:54:20 | 000,015,716 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\lel.jpg
    [2010/12/12 17:53:57 | 000,010,052 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\lelel.jpg
    [2010/12/12 17:30:26 | 000,181,156 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\nod32removal.exe
    [2010/12/11 10:20:28 | 000,151,140 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\Untitled.jpg
    [2010/12/09 23:34:04 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2010/12/09 23:34:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2010/12/09 23:34:04 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2010/12/09 23:34:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2010/12/09 23:34:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2010/12/08 19:19:17 | 000,001,753 | ---- | C] () -- C:\Users\Default.Default-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/12/08 17:27:23 | 000,048,640 | -H-- | C] () -- C:\Windows\System32\cselntui.dll
    [2010/12/08 16:00:37 | 000,001,753 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\Mozilla Firefox.lnk
    [2010/12/08 15:57:54 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/12/08 15:15:02 | 000,000,120 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Local\Htili.dat
    [2010/11/30 16:37:20 | 000,013,713 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\fnv.docx
    [2010/11/23 17:16:48 | 000,001,665 | ---- | C] () -- C:\Users\Public\Desktop\Fallout New Vegas.lnk
    [2010/11/18 16:47:51 | 000,004,749 | ---- | C] () -- C:\Windows\PD0620.uns
    [2010/11/17 18:11:58 | 000,001,675 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010/11/16 20:46:48 | 000,000,815 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2010/11/04 17:45:30 | 000,000,358 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
    [2010/10/13 15:40:40 | 000,000,600 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Roaming\winscp.rnd
    [2010/04/02 23:17:19 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
    [2010/01/02 20:14:29 | 000,002,531 | -HS- | C] () -- C:\Windows\System32\tavagato.dll
    [2009/12/03 08:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
    [2009/11/13 17:22:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/09/24 19:15:55 | 000,032,768 | ---- | C] () -- C:\Windows\System32\mf (2).dll
    [2009/09/12 18:15:04 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCRinst.dll
    [2009/09/04 12:01:32 | 000,001,356 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Local\d3d9caps.dat
    [2009/08/29 16:23:03 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
    [2009/08/29 14:34:33 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
    [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/06/22 12:42:02 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2009/06/10 21:50:55 | 000,138,160 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
    [2009/06/10 21:50:54 | 000,022,328 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Roaming\PnkBstrK.sys
    [2009/06/10 21:50:31 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
    [2009/06/10 20:20:14 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2009/06/10 18:22:01 | 000,049,664 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/06/08 18:24:28 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
    [2009/06/08 18:24:27 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
    [2009/06/08 18:24:27 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
    [2009/06/08 18:24:27 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
    [2009/06/08 16:52:00 | 000,000,015 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
    [2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
    [2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
    [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
    [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
    [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
    [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
    [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
    [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
    [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
    [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
    [2008/03/17 22:36:21 | 000,000,006 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
    [2008/02/12 22:07:53 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
    [2008/02/12 21:43:52 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
    [2008/02/12 21:43:52 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
    [2008/02/12 21:43:52 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
    [2008/02/12 21:43:52 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
    [2008/02/12 21:43:52 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
    [2008/02/12 21:43:52 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
    [2008/02/12 21:09:34 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
    [2008/01/30 17:30:22 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2008/01/28 20:01:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
    [2008/01/28 20:01:06 | 000,471,040 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
    [2008/01/28 19:53:02 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
    [2008/01/28 19:53:02 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
    [2008/01/28 19:53:02 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
    [2008/01/28 19:52:28 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
    [2007/12/21 19:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
    [2006/11/30 10:32:52 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxcrcoin.dll
    [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/08/14 15:01:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxcrcaps.dll
    [2006/08/08 13:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxcrdrs.dll
    [2006/03/23 02:33:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxcrvs.dll
    [2006/03/09 12:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2005/12/20 10:54:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxcrcnv4.dll
    [2005/07/23 00:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
     
  14. across151

    across151 TS Rookie Topic Starter Posts: 23

    OTL Log Part 2


    ========== LOP Check ==========

    [2010/04/26 15:31:07 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\AnvSoft
    [2010/04/15 19:34:58 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\Auslogics
    [2010/04/24 22:13:42 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\Bioshock
    [2009/08/29 14:39:47 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\DAEMON Tools Lite
    [2009/06/10 19:00:36 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\ESET
    [2010/12/10 18:50:19 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\foobar2000
    [2009/07/30 19:25:32 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\GSC 2.00
    [2010/09/19 16:21:20 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\HamsterSoft
    [2010/09/18 22:32:42 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\ImTOO
    [2010/05/08 11:48:35 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\JAM Software
    [2009/06/19 09:28:56 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\Juniper Networks
    [2010/10/08 23:46:01 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\LimeWire
    [2009/10/01 19:52:15 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\Mattel
    [2010/10/17 19:36:51 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\ooVoo Details
    [2010/02/22 16:22:50 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\QiGO
    [2010/11/09 16:40:39 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\SystemRequirementsLab
    [2009/06/13 10:35:18 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\TOSHIBA
    [2010/12/06 22:33:36 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\uTorrent
    [2009/06/08 17:46:49 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\WinBatch
    [2010/12/11 10:54:15 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2008/02/12 20:37:54 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2010/12/10 16:34:58 | 000,025,151 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2010/01/08 15:54:23 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/03/20 13:45:42 | 000,009,772 | ---- | M] () -- C:\lxcr.log
    [2010/01/08 15:54:23 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2010/12/12 14:05:49 | 3532,713,984 | -HS- | M] () -- C:\pagefile.sys
    [2009/06/11 03:58:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
    [2009/06/11 17:49:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
    [2009/06/11 18:11:41 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
    [2009/06/26 18:56:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
    [2009/06/26 22:08:05 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
    [2009/06/27 14:29:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
    [2009/06/27 15:01:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
    [2009/07/12 22:15:14 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
    [2009/07/13 02:13:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
    [2009/07/13 15:16:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
    [2009/07/13 22:59:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
    [2009/07/14 06:57:55 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
    [2009/06/11 03:58:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2009/06/11 17:49:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2009/06/11 18:11:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
    [2009/06/26 18:56:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
    [2009/06/26 22:08:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
    [2009/06/27 14:29:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
    [2009/06/27 15:01:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
    [2009/07/12 22:15:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
    [2009/07/13 02:13:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
    [2009/07/13 15:16:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
    [2009/07/13 22:59:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
    [2009/07/14 06:57:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
    [2010/12/09 15:47:53 | 000,069,304 | ---- | M] () -- C:\TDSSKiller.2.4.11.0_09.12.2010_15.46.52_log.txt
    [2010/05/14 15:00:06 | 000,000,077 | ---- | M] () -- C:\wepkeys.txt
    [2010/10/19 15:35:04 | 000,224,113 | ---- | M] () -- C:\Windows6.0-KB934374-x86.msu

    < %systemroot%\Fonts\*.com >
    [2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2010/05/30 09:41:24 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/08/12 09:58:10 | 000,314,880 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpfpp082.dll
    [2008/01/20 21:23:14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
    [2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
    [2006/11/27 01:50:22 | 000,117,760 | ---- | M] () -- C:\Windows\System32\spool\prtprocs\w32x86\lxcrpp5c.dll
    [2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/02/12 20:37:43 | 012,820,480 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/02/12 20:37:38 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/02/12 20:37:43 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2008/02/12 20:37:50 | 017,186,816 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2008/02/12 20:37:52 | 006,635,520 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/08/23 15:10:47 | 000,000,286 | -HS- | M] () -- C:\Users\Default.Default-PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    < %USERPROFILE%\Desktop\*.exe >
    [2010/12/12 17:28:48 | 000,181,156 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\nod32removal.exe
    [2010/12/12 17:27:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Default.Default-PC\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/12/08 19:03:42 | 000,000,307 | ---- | M] () -- C:\Users\Default.Default-PC\Favorites\Computer - Shortcut.lnk
    [2009/06/08 16:52:17 | 000,000,402 | -HS- | M] () -- C:\Users\Default.Default-PC\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/11/04 17:47:07 | 000,000,358 | ---- | M] () -- C:\ProgramData\hpzinstall.log
    [2009/06/22 12:42:02 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 64 bytes -> C:\Users\Default.Default-PC\Documents\MOV00253.MPG:TOC.WMV
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8

    < End of report >
     
  15. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    First let see, if we can reverse changes made by Combofix to restore your Eset....

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    DEQUARANTINE::
    C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\eamon\eamon.cat.vir
    C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\eamon\eamon.inf.vir
    C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\eamon\eamon.sys.vir
    C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\ehdrv\ehdrv.cat.vir
    C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\ehdrv\ehdrv.inf.vir
    C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\ehdrv\ehdrv.sys.vir
    C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\epfw\epfw.cat.vir
    C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\epfw\epfw.inf.vir
    C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\epfw\epfw.sys.vir
    C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\epfwndis\epfwnd_m.inf.vir
    C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\epfwndis\epfwndis.cat.vir
    C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\epfwndis\epfwndis.inf.vir
    C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\epfwndis\epfwndis.sys.vir
    C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\epfwwfp\epfwwfp.cat.vir
    C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\epfwwfp\EpfwWfp.inf.vir
    C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\epfwwfp\EpfwWfp.sys.vir
    C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\mod_comp.dat.vir
    C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Mozilla Thunderbird\chrome.manifest.vir
    QUIT::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt


    Make sure, you restart computer and see, if Eset will work.
     
  16. across151

    across151 TS Rookie Topic Starter Posts: 23

    Restarted after ComboFix but ESET still doesn't work. Combofix.txt did not appear, only DeQuarantine.txt appeared and here's what it said


    C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\eamon\eamon.cat.vir -> c:\program files\ESET\ESET Smart Security\Drivers\eamon\eamon.cat ( 7225 bytes )
    C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\eamon\eamon.inf.vir -> c:\program files\ESET\ESET Smart Security\Drivers\eamon\eamon.inf ( 1523 bytes )
    C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\eamon\eamon.sys.vir -> c:\program files\ESET\ESET Smart Security\Drivers\eamon\eamon.sys ( 113448 bytes )
    C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\ehdrv\ehdrv.cat.vir -> c:\program files\ESET\ESET Smart Security\Drivers\ehdrv\ehdrv.cat ( 7225 bytes )
    C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\ehdrv\ehdrv.inf.vir -> c:\program files\ESET\ESET Smart Security\Drivers\ehdrv\ehdrv.inf ( 1483 bytes )
    C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\ehdrv\ehdrv.sys.vir -> c:\program files\ESET\ESET Smart Security\Drivers\ehdrv\ehdrv.sys ( 106208 bytes )
    C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\epfw\epfw.cat.vir -> c:\program files\ESET\ESET Smart Security\Drivers\epfw\epfw.cat ( 7225 bytes )
    C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\epfw\epfw.inf.vir -> c:\program files\ESET\ESET Smart Security\Drivers\epfw\epfw.inf ( 1493 bytes )
    C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\epfw\epfw.sys.vir -> c:\program files\ESET\ESET Smart Security\Drivers\epfw\epfw.sys ( 130952 bytes )
    C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\epfwndis\epfwnd_m.inf.vir -> c:\program files\ESET\ESET Smart Security\Drivers\epfwndis\epfwnd_m.inf ( 1461 bytes )
    C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\epfwndis\epfwndis.cat.vir -> c:\program files\ESET\ESET Smart Security\Drivers\epfwndis\epfwndis.cat ( 7515 bytes )
    C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\epfwndis\epfwndis.inf.vir -> c:\program files\ESET\ESET Smart Security\Drivers\epfwndis\epfwndis.inf ( 3421 bytes )
    C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\epfwndis\epfwndis.sys.vir -> c:\program files\ESET\ESET Smart Security\Drivers\epfwndis\epfwndis.sys ( 33096 bytes )
    C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\epfwwfp\epfwwfp.cat.vir -> c:\program files\ESET\ESET Smart Security\Drivers\epfwwfp\epfwwfp.cat ( 7225 bytes )
    C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\epfwwfp\EpfwWfp.inf.vir -> c:\program files\ESET\ESET Smart Security\Drivers\epfwwfp\EpfwWfp.inf ( 1506 bytes )
    C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\epfwwfp\EpfwWfp.sys.vir -> c:\program files\ESET\ESET Smart Security\Drivers\epfwwfp\EpfwWfp.sys ( 38240 bytes )
    C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\mod_comp.dat.vir -> c:\program files\ESET\ESET Smart Security\mod_comp.dat ( 225 bytes )
    C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Mozilla Thunderbird\chrome.manifest.vir -> c:\program files\ESET\ESET Smart Security\Mozilla Thunderbird\chrome.manifest ( 29 bytes )
     
  17. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    Let's see, if anything else important has been removed....

    Please, navigate to:
    C:\Qoobox
    Open ComboFix-quarantined-files.txt in a Notepad, copy everything, and paste into your next reply.
     
  18. across151

    across151 TS Rookie Topic Starter Posts: 23

    there's no ComboFix-quarantined-files.txt in C:\Qoobox, the only things there are these.
    [​IMG]
     
  19. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    Weird.
    Check "Quarantine" folder.

    or...

    * Click on Start, then Run.
    * Copy and Paste the bold text below in to the Run Box:


    cmd /c dir /a /s C:\QooBox >log.txt&start log.txt


    * Then click on OK.
    * A Text File will open up, please Copy and Paste the contents in your next reply.
     
  20. across151

    across151 TS Rookie Topic Starter Posts: 23

    Volume in drive C is SQ004710V01
    Volume Serial Number is 7813-5D2F

    Directory of C:\QooBox

    12/12/2010 07:19 PM <DIR> .
    12/12/2010 07:19 PM <DIR> ..
    12/10/2010 04:34 PM 8,330 Add-Remove Programs.txt
    12/12/2010 07:18 PM <DIR> BackEnv
    12/10/2010 04:14 PM 493 CFScript_used_2010-12-10_16.18.02.txt
    12/12/2010 07:15 PM 1,691 CFScript_used_2010-12-12_19.19.18.txt
    12/10/2010 04:34 PM 25,151 ComboFix2.txt
    12/09/2010 11:50 PM 20,817 ComboFix3.txt
    12/12/2010 07:16 PM <DIR> LastRun
    12/10/2010 04:18 PM <DIR> Quarantine
    12/10/2010 04:33 PM 0 SnapShot@2010-12-10_21.29.08.dat
    12/12/2010 07:16 PM <DIR> Test
    12/12/2010 07:16 PM <DIR> TestC
    6 File(s) 56,482 bytes

    Directory of C:\QooBox\BackEnv

    12/12/2010 07:18 PM <DIR> .
    12/12/2010 07:18 PM <DIR> ..
    12/12/2010 07:18 PM 136 AppData.folder.dat
    12/12/2010 07:18 PM 241 Cache.folder.dat
    12/12/2010 07:18 PM 73 Cookies.folder.dat
    12/12/2010 07:18 PM 94 Desktop.folder.dat
    12/12/2010 07:18 PM 134 Favorites.folder.dat
    12/12/2010 07:18 PM 71 History.folder.dat
    12/12/2010 07:18 PM 112 LocalAppData.folder.dat
    12/12/2010 07:18 PM 112 LocalSettings.folder.dat
    12/12/2010 07:18 PM 62 Music.folder.dat
    12/12/2010 07:18 PM 83 NetHood.folder.dat
    12/12/2010 07:18 PM 100 Personal.folder.dat
    12/12/2010 07:18 PM 97 Pictures.folder.dat
    12/12/2010 07:18 PM 83 PrintHood.folder.dat
    12/12/2010 07:18 PM 190 Profiles.Folder.dat
    12/12/2010 07:18 PM 269 Profiles.Folder.folder.dat
    12/12/2010 07:18 PM 370 Programs.folder.dat
    12/12/2010 07:18 PM 72 Recent.folder.dat
    12/12/2010 07:18 PM 72 SendTo.folder.dat
    12/12/2010 07:18 PM 5,330 SetPath.bat
    12/12/2010 07:18 PM 252 StartMenu.folder.dat
    12/12/2010 07:18 PM 410 StartUp.folder.dat
    12/12/2010 07:18 PM 829 SysPath.dat
    12/12/2010 07:18 PM 248 Templates.folder.dat
    12/12/2010 07:18 PM 2,160 VikPev00
    24 File(s) 11,600 bytes

    Directory of C:\QooBox\LastRun

    12/12/2010 07:16 PM <DIR> .
    12/12/2010 07:16 PM <DIR> ..
    0 File(s) 0 bytes

    Directory of C:\QooBox\Quarantine

    12/10/2010 04:18 PM <DIR> .
    12/10/2010 04:18 PM <DIR> ..
    12/10/2010 04:24 PM <DIR> C
    12/12/2010 07:19 PM 35,424 catchme.log
    12/12/2010 07:19 PM 0 catchme.txt
    12/10/2010 04:33 PM <DIR> Registry_backups
    2 File(s) 35,424 bytes

    Directory of C:\QooBox\Quarantine\C

    12/10/2010 04:24 PM <DIR> .
    12/10/2010 04:24 PM <DIR> ..
    12/10/2010 04:24 PM <DIR> Program Files
    12/09/2010 11:41 PM <DIR> Users
    12/09/2010 11:41 PM <DIR> Windows
    0 File(s) 0 bytes

    Directory of C:\QooBox\Quarantine\C\Program Files

    12/10/2010 04:24 PM <DIR> .
    12/10/2010 04:24 PM <DIR> ..
    12/10/2010 04:24 PM <DIR> ESET
    0 File(s) 0 bytes

    Directory of C:\QooBox\Quarantine\C\Program Files\ESET

    12/10/2010 04:24 PM <DIR> .
    12/10/2010 04:24 PM <DIR> ..
    12/10/2010 04:29 PM <DIR> ESET Smart Security
    0 File(s) 0 bytes

    Directory of C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security

    12/10/2010 04:29 PM <DIR> .
    12/10/2010 04:29 PM <DIR> ..
    12/10/2010 04:24 PM <DIR> Drivers
    01/27/2010 06:27 PM 225 mod_comp.dat.vir
    12/10/2010 04:28 PM <DIR> Mozilla Thunderbird
    12/10/2010 04:27 PM 61,213 _callmsi_.exe.zip
    12/10/2010 04:27 PM 137,800 _DMON_.dll.zip
    12/10/2010 04:27 PM 240,023 _ecls_.exe.zip
    12/10/2010 04:27 PM 43,526 _ecmd_.exe.zip
    12/10/2010 04:27 PM 47,618 _eeclnt_.exe.zip
    12/10/2010 04:27 PM 111,431 _eguiAmon_.dll.zip
    12/10/2010 04:27 PM 83,067 _eguiDmon_.dll.zip
    12/10/2010 04:27 PM 87,613 _eguiEmon_.dll.zip
    12/10/2010 04:27 PM 694,581 _eguiEpfw_.dll.zip
    12/10/2010 04:27 PM 82,300 _eguiMailPlugins_.dll.zip
    12/10/2010 04:27 PM 593,443 _eguiProduct_.dll.zip
    12/10/2010 04:27 PM 268,818 _eguiScan_.dll.zip
    12/10/2010 04:27 PM 147,130 _eguiSmon_.dll.zip
    12/10/2010 04:27 PM 205,187 _eguiUpdate_.dll.zip
    12/10/2010 04:27 PM 1,930,800 _egui_.exe.zip
    12/10/2010 04:27 PM 21,495 _EHttpSrv_.exe.zip
    12/10/2010 04:27 PM 136,213 _ekrnAmon_.dll.zip
    12/10/2010 04:27 PM 91,207 _ekrnDmon_.dll.zip
    12/10/2010 04:27 PM 92,475 _ekrnEmon_.dll.zip
    12/10/2010 04:27 PM 388,715 _ekrnEpfw_.dll.zip
    12/10/2010 04:27 PM 93,298 _ekrnMailPlugins_.dll.zip
    12/10/2010 04:27 PM 145,993 _ekrnScan_.dll.zip
    12/10/2010 04:27 PM 4,810,473 _ekrnSmonEngine_.dll.zip
    12/10/2010 04:27 PM 200,185 _ekrnSmon_.dll.zip
    12/10/2010 04:27 PM 141,693 _ekrnUpdate_.dll.zip
    12/10/2010 04:27 PM 671,136 _ekrn_.exe.zip
    12/10/2010 04:27 PM 97,454 _em000_32_.dat.zip
    12/10/2010 04:27 PM 834,652 _em001_32_.dat.zip
    12/10/2010 04:27 PM 56,272,608 _em002_32_.dat.zip
    12/10/2010 04:28 PM 917,794 _em003_32_.dat.zip
    12/10/2010 04:28 PM 927,722 _em004_32_.dat.zip
    12/10/2010 04:28 PM 100,612 _em005_32_.dat.zip
    12/10/2010 04:28 PM 147,386 _em006_32_.dat.zip
    12/10/2010 04:28 PM 444,844 _em008_32_.dat.zip
    12/10/2010 04:28 PM 2,049,356 _em009_32_.dat.zip
    12/10/2010 04:28 PM 356,072 _em010_32_.dat.zip
    12/10/2010 04:28 PM 76,216 _em013_32_.dat.zip
    12/10/2010 04:28 PM 12,993 _eplgHooks_.dll.zip
    12/10/2010 04:28 PM 193,056 _eplgOEEmon_.dll.zip
    12/10/2010 04:28 PM 260,444 _eplgOESmon_.dll.zip
    12/10/2010 04:28 PM 348,307 _eplgOE_.dll.zip
    12/10/2010 04:28 PM 156,631 _eplgOutlookEmon_.dll.zip
    12/10/2010 04:28 PM 296,508 _eplgOutlookSmon_.dll.zip
    12/10/2010 04:28 PM 263,918 _eplgOutlook_.dll.zip
    12/10/2010 04:28 PM 197,420 _eplgTbEmon_.dll.zip
    12/10/2010 04:28 PM 280,434 _eplgTbSmon_.dll.zip
    12/10/2010 04:28 PM 9,034,692 _eset_.chm.zip
    12/10/2010 04:28 PM 16,214 _eula_.rtf.zip
    12/10/2010 04:28 PM 70,296 _http_dll_.dll.zip
    12/10/2010 04:28 PM 1,033,260 _mfc80u_.dll.zip
    12/10/2010 04:28 PM 1,035,879 _mfc80_.dll.zip
    12/10/2010 04:25 PM 750 _Microsoft.VC80.CRT_.manifest.zip
    12/10/2010 04:25 PM 754 _Microsoft.VC80.MFCLOC_.manifest.zip
    12/10/2010 04:25 PM 808 _Microsoft.VC80.MFC_.manifest.zip
    12/10/2010 04:28 PM 297,748 _msvcp80_.dll.zip
    12/10/2010 04:28 PM 636,322 _msvcr80_.dll.zip
    12/10/2010 04:28 PM 226,076 _PPESET_.dll.zip
    12/10/2010 04:28 PM 854 _PPEset_.inf.zip
    12/10/2010 04:28 PM 177,593 _shellExt_.dll.zip
    12/10/2010 04:29 PM 707,606 _SysInspector_.exe.zip
    12/10/2010 04:29 PM 1,013,973 _SysRescue_.exe.zip
    12/10/2010 04:29 PM 210,283 _updater_.dll.zip
    63 File(s) 90,225,193 bytes

    Directory of C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers

    12/10/2010 04:24 PM <DIR> .
    12/10/2010 04:24 PM <DIR> ..
    12/10/2010 04:24 PM <DIR> eamon
    12/10/2010 04:24 PM <DIR> ehdrv
    12/10/2010 04:24 PM <DIR> epfw
    12/10/2010 04:24 PM <DIR> epfwndis
    12/10/2010 04:24 PM <DIR> epfwwfp
    0 File(s) 0 bytes

    Directory of C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\eamon

    12/10/2010 04:24 PM <DIR> .
    12/10/2010 04:24 PM <DIR> ..
    02/06/2009 02:19 PM 7,225 eamon.cat.vir
    02/06/2009 02:19 PM 1,523 eamon.inf.vir
    02/06/2009 02:19 PM 113,448 eamon.sys.vir
    3 File(s) 122,196 bytes

    Directory of C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\ehdrv

    12/10/2010 04:24 PM <DIR> .
    12/10/2010 04:24 PM <DIR> ..
    02/06/2009 02:23 PM 7,225 ehdrv.cat.vir
    02/06/2009 02:19 PM 1,483 ehdrv.inf.vir
    02/06/2009 02:23 PM 106,208 ehdrv.sys.vir
    3 File(s) 114,916 bytes

    Directory of C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\epfw

    12/10/2010 04:24 PM <DIR> .
    12/10/2010 04:24 PM <DIR> ..
    02/06/2009 02:24 PM 7,225 epfw.cat.vir
    02/06/2009 02:19 PM 1,493 epfw.inf.vir
    02/06/2009 02:24 PM 130,952 epfw.sys.vir
    3 File(s) 139,670 bytes

    Directory of C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\epfwndis

    12/10/2010 04:24 PM <DIR> .
    12/10/2010 04:24 PM <DIR> ..
    02/06/2009 02:24 PM 7,515 epfwndis.cat.vir
    02/06/2009 02:19 PM 3,421 epfwndis.inf.vir
    02/06/2009 02:24 PM 33,096 epfwndis.sys.vir
    02/06/2009 02:19 PM 1,461 epfwnd_m.inf.vir
    4 File(s) 45,493 bytes

    Directory of C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\epfwwfp

    12/10/2010 04:24 PM <DIR> .
    12/10/2010 04:24 PM <DIR> ..
    02/06/2009 02:24 PM 7,225 epfwwfp.cat.vir
    02/06/2009 02:19 PM 1,506 EpfwWfp.inf.vir
    02/06/2009 02:24 PM 38,240 EpfwWfp.sys.vir
    3 File(s) 46,971 bytes

    Directory of C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

    12/10/2010 04:28 PM <DIR> .
    12/10/2010 04:28 PM <DIR> ..
    07/11/2008 12:07 PM 29 chrome.manifest.vir
    12/10/2010 04:28 PM <DIR> Components
    12/10/2010 04:28 PM 924 _install_.rdf.zip
    2 File(s) 953 bytes

    Directory of C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird\Components

    12/10/2010 04:28 PM <DIR> .
    12/10/2010 04:28 PM <DIR> ..
    12/10/2010 04:28 PM 310,231 _eplgTb_.dll.zip
    12/10/2010 04:28 PM 1,162 _eplgTb_.xpt.zip
    2 File(s) 311,393 bytes

    Directory of C:\QooBox\Quarantine\C\Users

    12/09/2010 11:41 PM <DIR> .
    12/09/2010 11:41 PM <DIR> ..
    12/09/2010 11:41 PM <DIR> Default.Default-PC
    0 File(s) 0 bytes

    Directory of C:\QooBox\Quarantine\C\Users\Default.Default-PC

    12/09/2010 11:41 PM <DIR> .
    12/09/2010 11:41 PM <DIR> ..
    12/09/2010 11:41 PM <DIR> AppData
    0 File(s) 0 bytes

    Directory of C:\QooBox\Quarantine\C\Users\Default.Default-PC\AppData

    12/09/2010 11:41 PM <DIR> .
    12/09/2010 11:41 PM <DIR> ..
    12/10/2010 04:25 PM <DIR> Local
    12/09/2010 11:41 PM <DIR> Roaming
    0 File(s) 0 bytes

    Directory of C:\QooBox\Quarantine\C\Users\Default.Default-PC\AppData\Local

    12/10/2010 04:25 PM <DIR> .
    12/10/2010 04:25 PM <DIR> ..
    12/08/2010 03:15 PM 0 Bcizusevihe.bin.vir
    12/09/2010 11:41 PM <DIR> {3BAD1186-0B92-489D-A9A2-81E73CD607BC}
    1 File(s) 0 bytes

    Directory of C:\QooBox\Quarantine\C\Users\Default.Default-PC\AppData\Local\{3BAD1186-0B92-489D-A9A2-81E73CD607BC}

    12/09/2010 11:41 PM <DIR> .
    12/09/2010 11:41 PM <DIR> ..
    12/09/2010 11:41 PM <DIR> chrome
    12/08/2010 03:15 PM 764 install.rdf.vir
    1 File(s) 764 bytes

    Directory of C:\QooBox\Quarantine\C\Users\Default.Default-PC\AppData\Local\{3BAD1186-0B92-489D-A9A2-81E73CD607BC}\chrome

    12/09/2010 11:41 PM <DIR> .
    12/09/2010 11:41 PM <DIR> ..
    12/09/2010 11:41 PM <DIR> content
    0 File(s) 0 bytes

    Directory of C:\QooBox\Quarantine\C\Users\Default.Default-PC\AppData\Local\{3BAD1186-0B92-489D-A9A2-81E73CD607BC}\chrome\content

    12/09/2010 11:41 PM <DIR> .
    12/09/2010 11:41 PM <DIR> ..
    12/08/2010 03:15 PM 5,954 overlay.xul.vir
    1 File(s) 5,954 bytes

    Directory of C:\QooBox\Quarantine\C\Users\Default.Default-PC\AppData\Roaming

    12/09/2010 11:41 PM <DIR> .
    12/09/2010 11:41 PM <DIR> ..
    12/09/2010 11:41 PM <DIR> Adobe
    12/09/2010 11:41 PM <DIR> Microsoft
    0 File(s) 0 bytes

    Directory of C:\QooBox\Quarantine\C\Users\Default.Default-PC\AppData\Roaming\Adobe

    12/09/2010 11:41 PM <DIR> .
    12/09/2010 11:41 PM <DIR> ..
    03/08/2009 06:31 AM 45,568 AdobeUpdate .exe.vir
    1 File(s) 45,568 bytes

    Directory of C:\QooBox\Quarantine\C\Users\Default.Default-PC\AppData\Roaming\Microsoft

    12/09/2010 11:41 PM <DIR> .
    12/09/2010 11:41 PM <DIR> ..
    12/09/2010 11:41 PM <DIR> Windows
    0 File(s) 0 bytes

    Directory of C:\QooBox\Quarantine\C\Users\Default.Default-PC\AppData\Roaming\Microsoft\Windows

    12/09/2010 11:41 PM <DIR> .
    12/09/2010 11:41 PM <DIR> ..
    12/09/2010 11:41 PM <DIR> Recent
    0 File(s) 0 bytes

    Directory of C:\QooBox\Quarantine\C\Users\Default.Default-PC\AppData\Roaming\Microsoft\Windows\Recent

    12/09/2010 11:41 PM <DIR> .
    12/09/2010 11:41 PM <DIR> ..
    06/15/2010 06:41 PM 213 Half-Life 2.url.vir
    1 File(s) 213 bytes

    Directory of C:\QooBox\Quarantine\C\Windows

    12/09/2010 11:41 PM <DIR> .
    12/09/2010 11:41 PM <DIR> ..
    12/09/2010 11:41 PM <DIR> System32
    0 File(s) 0 bytes

    Directory of C:\QooBox\Quarantine\C\Windows\System32

    12/09/2010 11:41 PM <DIR> .
    12/09/2010 11:41 PM <DIR> ..
    01/08/2010 05:54 PM 2,344 11478.exe.vir
    01/08/2010 05:34 PM 2,344 15724.exe.vir
    01/08/2010 04:14 PM 2,344 18467.exe.vir
    01/08/2010 05:14 PM 2,344 19169.exe.vir
    01/08/2010 06:55 PM 2,344 24464.exe.vir
    01/08/2010 04:54 PM 2,344 26500.exe.vir
    01/08/2010 06:35 PM 2,344 26962.exe.vir
    01/08/2010 06:15 PM 2,344 29358.exe.vir
    01/08/2010 07:15 PM 2,344 5705.exe.vir
    01/08/2010 04:34 PM 2,344 6334.exe.vir
    10 File(s) 23,440 bytes

    Directory of C:\QooBox\Quarantine\Registry_backups

    12/10/2010 04:33 PM <DIR> .
    12/10/2010 04:33 PM <DIR> ..
    12/09/2010 11:49 PM 748 AddRemove-Octoshape add-in for Adobe Flash Player.reg.dat
    12/09/2010 11:49 PM 160 HKLM-Run-HSON.reg.dat
    12/09/2010 11:49 PM 161 HKLM-Run-TPwrMain.reg.dat
    12/10/2010 04:23 PM 1,088 Legacy_EPFWWFP.reg.dat
    12/09/2010 11:40 PM 1,114 Legacy__VOIDXXQIUVICII.reg.dat
    12/09/2010 11:49 PM 892 MSConfigStartUp-00TCrdMain.reg.dat
    12/09/2010 11:49 PM 856 MSConfigStartUp-diledevibe.reg.dat
    12/09/2010 11:49 PM 978 MSConfigStartUp-Google Update.reg.dat
    12/09/2010 11:49 PM 924 MSConfigStartUp-ITSecMng.reg.dat
    12/09/2010 11:49 PM 926 MSConfigStartUp-mplay32xe.reg.dat
    12/09/2010 11:49 PM 896 MSConfigStartUp-SmoothView.reg.dat
    12/09/2010 11:49 PM 924 MSConfigStartUp-swg.reg.dat
    12/09/2010 11:49 PM 810 MSConfigStartUp-TOSCDSPD.reg.dat
    12/09/2010 11:49 PM 932 MSConfigStartUp-Your Protection.reg.dat
    12/10/2010 04:24 PM 208 Service_EhttpSrv.reg.dat
    12/10/2010 04:23 PM 1,470 Service_ekrn.reg.dat
    12/10/2010 04:23 PM 1,212 Service_epfwwfp.reg.dat
    12/09/2010 11:40 PM 1,764 Service_Ias.reg.dat
    12/10/2010 04:23 PM 1,408 Service_monitor.reg.dat
    12/09/2010 11:40 PM 1,264 Service__VOIDxxqiuvicii.reg.dat
    12/10/2010 04:23 PM 4,955 tcpip.reg
    21 File(s) 23,690 bytes

    Directory of C:\QooBox\Test

    12/12/2010 07:16 PM <DIR> .
    12/12/2010 07:16 PM <DIR> ..
    0 File(s) 0 bytes

    Directory of C:\QooBox\TestC

    12/12/2010 07:16 PM <DIR> .
    12/12/2010 07:16 PM <DIR> ..
    0 File(s) 0 bytes

    Total Files Listed:
    151 File(s) 91,209,920 bytes
    98 Dir(s) 36,799,885,312 bytes free
     
  21. across151

    across151 TS Rookie Topic Starter Posts: 23

    Volume in drive C is SQ004710V01
    Volume Serial Number is 7813-5D2F

    Directory of C:\QooBox

    12/12/2010 07:19 PM <DIR> .
    12/12/2010 07:19 PM <DIR> ..
    12/10/2010 04:34 PM 8,330 Add-Remove Programs.txt
    12/12/2010 07:18 PM <DIR> BackEnv
    12/10/2010 04:14 PM 493 CFScript_used_2010-12-10_16.18.02.txt
    12/12/2010 07:15 PM 1,691 CFScript_used_2010-12-12_19.19.18.txt
    12/10/2010 04:34 PM 25,151 ComboFix2.txt
    12/09/2010 11:50 PM 20,817 ComboFix3.txt
    12/12/2010 07:16 PM <DIR> LastRun
    12/10/2010 04:18 PM <DIR> Quarantine
    12/10/2010 04:33 PM 0 SnapShot@2010-12-10_21.29.08.dat
    12/12/2010 07:16 PM <DIR> Test
    12/12/2010 07:16 PM <DIR> TestC
    6 File(s) 56,482 bytes

    Directory of C:\QooBox\BackEnv

    12/12/2010 07:18 PM <DIR> .
    12/12/2010 07:18 PM <DIR> ..
    12/12/2010 07:18 PM 136 AppData.folder.dat
    12/12/2010 07:18 PM 241 Cache.folder.dat
    12/12/2010 07:18 PM 73 Cookies.folder.dat
    12/12/2010 07:18 PM 94 Desktop.folder.dat
    12/12/2010 07:18 PM 134 Favorites.folder.dat
    12/12/2010 07:18 PM 71 History.folder.dat
    12/12/2010 07:18 PM 112 LocalAppData.folder.dat
    12/12/2010 07:18 PM 112 LocalSettings.folder.dat
    12/12/2010 07:18 PM 62 Music.folder.dat
    12/12/2010 07:18 PM 83 NetHood.folder.dat
    12/12/2010 07:18 PM 100 Personal.folder.dat
    12/12/2010 07:18 PM 97 Pictures.folder.dat
    12/12/2010 07:18 PM 83 PrintHood.folder.dat
    12/12/2010 07:18 PM 190 Profiles.Folder.dat
    12/12/2010 07:18 PM 269 Profiles.Folder.folder.dat
    12/12/2010 07:18 PM 370 Programs.folder.dat
    12/12/2010 07:18 PM 72 Recent.folder.dat
    12/12/2010 07:18 PM 72 SendTo.folder.dat
    12/12/2010 07:18 PM 5,330 SetPath.bat
    12/12/2010 07:18 PM 252 StartMenu.folder.dat
    12/12/2010 07:18 PM 410 StartUp.folder.dat
    12/12/2010 07:18 PM 829 SysPath.dat
    12/12/2010 07:18 PM 248 Templates.folder.dat
    12/12/2010 07:18 PM 2,160 VikPev00
    24 File(s) 11,600 bytes

    Directory of C:\QooBox\LastRun

    12/12/2010 07:16 PM <DIR> .
    12/12/2010 07:16 PM <DIR> ..
    0 File(s) 0 bytes

    Directory of C:\QooBox\Quarantine

    12/10/2010 04:18 PM <DIR> .
    12/10/2010 04:18 PM <DIR> ..
    12/10/2010 04:24 PM <DIR> C
    12/12/2010 07:19 PM 35,424 catchme.log
    12/12/2010 07:19 PM 0 catchme.txt
    12/10/2010 04:33 PM <DIR> Registry_backups
    2 File(s) 35,424 bytes

    Directory of C:\QooBox\Quarantine\C

    12/10/2010 04:24 PM <DIR> .
    12/10/2010 04:24 PM <DIR> ..
    12/10/2010 04:24 PM <DIR> Program Files
    12/09/2010 11:41 PM <DIR> Users
    12/09/2010 11:41 PM <DIR> Windows
    0 File(s) 0 bytes

    Directory of C:\QooBox\Quarantine\C\Program Files

    12/10/2010 04:24 PM <DIR> .
    12/10/2010 04:24 PM <DIR> ..
    12/10/2010 04:24 PM <DIR> ESET
    0 File(s) 0 bytes

    Directory of C:\QooBox\Quarantine\C\Program Files\ESET

    12/10/2010 04:24 PM <DIR> .
    12/10/2010 04:24 PM <DIR> ..
    12/10/2010 04:29 PM <DIR> ESET Smart Security
    0 File(s) 0 bytes

    Directory of C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security

    12/10/2010 04:29 PM <DIR> .
    12/10/2010 04:29 PM <DIR> ..
    12/10/2010 04:24 PM <DIR> Drivers
    01/27/2010 06:27 PM 225 mod_comp.dat.vir
    12/10/2010 04:28 PM <DIR> Mozilla Thunderbird
    12/10/2010 04:27 PM 61,213 _callmsi_.exe.zip
    12/10/2010 04:27 PM 137,800 _DMON_.dll.zip
    12/10/2010 04:27 PM 240,023 _ecls_.exe.zip
    12/10/2010 04:27 PM 43,526 _ecmd_.exe.zip
    12/10/2010 04:27 PM 47,618 _eeclnt_.exe.zip
    12/10/2010 04:27 PM 111,431 _eguiAmon_.dll.zip
    12/10/2010 04:27 PM 83,067 _eguiDmon_.dll.zip
    12/10/2010 04:27 PM 87,613 _eguiEmon_.dll.zip
    12/10/2010 04:27 PM 694,581 _eguiEpfw_.dll.zip
    12/10/2010 04:27 PM 82,300 _eguiMailPlugins_.dll.zip
    12/10/2010 04:27 PM 593,443 _eguiProduct_.dll.zip
    12/10/2010 04:27 PM 268,818 _eguiScan_.dll.zip
    12/10/2010 04:27 PM 147,130 _eguiSmon_.dll.zip
    12/10/2010 04:27 PM 205,187 _eguiUpdate_.dll.zip
    12/10/2010 04:27 PM 1,930,800 _egui_.exe.zip
    12/10/2010 04:27 PM 21,495 _EHttpSrv_.exe.zip
    12/10/2010 04:27 PM 136,213 _ekrnAmon_.dll.zip
    12/10/2010 04:27 PM 91,207 _ekrnDmon_.dll.zip
    12/10/2010 04:27 PM 92,475 _ekrnEmon_.dll.zip
    12/10/2010 04:27 PM 388,715 _ekrnEpfw_.dll.zip
    12/10/2010 04:27 PM 93,298 _ekrnMailPlugins_.dll.zip
    12/10/2010 04:27 PM 145,993 _ekrnScan_.dll.zip
    12/10/2010 04:27 PM 4,810,473 _ekrnSmonEngine_.dll.zip
    12/10/2010 04:27 PM 200,185 _ekrnSmon_.dll.zip
    12/10/2010 04:27 PM 141,693 _ekrnUpdate_.dll.zip
    12/10/2010 04:27 PM 671,136 _ekrn_.exe.zip
    12/10/2010 04:27 PM 97,454 _em000_32_.dat.zip
    12/10/2010 04:27 PM 834,652 _em001_32_.dat.zip
    12/10/2010 04:27 PM 56,272,608 _em002_32_.dat.zip
    12/10/2010 04:28 PM 917,794 _em003_32_.dat.zip
    12/10/2010 04:28 PM 927,722 _em004_32_.dat.zip
    12/10/2010 04:28 PM 100,612 _em005_32_.dat.zip
    12/10/2010 04:28 PM 147,386 _em006_32_.dat.zip
    12/10/2010 04:28 PM 444,844 _em008_32_.dat.zip
    12/10/2010 04:28 PM 2,049,356 _em009_32_.dat.zip
    12/10/2010 04:28 PM 356,072 _em010_32_.dat.zip
    12/10/2010 04:28 PM 76,216 _em013_32_.dat.zip
    12/10/2010 04:28 PM 12,993 _eplgHooks_.dll.zip
    12/10/2010 04:28 PM 193,056 _eplgOEEmon_.dll.zip
    12/10/2010 04:28 PM 260,444 _eplgOESmon_.dll.zip
    12/10/2010 04:28 PM 348,307 _eplgOE_.dll.zip
    12/10/2010 04:28 PM 156,631 _eplgOutlookEmon_.dll.zip
    12/10/2010 04:28 PM 296,508 _eplgOutlookSmon_.dll.zip
    12/10/2010 04:28 PM 263,918 _eplgOutlook_.dll.zip
    12/10/2010 04:28 PM 197,420 _eplgTbEmon_.dll.zip
    12/10/2010 04:28 PM 280,434 _eplgTbSmon_.dll.zip
    12/10/2010 04:28 PM 9,034,692 _eset_.chm.zip
    12/10/2010 04:28 PM 16,214 _eula_.rtf.zip
    12/10/2010 04:28 PM 70,296 _http_dll_.dll.zip
    12/10/2010 04:28 PM 1,033,260 _mfc80u_.dll.zip
    12/10/2010 04:28 PM 1,035,879 _mfc80_.dll.zip
    12/10/2010 04:25 PM 750 _Microsoft.VC80.CRT_.manifest.zip
    12/10/2010 04:25 PM 754 _Microsoft.VC80.MFCLOC_.manifest.zip
    12/10/2010 04:25 PM 808 _Microsoft.VC80.MFC_.manifest.zip
    12/10/2010 04:28 PM 297,748 _msvcp80_.dll.zip
    12/10/2010 04:28 PM 636,322 _msvcr80_.dll.zip
    12/10/2010 04:28 PM 226,076 _PPESET_.dll.zip
    12/10/2010 04:28 PM 854 _PPEset_.inf.zip
    12/10/2010 04:28 PM 177,593 _shellExt_.dll.zip
    12/10/2010 04:29 PM 707,606 _SysInspector_.exe.zip
    12/10/2010 04:29 PM 1,013,973 _SysRescue_.exe.zip
    12/10/2010 04:29 PM 210,283 _updater_.dll.zip
    63 File(s) 90,225,193 bytes

    Directory of C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers

    12/10/2010 04:24 PM <DIR> .
    12/10/2010 04:24 PM <DIR> ..
    12/10/2010 04:24 PM <DIR> eamon
    12/10/2010 04:24 PM <DIR> ehdrv
    12/10/2010 04:24 PM <DIR> epfw
    12/10/2010 04:24 PM <DIR> epfwndis
    12/10/2010 04:24 PM <DIR> epfwwfp
    0 File(s) 0 bytes

    Directory of C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\eamon

    12/10/2010 04:24 PM <DIR> .
    12/10/2010 04:24 PM <DIR> ..
    02/06/2009 02:19 PM 7,225 eamon.cat.vir
    02/06/2009 02:19 PM 1,523 eamon.inf.vir
    02/06/2009 02:19 PM 113,448 eamon.sys.vir
    3 File(s) 122,196 bytes

    Directory of C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\ehdrv

    12/10/2010 04:24 PM <DIR> .
    12/10/2010 04:24 PM <DIR> ..
    02/06/2009 02:23 PM 7,225 ehdrv.cat.vir
    02/06/2009 02:19 PM 1,483 ehdrv.inf.vir
    02/06/2009 02:23 PM 106,208 ehdrv.sys.vir
    3 File(s) 114,916 bytes

    Directory of C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\epfw

    12/10/2010 04:24 PM <DIR> .
    12/10/2010 04:24 PM <DIR> ..
    02/06/2009 02:24 PM 7,225 epfw.cat.vir
    02/06/2009 02:19 PM 1,493 epfw.inf.vir
    02/06/2009 02:24 PM 130,952 epfw.sys.vir
    3 File(s) 139,670 bytes

    Directory of C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\epfwndis

    12/10/2010 04:24 PM <DIR> .
    12/10/2010 04:24 PM <DIR> ..
    02/06/2009 02:24 PM 7,515 epfwndis.cat.vir
    02/06/2009 02:19 PM 3,421 epfwndis.inf.vir
    02/06/2009 02:24 PM 33,096 epfwndis.sys.vir
    02/06/2009 02:19 PM 1,461 epfwnd_m.inf.vir
    4 File(s) 45,493 bytes

    Directory of C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\epfwwfp

    12/10/2010 04:24 PM <DIR> .
    12/10/2010 04:24 PM <DIR> ..
    02/06/2009 02:24 PM 7,225 epfwwfp.cat.vir
    02/06/2009 02:19 PM 1,506 EpfwWfp.inf.vir
    02/06/2009 02:24 PM 38,240 EpfwWfp.sys.vir
    3 File(s) 46,971 bytes

    Directory of C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

    12/10/2010 04:28 PM <DIR> .
    12/10/2010 04:28 PM <DIR> ..
    07/11/2008 12:07 PM 29 chrome.manifest.vir
    12/10/2010 04:28 PM <DIR> Components
    12/10/2010 04:28 PM 924 _install_.rdf.zip
    2 File(s) 953 bytes

    Directory of C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird\Components

    12/10/2010 04:28 PM <DIR> .
    12/10/2010 04:28 PM <DIR> ..
    12/10/2010 04:28 PM 310,231 _eplgTb_.dll.zip
    12/10/2010 04:28 PM 1,162 _eplgTb_.xpt.zip
    2 File(s) 311,393 bytes

    Directory of C:\QooBox\Quarantine\C\Users

    12/09/2010 11:41 PM <DIR> .
    12/09/2010 11:41 PM <DIR> ..
    12/09/2010 11:41 PM <DIR> Default.Default-PC
    0 File(s) 0 bytes

    Directory of C:\QooBox\Quarantine\C\Users\Default.Default-PC

    12/09/2010 11:41 PM <DIR> .
    12/09/2010 11:41 PM <DIR> ..
    12/09/2010 11:41 PM <DIR> AppData
    0 File(s) 0 bytes

    Directory of C:\QooBox\Quarantine\C\Users\Default.Default-PC\AppData

    12/09/2010 11:41 PM <DIR> .
    12/09/2010 11:41 PM <DIR> ..
    12/10/2010 04:25 PM <DIR> Local
    12/09/2010 11:41 PM <DIR> Roaming
    0 File(s) 0 bytes

    Directory of C:\QooBox\Quarantine\C\Users\Default.Default-PC\AppData\Local

    12/10/2010 04:25 PM <DIR> .
    12/10/2010 04:25 PM <DIR> ..
    12/08/2010 03:15 PM 0 Bcizusevihe.bin.vir
    12/09/2010 11:41 PM <DIR> {3BAD1186-0B92-489D-A9A2-81E73CD607BC}
    1 File(s) 0 bytes

    Directory of C:\QooBox\Quarantine\C\Users\Default.Default-PC\AppData\Local\{3BAD1186-0B92-489D-A9A2-81E73CD607BC}

    12/09/2010 11:41 PM <DIR> .
    12/09/2010 11:41 PM <DIR> ..
    12/09/2010 11:41 PM <DIR> chrome
    12/08/2010 03:15 PM 764 install.rdf.vir
    1 File(s) 764 bytes

    Directory of C:\QooBox\Quarantine\C\Users\Default.Default-PC\AppData\Local\{3BAD1186-0B92-489D-A9A2-81E73CD607BC}\chrome

    12/09/2010 11:41 PM <DIR> .
    12/09/2010 11:41 PM <DIR> ..
    12/09/2010 11:41 PM <DIR> content
    0 File(s) 0 bytes

    Directory of C:\QooBox\Quarantine\C\Users\Default.Default-PC\AppData\Local\{3BAD1186-0B92-489D-A9A2-81E73CD607BC}\chrome\content

    12/09/2010 11:41 PM <DIR> .
    12/09/2010 11:41 PM <DIR> ..
    12/08/2010 03:15 PM 5,954 overlay.xul.vir
    1 File(s) 5,954 bytes

    Directory of C:\QooBox\Quarantine\C\Users\Default.Default-PC\AppData\Roaming

    12/09/2010 11:41 PM <DIR> .
    12/09/2010 11:41 PM <DIR> ..
    12/09/2010 11:41 PM <DIR> Adobe
    12/09/2010 11:41 PM <DIR> Microsoft
    0 File(s) 0 bytes

    Directory of C:\QooBox\Quarantine\C\Users\Default.Default-PC\AppData\Roaming\Adobe

    12/09/2010 11:41 PM <DIR> .
    12/09/2010 11:41 PM <DIR> ..
    03/08/2009 06:31 AM 45,568 AdobeUpdate .exe.vir
    1 File(s) 45,568 bytes

    Directory of C:\QooBox\Quarantine\C\Users\Default.Default-PC\AppData\Roaming\Microsoft

    12/09/2010 11:41 PM <DIR> .
    12/09/2010 11:41 PM <DIR> ..
    12/09/2010 11:41 PM <DIR> Windows
    0 File(s) 0 bytes

    Directory of C:\QooBox\Quarantine\C\Users\Default.Default-PC\AppData\Roaming\Microsoft\Windows

    12/09/2010 11:41 PM <DIR> .
    12/09/2010 11:41 PM <DIR> ..
    12/09/2010 11:41 PM <DIR> Recent
    0 File(s) 0 bytes

    Directory of C:\QooBox\Quarantine\C\Users\Default.Default-PC\AppData\Roaming\Microsoft\Windows\Recent

    12/09/2010 11:41 PM <DIR> .
    12/09/2010 11:41 PM <DIR> ..
    06/15/2010 06:41 PM 213 Half-Life 2.url.vir
    1 File(s) 213 bytes

    Directory of C:\QooBox\Quarantine\C\Windows

    12/09/2010 11:41 PM <DIR> .
    12/09/2010 11:41 PM <DIR> ..
    12/09/2010 11:41 PM <DIR> System32
    0 File(s) 0 bytes

    Directory of C:\QooBox\Quarantine\C\Windows\System32

    12/09/2010 11:41 PM <DIR> .
    12/09/2010 11:41 PM <DIR> ..
    01/08/2010 05:54 PM 2,344 11478.exe.vir
    01/08/2010 05:34 PM 2,344 15724.exe.vir
    01/08/2010 04:14 PM 2,344 18467.exe.vir
    01/08/2010 05:14 PM 2,344 19169.exe.vir
    01/08/2010 06:55 PM 2,344 24464.exe.vir
    01/08/2010 04:54 PM 2,344 26500.exe.vir
    01/08/2010 06:35 PM 2,344 26962.exe.vir
    01/08/2010 06:15 PM 2,344 29358.exe.vir
    01/08/2010 07:15 PM 2,344 5705.exe.vir
    01/08/2010 04:34 PM 2,344 6334.exe.vir
    10 File(s) 23,440 bytes

    Directory of C:\QooBox\Quarantine\Registry_backups

    12/10/2010 04:33 PM <DIR> .
    12/10/2010 04:33 PM <DIR> ..
    12/09/2010 11:49 PM 748 AddRemove-Octoshape add-in for Adobe Flash Player.reg.dat
    12/09/2010 11:49 PM 160 HKLM-Run-HSON.reg.dat
    12/09/2010 11:49 PM 161 HKLM-Run-TPwrMain.reg.dat
    12/10/2010 04:23 PM 1,088 Legacy_EPFWWFP.reg.dat
    12/09/2010 11:40 PM 1,114 Legacy__VOIDXXQIUVICII.reg.dat
    12/09/2010 11:49 PM 892 MSConfigStartUp-00TCrdMain.reg.dat
    12/09/2010 11:49 PM 856 MSConfigStartUp-diledevibe.reg.dat
    12/09/2010 11:49 PM 978 MSConfigStartUp-Google Update.reg.dat
    12/09/2010 11:49 PM 924 MSConfigStartUp-ITSecMng.reg.dat
    12/09/2010 11:49 PM 926 MSConfigStartUp-mplay32xe.reg.dat
    12/09/2010 11:49 PM 896 MSConfigStartUp-SmoothView.reg.dat
    12/09/2010 11:49 PM 924 MSConfigStartUp-swg.reg.dat
    12/09/2010 11:49 PM 810 MSConfigStartUp-TOSCDSPD.reg.dat
    12/09/2010 11:49 PM 932 MSConfigStartUp-Your Protection.reg.dat
    12/10/2010 04:24 PM 208 Service_EhttpSrv.reg.dat
    12/10/2010 04:23 PM 1,470 Service_ekrn.reg.dat
    12/10/2010 04:23 PM 1,212 Service_epfwwfp.reg.dat
    12/09/2010 11:40 PM 1,764 Service_Ias.reg.dat
    12/10/2010 04:23 PM 1,408 Service_monitor.reg.dat
    12/09/2010 11:40 PM 1,264 Service__VOIDxxqiuvicii.reg.dat
    12/10/2010 04:23 PM 4,955 tcpip.reg
    21 File(s) 23,690 bytes

    Directory of C:\QooBox\Test

    12/12/2010 07:16 PM <DIR> .
    12/12/2010 07:16 PM <DIR> ..
    0 File(s) 0 bytes

    Directory of C:\QooBox\TestC

    12/12/2010 07:16 PM <DIR> .
    12/12/2010 07:16 PM <DIR> ..
    0 File(s) 0 bytes

    Total Files Listed:
    151 File(s) 91,209,920 bytes
    98 Dir(s) 36,275,924,992 bytes free
     
  22. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    OK. Re-run Combofix with this code:

    Code:
    DEQUARANTINE::
    C:\QooBox\Quarantine\C\Program Files
    C:\QooBox\Quarantine\C\Program Files\ESET
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\eamon
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\ehdrv
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\epfw
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\epfwndis
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\epfwwfp
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird\Components
    QUIT::
    

    Save the above as CFScript.txt

    Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]

    Post DeQuarantine.txt log, restart computer and check on Eset.
     
  23. across151

    across151 TS Rookie Topic Starter Posts: 23

    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\mod_comp.dat -> C:\Program Files\ESET\ESET Smart Security\mod_comp.dat
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_callmsi_.exe.zip -> C:\Program Files\ESET\ESET Smart Security\_callmsi_.exe.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_DMON_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_DMON_.dll.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_ecls_.exe.zip -> C:\Program Files\ESET\ESET Smart Security\_ecls_.exe.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_ecmd_.exe.zip -> C:\Program Files\ESET\ESET Smart Security\_ecmd_.exe.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_eeclnt_.exe.zip -> C:\Program Files\ESET\ESET Smart Security\_eeclnt_.exe.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_eguiAmon_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_eguiAmon_.dll.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_eguiDmon_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_eguiDmon_.dll.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_eguiEmon_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_eguiEmon_.dll.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_eguiEpfw_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_eguiEpfw_.dll.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_eguiMailPlugins_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_eguiMailPlugins_.dll.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_eguiProduct_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_eguiProduct_.dll.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_eguiScan_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_eguiScan_.dll.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_eguiSmon_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_eguiSmon_.dll.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_eguiUpdate_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_eguiUpdate_.dll.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_egui_.exe.zip -> C:\Program Files\ESET\ESET Smart Security\_egui_.exe.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_EHttpSrv_.exe.zip -> C:\Program Files\ESET\ESET Smart Security\_EHttpSrv_.exe.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_ekrnAmon_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_ekrnAmon_.dll.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_ekrnDmon_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_ekrnDmon_.dll.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_ekrnEmon_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_ekrnEmon_.dll.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_ekrnEpfw_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_ekrnEpfw_.dll.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_ekrnMailPlugins_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_ekrnMailPlugins_.dll.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_ekrnScan_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_ekrnScan_.dll.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_ekrnSmonEngine_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_ekrnSmonEngine_.dll.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_ekrnSmon_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_ekrnSmon_.dll.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_ekrnUpdate_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_ekrnUpdate_.dll.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_ekrn_.exe.zip -> C:\Program Files\ESET\ESET Smart Security\_ekrn_.exe.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_em000_32_.dat.zip -> C:\Program Files\ESET\ESET Smart Security\_em000_32_.dat.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_em001_32_.dat.zip -> C:\Program Files\ESET\ESET Smart Security\_em001_32_.dat.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_em002_32_.dat.zip -> C:\Program Files\ESET\ESET Smart Security\_em002_32_.dat.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_em003_32_.dat.zip -> C:\Program Files\ESET\ESET Smart Security\_em003_32_.dat.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_em004_32_.dat.zip -> C:\Program Files\ESET\ESET Smart Security\_em004_32_.dat.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_em005_32_.dat.zip -> C:\Program Files\ESET\ESET Smart Security\_em005_32_.dat.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_em006_32_.dat.zip -> C:\Program Files\ESET\ESET Smart Security\_em006_32_.dat.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_em008_32_.dat.zip -> C:\Program Files\ESET\ESET Smart Security\_em008_32_.dat.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_em009_32_.dat.zip -> C:\Program Files\ESET\ESET Smart Security\_em009_32_.dat.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_em010_32_.dat.zip -> C:\Program Files\ESET\ESET Smart Security\_em010_32_.dat.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_em013_32_.dat.zip -> C:\Program Files\ESET\ESET Smart Security\_em013_32_.dat.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_eplgHooks_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_eplgHooks_.dll.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_eplgOEEmon_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_eplgOEEmon_.dll.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_eplgOESmon_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_eplgOESmon_.dll.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_eplgOE_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_eplgOE_.dll.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_eplgOutlookEmon_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_eplgOutlookEmon_.dll.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_eplgOutlookSmon_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_eplgOutlookSmon_.dll.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_eplgOutlook_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_eplgOutlook_.dll.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_eplgTbEmon_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_eplgTbEmon_.dll.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_eplgTbSmon_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_eplgTbSmon_.dll.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_eset_.chm.zip -> C:\Program Files\ESET\ESET Smart Security\_eset_.chm.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_eula_.rtf.zip -> C:\Program Files\ESET\ESET Smart Security\_eula_.rtf.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_http_dll_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_http_dll_.dll.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_mfc80u_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_mfc80u_.dll.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_mfc80_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_mfc80_.dll.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_Microsoft.VC80.CRT_.manifest.zip -> C:\Program Files\ESET\ESET Smart Security\_Microsoft.VC80.CRT_.manifest.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_Microsoft.VC80.MFCLOC_.manifest.zip -> C:\Program Files\ESET\ESET Smart Security\_Microsoft.VC80.MFCLOC_.manifest.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_Microsoft.VC80.MFC_.manifest.zip -> C:\Program Files\ESET\ESET Smart Security\_Microsoft.VC80.MFC_.manifest.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_msvcp80_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_msvcp80_.dll.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_msvcr80_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_msvcr80_.dll.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_PPESET_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_PPESET_.dll.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_PPEset_.inf.zip -> C:\Program Files\ESET\ESET Smart Security\_PPEset_.inf.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_shellExt_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_shellExt_.dll.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_SysInspector_.exe.zip -> C:\Program Files\ESET\ESET Smart Security\_SysInspector_.exe.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_SysRescue_.exe.zip -> C:\Program Files\ESET\ESET Smart Security\_SysRescue_.exe.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_updater_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_updater_.dll.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\eamon\eamon.cat -> C:\Program Files\ESET\ESET Smart Security\Drivers\eamon\eamon.cat
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\eamon\eamon.inf -> C:\Program Files\ESET\ESET Smart Security\Drivers\eamon\eamon.inf
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\eamon\eamon.sys -> C:\Program Files\ESET\ESET Smart Security\Drivers\eamon\eamon.sys
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\ehdrv\ehdrv.cat -> C:\Program Files\ESET\ESET Smart Security\Drivers\ehdrv\ehdrv.cat
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\ehdrv\ehdrv.inf -> C:\Program Files\ESET\ESET Smart Security\Drivers\ehdrv\ehdrv.inf
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\ehdrv\ehdrv.sys -> C:\Program Files\ESET\ESET Smart Security\Drivers\ehdrv\ehdrv.sys
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\epfw\epfw.cat -> C:\Program Files\ESET\ESET Smart Security\Drivers\epfw\epfw.cat
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\epfw\epfw.inf -> C:\Program Files\ESET\ESET Smart Security\Drivers\epfw\epfw.inf
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\epfw\epfw.sys -> C:\Program Files\ESET\ESET Smart Security\Drivers\epfw\epfw.sys
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\epfwndis\epfwndis.cat -> C:\Program Files\ESET\ESET Smart Security\Drivers\epfwndis\epfwndis.cat
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\epfwndis\epfwndis.inf -> C:\Program Files\ESET\ESET Smart Security\Drivers\epfwndis\epfwndis.inf
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\epfwndis\epfwndis.sys -> C:\Program Files\ESET\ESET Smart Security\Drivers\epfwndis\epfwndis.sys
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\epfwndis\epfwnd_m.inf -> C:\Program Files\ESET\ESET Smart Security\Drivers\epfwndis\epfwnd_m.inf
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\epfwwfp\epfwwfp.cat -> C:\Program Files\ESET\ESET Smart Security\Drivers\epfwwfp\epfwwfp.cat
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\epfwwfp\EpfwWfp.inf -> C:\Program Files\ESET\ESET Smart Security\Drivers\epfwwfp\EpfwWfp.inf
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\epfwwfp\EpfwWfp.sys -> C:\Program Files\ESET\ESET Smart Security\Drivers\epfwwfp\EpfwWfp.sys
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird\chrome.manifest -> C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird\chrome.manifest
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird\_install_.rdf.zip -> C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird\_install_.rdf.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird\Components\_eplgTb_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird\Components\_eplgTb_.dll.zip
    C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird\Components\_eplgTb_.xpt.zip -> C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird\Components\_eplgTb_.xpt.zip
    83 File(s) copied
     
  24. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    How is Eset doing?
     
  25. across151

    across151 TS Rookie Topic Starter Posts: 23

    still getting "insufficient privilages" error. I still cant download anything either, maybe its related to combofix since i havent been able to download anything on this machine since the first time i ran combofix
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.