Solved Redirected from Google search results to other malicious websites

[across151]

-google search results being redirected to random sites
-rouge antivirus installed itself (possibly from mis-clicking one of the malicious sites that i was redirected to)
-cannot open any other web browser except firefox, so i tried to reinstall google chrome but it crashes during installation

i've gotten rid of the rouge AV with a malwarebytes full scan but everything else is still there.
I also used Dr. Web CureIt! after scanning it with malwarebytes it found and deleted one backdoor


Logs:
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5274

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

12/8/2010 4:03:32 PM
mbam-log-2010-12-08 (16-03-32).txt

Scan type: Quick scan
Objects scanned: 144350
Time elapsed: 4 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\_VOID (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\_VOIDd.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\7bde84a2-f58f-46ec-9eac-f1f90fead080 (Malware.Trace) -> Value: 7bde84a2-f58f-46ec-9eac-f1f90fead080 -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\x32dott.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
c:\programdata\fiosejgfse.dll (Rogue.Trace) -> Quarantined and deleted successfully.
c:\Users\default.default-pc\favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\_voidufyppipkmi.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Windows\System32\jeruvote.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Windows\System32\lugikeso.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Windows\System32\warning.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.







GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-08 21:01:11
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdePort0 FUJITSU_MHZ2320BH_G1 rev.0040020C
Running: 6qh1o9rb.exe; Driver: C:\Users\DEFAUL~1.DEF\AppData\Local\Temp\pxrdifod.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 01: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 02: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 03: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 04: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 05: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 06: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 08: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 29: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 39: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 49: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 625142192 (+255): rootkit-like behavior;

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdePort0 859251F8
Device \Driver\atapi \Device\Ide\IdePort1 859251F8
Device \Driver\atapi \Device\Ide\IdePort2 859251F8
Device \Driver\atapi \Device\Ide\IdePort3 859251F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-3 859251F8
Device \Driver\msahci \Device\Ide\PciIde0Channel0 859261F8
Device \Driver\msahci \Device\Ide\PciIde0Channel1 859261F8
Device \Driver\msahci \Device\Ide\PciIde0Channel4 859261F8
Device \Driver\msahci \Device\Ide\PciIde0Channel5 859261F8
Device \Driver\ayw0f0ry \Device\Scsi\ayw0f0ry1 86C4E1F8
Device \Driver\ayw0f0ry \Device\Scsi\ayw0f0ry1Port5Path0Target0Lun0 86C4E1F8
Device \FileSystem\Ntfs \Ntfs 859271F8

AttachedDevice \Driver\tdx \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskFUJITSU_MHZ2320BH_G1____________________0040020C#5&2fad11e1&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----








DDS (Ver_10-12-05.01) - NTFSx86
Run by Default at 21:02:25.27 on Wed 12/08/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.2026 [GMT -5:00]

AV: Norton 360 *On-access scanning disabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
AV: Your Protection *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton 360 *disabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Default.Default-PC\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.5\UIBHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Google Update] "c:\users\default.default-pc\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NDSTray.exe] NDSTray.exe
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: merulizo.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli merulizo.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\defaul~1.def\appdata\roaming\mozilla\firefox\profiles\5tq1v4q7.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\users\default.default-pc\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Skype extension for Firefox: {B13721C7-F507-4982-B2E5-502A71474FED} - c:\program files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\users\defaul~1.def\appdata\roaming\mozilla\firefox\profiles\5tq1v4q7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\defaul~1.def\appdata\roaming\mozilla\firefox\profiles\5tq1v4q7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - c:\users\defaul~1.def\appdata\roaming\mozilla\firefox\profiles\5tq1v4q7.default\extensions\battlefieldheroespatcher@ea.com

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 106208]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20090625.001\IDSvix86.sys [2009-6-30 272432]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-2-6 727720]
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-2-6 38240]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-2-12 7168]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Ias;Windows Protected Services;c:\windows\system32\svchost.exe -k netsvcs [2008-1-20 21504]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2007-9-6 13824]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2007-10-12 99200]
S3 SQTECH9051;DB VGA Cam;c:\windows\system32\drivers\Capt9051.sys [2010-2-28 41216]
S3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2007-1-9 38200]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]
S4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2008-2-12 1251720]
S4 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]

=============== Created Last 30 ================

2010-12-09 00:37:47 -------- d-----w- c:\users\default.default-pc\DoctorWeb
2010-12-08 22:27:23 48640 ---ha-w- c:\windows\system32\cselntui.dll
2010-12-08 20:57:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-08 20:57:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-08 20:57:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-08 20:56:12 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{ecc51ce2-0aca-4c6c-bf54-d5fa89c12a44}\mpengine.dll
2010-12-08 20:15:02 0 ----a-w- c:\users\defaul~1.def\appdata\local\Bcizusevihe.bin
2010-12-08 20:15:00 -------- d-----w- c:\users\defaul~1.def\appdata\local\{3BAD1186-0B92-489D-A9A2-81E73CD607BC}
2010-11-24 13:49:14 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-11-23 23:28:20 -------- d-----w- c:\users\defaul~1.def\appdata\local\FalloutNV
2010-11-17 23:09:27 -------- d-----w- c:\program files\iPod
2010-11-17 23:08:49 -------- d-----w- c:\program files\iTunes
2010-11-10 21:46:35 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

==================== Find3M ====================

2010-12-04 19:12:29 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-12-04 19:12:29 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-12-04 19:12:26 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2010-12-03 01:44:19 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-10-26 02:06:29 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-14 06:36:52 15451288 ----a-w- c:\windows\system32\xlive.dll
2010-10-14 06:36:50 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2010-09-28 20:44:52 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-13 13:56:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: FUJITSU_MHZ2320BH_G1 rev.0040020C -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x86870555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x868767b0]; MOV EAX, [0x8687682c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82255962] -> \Device\Harddisk0\DR0[0x861D3AC8]
3 CLASSPNP[0x8A7138B3] -> ntkrnlpa!IofCallDriver[0x82255962] -> [0x8597F860]
5 acpi[0x807BE6BC] -> ntkrnlpa!IofCallDriver[0x82255962] -> [0x859A7230]
\Driver\atapi[0x862D61A8] -> IRP_MJ_CREATE -> 0x86870555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskFUJITSU_MHZ2320BH_G1____________________0040020C#5&2fad11e1&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi -> 0x859251f8
user != kernel MBR !!!
sectors 625142446 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 21:04:04.00 ===============









UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-05.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/8/2009 6:59:00 PM
System Uptime: 12/8/2010 8:49:27 PM (1 hours ago)

Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz | CPU | 2000/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 290 GiB total, 31.763 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Chicony USB 2.0 Camera
Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_FF1E1179&REV_03\3&21436425&0&FB
Manufacturer: Chicony
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_FF1E1179&REV_03\3&21436425&0&FB
Service: usbvideo

==== System Restore Points ===================


==== Installed Programs ======================

µTorrent
AC3Filter (remove only)
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.2.3
Adobe Stock Photos 1.0
Any Video Converter 3.1.2
AppCore
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
ATI Catalyst Install Manager
Auslogics Disk Defrag
AV
Bluetooth Stack for Windows by Toshiba
BlueWare
Bonjour
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Camera Assistant Software for Toshiba
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Dutch
CCC Help English
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Portuguese
CCC Help Spanish
CCC Help Swedish
ccCommon
CCleaner
CD/DVD Drive Acoustic Silencer
Creative WebCam Instant Driver (1.01.02.0729)
CyberLink PowerCinema for TOSHIBA
DB VGA Cam
Dead Space™
Detector Tools
Digital Blue Photo Downloader
Dragon Age: Origins
DVD MovieFactory for TOSHIBA
ESET Smart Security
Fallout New Vegas
foobar2000 v1.1
GearDrvs
GeoGebra
Google Chrome
Google Desktop
Guitar Pro 5.2
Half-Life 2
Half-Life 2: Deathmatch
HamsterFreeVideoConverter
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP USB Disk Storage Format Tool
Interactive Precalculus Sixth Edition
iPodCopy
iTunes
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 3
Juniper Networks Setup Client
Juniper Networks Setup Client Activex Control
K-Lite Codec Pack 5.0.5 (Basic)
Lexmark 2400 Series
LimeWire 5.5.16
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware
Memeo AutoBackup
Messenger Plus! Live
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft XML Parser
Mobile Broadband Generic Drivers
Mozilla Firefox (3.6.6)
MSVCRT
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
My Secret Circle
Napster
Napster Burn Engine
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 Help
Norton Confidential Browser Component
Norton Confidential Web Authentification Component
Norton Confidential Web Protection Component
NVIDIA PhysX
Octoshape add-in for Adobe Flash Player
OGA Notifier 2.0.0048.0
ooVoo
PartitionMagic
PeerGuardian 2.0
Picasa 2
Portal
PowerQuest PartitionMagic 8.0
QiGODiscoveryAgent
QuickBooks Financial Center
QuickTime
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
RESIDENT EVIL 5
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Skins
Skype web features
Skype™ 4.1
SPBBC 32bit
Sprint Mobile Broadband (Novatel Wireless) - Lite
StarCraft II
Steam
SuppSoft
Symantec Real Time Storage Protection Component
Symantec Technical Support Controls
SymNet
Synaptics Pointing Device Driver
System Requirements Lab
System Requirements Lab CYRI
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Games
TOSHIBA Hardware Setup
TOSHIBA Recovery Disc Creator
Toshiba Registration
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2443839)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Warhammer® 40,000™: Dawn of War® II
Winamp
Winamp Detector Plug-in
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live Upload Tool
Windows Media Encoder 9 Series
WinRAR archiver
Yahoo! Messenger
Yahoo! Toolbar
YouTube Downloader 2.5.4

==== End Of File ===========================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

========================================================================

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[across151]

2010/12/09 15:46:52.0698 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2010/12/09 15:46:52.0698 ================================================================================
2010/12/09 15:46:52.0698 SystemInfo:
2010/12/09 15:46:52.0698
2010/12/09 15:46:52.0698 OS Version: 6.0.6002 ServicePack: 2.0
2010/12/09 15:46:52.0698 Product type: Workstation
2010/12/09 15:46:52.0698 ComputerName: DEFAULT-PC
2010/12/09 15:46:52.0698 UserName: Default
2010/12/09 15:46:52.0698 Windows directory: C:\Windows
2010/12/09 15:46:52.0698 System windows directory: C:\Windows
2010/12/09 15:46:52.0698 Processor architecture: Intel x86
2010/12/09 15:46:52.0698 Number of processors: 2
2010/12/09 15:46:52.0698 Page size: 0x1000
2010/12/09 15:46:52.0698 Boot type: Normal boot
2010/12/09 15:46:52.0698 ================================================================================
2010/12/09 15:46:58.0330 Initialize success
2010/12/09 15:47:05.0256 ================================================================================
2010/12/09 15:47:05.0256 Scan started
2010/12/09 15:47:05.0256 Mode: Manual;
2010/12/09 15:47:05.0256 ================================================================================
2010/12/09 15:47:05.0740 61883 (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys
2010/12/09 15:47:05.0802 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/12/09 15:47:05.0927 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/12/09 15:47:06.0005 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/12/09 15:47:06.0052 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/12/09 15:47:06.0099 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/12/09 15:47:06.0192 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/12/09 15:47:06.0364 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
2010/12/09 15:47:06.0489 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/12/09 15:47:06.0551 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/12/09 15:47:06.0598 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/12/09 15:47:06.0660 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/12/09 15:47:06.0723 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/12/09 15:47:06.0769 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/12/09 15:47:06.0801 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2010/12/09 15:47:06.0910 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/12/09 15:47:06.0988 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/12/09 15:47:07.0066 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/09 15:47:07.0113 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/12/09 15:47:07.0284 atikmdag (d5ab32f003780f21325f1c1df613f867) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/12/09 15:47:07.0456 Avc (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys
2010/12/09 15:47:07.0549 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/12/09 15:47:07.0627 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/12/09 15:47:07.0752 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/09 15:47:07.0861 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/12/09 15:47:07.0908 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/12/09 15:47:07.0986 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/12/09 15:47:08.0064 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/12/09 15:47:08.0127 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/12/09 15:47:08.0173 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/12/09 15:47:08.0251 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/12/09 15:47:08.0392 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/09 15:47:08.0439 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\Windows\system32\drivers\Cdr4_xp.sys
2010/12/09 15:47:08.0470 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\Windows\system32\drivers\Cdralw2k.sys
2010/12/09 15:47:08.0563 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/09 15:47:08.0673 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2010/12/09 15:47:08.0735 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/12/09 15:47:08.0875 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/09 15:47:08.0953 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/12/09 15:47:09.0000 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/09 15:47:09.0094 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/12/09 15:47:09.0156 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/12/09 15:47:09.0281 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/12/09 15:47:09.0390 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/12/09 15:47:09.0515 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2010/12/09 15:47:09.0577 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2010/12/09 15:47:09.0640 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2010/12/09 15:47:09.0749 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/12/09 15:47:09.0843 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/09 15:47:09.0921 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/12/09 15:47:10.0061 eamon (59d9e5dbcfef1e0e3dbac1b55c718f2d) C:\Windows\system32\DRIVERS\eamon.sys
2010/12/09 15:47:10.0342 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/12/09 15:47:10.0435 eeCtrl (70aeac5d481b2904b40f2173e280b1b5) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/12/09 15:47:10.0576 ehdrv (3bd67a869964bf57266cbbd1dca38c6a) C:\Windows\system32\DRIVERS\ehdrv.sys
2010/12/09 15:47:10.0716 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/12/09 15:47:10.0794 epfw (1a7384d0684adc204178f593994194b1) C:\Windows\system32\DRIVERS\epfw.sys
2010/12/09 15:47:10.0825 Epfwndis (82ccb9d92dd674f3a4758f4a6a18fc1c) C:\Windows\system32\DRIVERS\Epfwndis.sys
2010/12/09 15:47:10.0950 epfwwfp (a42d685fba0055386871c8f0a9bb40a5) C:\Windows\system32\DRIVERS\epfwwfp.sys
2010/12/09 15:47:11.0044 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2010/12/09 15:47:11.0153 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/12/09 15:47:11.0215 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/12/09 15:47:11.0325 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/09 15:47:11.0418 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/12/09 15:47:11.0465 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/12/09 15:47:11.0512 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/09 15:47:11.0574 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/12/09 15:47:11.0730 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/09 15:47:11.0824 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
2010/12/09 15:47:11.0886 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/12/09 15:47:11.0980 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2010/12/09 15:47:12.0120 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/12/09 15:47:12.0198 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/09 15:47:12.0276 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/12/09 15:47:12.0323 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/12/09 15:47:12.0432 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/09 15:47:12.0510 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/12/09 15:47:12.0588 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/12/09 15:47:12.0666 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/12/09 15:47:12.0760 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/09 15:47:12.0885 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/12/09 15:47:13.0041 IDSvix86 (74f2b7d99b8613eac36edf22a2ab3b08) C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20090625.001\IDSvix86.sys
2010/12/09 15:47:13.0134 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/12/09 15:47:13.0290 IntcAzAudAddService (8a4341616976e47712b60f18c7049dcc) C:\Windows\system32\drivers\RTKVHDA.sys
2010/12/09 15:47:13.0353 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/12/09 15:47:13.0384 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/09 15:47:13.0509 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/09 15:47:13.0602 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/12/09 15:47:13.0680 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/12/09 15:47:13.0758 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/12/09 15:47:13.0852 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/12/09 15:47:13.0914 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/09 15:47:13.0977 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/12/09 15:47:14.0039 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/12/09 15:47:14.0070 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/09 15:47:14.0179 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2010/12/09 15:47:14.0257 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
2010/12/09 15:47:14.0351 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
2010/12/09 15:47:14.0413 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/09 15:47:14.0585 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/09 15:47:14.0632 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/12/09 15:47:14.0694 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/12/09 15:47:14.0772 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/12/09 15:47:14.0835 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/12/09 15:47:14.0991 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/12/09 15:47:15.0100 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/12/09 15:47:15.0209 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/12/09 15:47:15.0287 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/09 15:47:15.0365 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/09 15:47:15.0412 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/09 15:47:15.0443 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/12/09 15:47:15.0490 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/12/09 15:47:15.0552 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/09 15:47:15.0630 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/12/09 15:47:15.0708 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/12/09 15:47:15.0755 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/09 15:47:15.0802 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/09 15:47:15.0895 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/09 15:47:15.0989 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
2010/12/09 15:47:16.0036 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/12/09 15:47:16.0129 MSDV (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys
2010/12/09 15:47:16.0207 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/12/09 15:47:16.0285 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/12/09 15:47:16.0379 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/09 15:47:16.0426 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/09 15:47:16.0473 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/12/09 15:47:16.0551 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/12/09 15:47:16.0597 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/09 15:47:16.0691 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/12/09 15:47:16.0738 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/12/09 15:47:16.0847 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/09 15:47:17.0065 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/12/09 15:47:17.0159 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/09 15:47:17.0190 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/09 15:47:17.0284 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/09 15:47:17.0346 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/12/09 15:47:17.0377 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/09 15:47:17.0455 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/09 15:47:17.0643 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
2010/12/09 15:47:17.0845 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
2010/12/09 15:47:18.0017 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/12/09 15:47:18.0095 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/12/09 15:47:18.0157 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/09 15:47:18.0220 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/12/09 15:47:18.0329 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/12/09 15:47:18.0438 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
2010/12/09 15:47:18.0485 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/12/09 15:47:18.0547 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/12/09 15:47:18.0641 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/12/09 15:47:18.0703 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/12/09 15:47:18.0813 NWADI (67fb86eeb94059177642050718d57460) C:\Windows\system32\DRIVERS\NWADIenum.sys
2010/12/09 15:47:18.0969 NWUSBCDFIL (ab2155b8acdf07e63e26c9a0ed07b825) C:\Windows\system32\DRIVERS\NwUsbCdFil.sys
2010/12/09 15:47:19.0015 NWUSBModem (4e651808b35656ac88a4dcdaf6cc1169) C:\Windows\system32\DRIVERS\nwusbmdm.sys
2010/12/09 15:47:19.0047 NWUSBPort (4e651808b35656ac88a4dcdaf6cc1169) C:\Windows\system32\DRIVERS\nwusbser.sys
2010/12/09 15:47:19.0062 NWUSBPort2 (4e651808b35656ac88a4dcdaf6cc1169) C:\Windows\system32\DRIVERS\nwusbser2.sys
2010/12/09 15:47:19.0171 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/09 15:47:19.0281 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/12/09 15:47:19.0343 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/12/09 15:47:19.0390 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/12/09 15:47:19.0483 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\Drivers\PCASp50.sys
2010/12/09 15:47:19.0561 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/12/09 15:47:19.0624 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2010/12/09 15:47:19.0702 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/12/09 15:47:19.0811 PD0620VID (4431f2fa27f56f4bc654b0af5810cc91) C:\Windows\system32\DRIVERS\P0620Vid.sys
2010/12/09 15:47:19.0920 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/12/09 15:47:20.0061 pgfilter (2cf226173b467ab48f89d77e89936951) C:\Program Files\PeerGuardian2\pgfilter.sys
2010/12/09 15:47:20.0201 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/09 15:47:20.0326 PQNTDrv (4228630829c0e521c43d882a00533374) C:\Windows\system32\drivers\PQNTDrv.sys
2010/12/09 15:47:20.0388 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/12/09 15:47:20.0466 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/09 15:47:20.0529 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\Windows\system32\Drivers\PxHelp20.sys
2010/12/09 15:47:20.0638 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/12/09 15:47:20.0716 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/12/09 15:47:20.0763 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/09 15:47:20.0809 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/09 15:47:20.0872 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/09 15:47:20.0950 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/09 15:47:21.0012 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/09 15:47:21.0059 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/09 15:47:21.0121 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/09 15:47:21.0184 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2010/12/09 15:47:21.0246 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/09 15:47:21.0309 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/12/09 15:47:21.0433 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
2010/12/09 15:47:21.0511 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
2010/12/09 15:47:21.0558 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
2010/12/09 15:47:21.0667 RMCAST (eec7ee5675294b03e88aa868540007c1) C:\Windows\system32\DRIVERS\RMCAST.sys
2010/12/09 15:47:21.0745 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/09 15:47:21.0855 RTHDMIAzAudService (9bb3b278b082acd7dad7b6f4fa442e30) C:\Windows\system32\drivers\RtHDMIV.sys
2010/12/09 15:47:21.0901 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
2010/12/09 15:47:21.0979 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/12/09 15:47:22.0120 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2010/12/09 15:47:22.0213 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/12/09 15:47:22.0291 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/12/09 15:47:22.0369 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/12/09 15:47:22.0447 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2010/12/09 15:47:22.0525 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/12/09 15:47:22.0603 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2010/12/09 15:47:22.0666 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/12/09 15:47:22.0744 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/12/09 15:47:22.0791 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/12/09 15:47:22.0869 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/12/09 15:47:22.0962 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/12/09 15:47:23.0087 SPBBCDrv (cdea9a0a0e547fef4c44ccae35a9b09c) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2010/12/09 15:47:23.0149 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/12/09 15:47:23.0290 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2010/12/09 15:47:23.0290 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2010/12/09 15:47:23.0305 sptd - detected Locked file (1)
2010/12/09 15:47:23.0399 SQTECH9051 (2a2a3630f0c4771319b90d1b63c4b999) C:\Windows\system32\Drivers\Capt9051.sys
2010/12/09 15:47:23.0493 SRTSP (655773f2f1a3730c6cf20280a49f4ee1) C:\Windows\system32\Drivers\SRTSP.SYS
2010/12/09 15:47:23.0571 SRTSPL (2a0aaf370d4c6574a34ae2f4a0709cae) C:\Windows\system32\Drivers\SRTSPL.SYS
2010/12/09 15:47:23.0617 SRTSPX (3104bdceace2d5710776dd05e6a286c1) C:\Windows\system32\Drivers\SRTSPX.SYS
2010/12/09 15:47:23.0680 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2010/12/09 15:47:23.0742 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/09 15:47:23.0805 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/09 15:47:23.0914 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/09 15:47:23.0961 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/12/09 15:47:24.0023 SYMDNS (a16d76baa5d2cbe45c57fa582c1208e5) C:\Windows\System32\Drivers\SYMDNS.SYS
2010/12/09 15:47:24.0085 SymEvent (06b95820df51502099a8a15c93e87986) C:\Windows\system32\Drivers\SYMEVENT.SYS
2010/12/09 15:47:24.0163 SYMFW (c64d200569a18ea6c676266dee3ac158) C:\Windows\System32\Drivers\SYMFW.SYS
2010/12/09 15:47:24.0226 SYMIDS (7764d3d7a3c858f04ced3c1f16410d89) C:\Windows\System32\Drivers\SYMIDS.SYS
2010/12/09 15:47:24.0319 SYMNDISV (d193684004658fe4f3f143ca6dd9ef8b) C:\Windows\System32\Drivers\SYMNDISV.SYS
2010/12/09 15:47:24.0397 SYMREDRV (829830a3ca1c5e329d68e26c9cd2de8d) C:\Windows\System32\Drivers\SYMREDRV.SYS
2010/12/09 15:47:24.0444 SYMTDI (b1aa9704124b494c34e8d372e6654196) C:\Windows\System32\Drivers\SYMTDI.SYS
2010/12/09 15:47:24.0522 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/12/09 15:47:24.0585 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/12/09 15:47:24.0663 SynTP (70534d1e4f9ac990536d5fb5b550b3de) C:\Windows\system32\DRIVERS\SynTP.sys
2010/12/09 15:47:24.0772 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/12/09 15:47:24.0850 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/09 15:47:24.0912 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/09 15:47:25.0006 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2010/12/09 15:47:25.0068 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/12/09 15:47:25.0146 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/12/09 15:47:25.0224 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/09 15:47:25.0287 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/09 15:47:25.0489 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys
2010/12/09 15:47:25.0567 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
2010/12/09 15:47:25.0661 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/09 15:47:25.0708 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/12/09 15:47:25.0786 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/09 15:47:25.0848 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2010/12/09 15:47:25.0911 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/12/09 15:47:25.0989 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/09 15:47:26.0067 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/12/09 15:47:26.0160 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/12/09 15:47:26.0238 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/12/09 15:47:26.0316 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/12/09 15:47:26.0363 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/09 15:47:26.0425 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2010/12/09 15:47:26.0488 usbbus (5353218b3265e3b8190335059f697a11) C:\Windows\system32\DRIVERS\lgusbbus.sys
2010/12/09 15:47:26.0597 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/09 15:47:26.0659 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/12/09 15:47:26.0722 UsbDiag (7dd3eefc62a1ef44e5f940fa651ed9ed) C:\Windows\system32\DRIVERS\lgusbdiag.sys
2010/12/09 15:47:26.0800 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/09 15:47:26.0862 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/09 15:47:26.0940 USBModem (083031a78822eccbd7510bccd3e20d4c) C:\Windows\system32\DRIVERS\lgusbmodem.sys
2010/12/09 15:47:27.0018 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/12/09 15:47:27.0096 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/09 15:47:27.0190 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/12/09 15:47:27.0299 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/09 15:47:27.0346 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/09 15:47:27.0424 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2010/12/09 15:47:27.0455 UVCFTR (8c5094a8ab24de7496c7c19942f2df04) C:\Windows\system32\Drivers\UVCFTR_S.SYS
2010/12/09 15:47:27.0533 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/09 15:47:27.0611 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/12/09 15:47:27.0658 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/12/09 15:47:27.0736 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/12/09 15:47:27.0829 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/12/09 15:47:27.0876 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/12/09 15:47:27.0954 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/12/09 15:47:28.0032 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/12/09 15:47:28.0095 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/12/09 15:47:28.0188 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/12/09 15:47:28.0251 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/09 15:47:28.0282 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/09 15:47:28.0375 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/12/09 15:47:28.0438 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/09 15:47:28.0594 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2010/12/09 15:47:28.0703 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/12/09 15:47:28.0797 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/09 15:47:28.0890 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
2010/12/09 15:47:28.0999 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/09 15:47:29.0093 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/09 15:47:29.0093 ================================================================================
2010/12/09 15:47:29.0093 Scan finished
2010/12/09 15:47:29.0093 ================================================================================
2010/12/09 15:47:29.0109 Detected object count: 2
2010/12/09 15:47:44.0365 Locked file(sptd) - User select action: Skip
2010/12/09 15:47:44.0381 \HardDisk0 - will be cured after reboot
2010/12/09 15:47:44.0381 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/12/09 15:47:53.0023 Deinitialize success

 

[Broni]

Good
How is redirection?

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[across151]

redirect issue's gone, thank you.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: INSYDE
System Manufacturer: TOSHIBA
System Product Name: Satellite A305
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 166):
0x82250000 \SystemRoot\system32\ntkrnlpa.exe
0x8221D000 \SystemRoot\system32\hal.dll
0x80407000 \SystemRoot\system32\kdcom.dll
0x8040E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047E000 \SystemRoot\system32\PSHED.dll
0x8048F000 \SystemRoot\system32\BOOTVID.dll
0x80497000 \SystemRoot\system32\CLFS.SYS
0x804D8000 \SystemRoot\system32\CI.dll
0x80609000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80685000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80692000 \SystemRoot\System32\Drivers\spyz.sys
0x80785000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8078E000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x807B4000 \SystemRoot\system32\drivers\acpi.sys
0x80600000 \SystemRoot\system32\drivers\msisadrv.sys
0x805B8000 \SystemRoot\system32\drivers\pci.sys
0x805DF000 \SystemRoot\System32\drivers\partmgr.sys
0x807FA000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x805EE000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x82C02000 \SystemRoot\system32\drivers\volmgr.sys
0x82C11000 \SystemRoot\System32\drivers\volmgrx.sys
0x82C5B000 \SystemRoot\system32\drivers\intelide.sys
0x82C62000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x82C70000 \SystemRoot\System32\drivers\mountmgr.sys
0x82C80000 \SystemRoot\system32\drivers\atapi.sys
0x82C88000 \SystemRoot\system32\drivers\ataport.SYS
0x82CA6000 \SystemRoot\system32\drivers\msahci.sys
0x82CB0000 \SystemRoot\system32\drivers\fltmgr.sys
0x82CE2000 \SystemRoot\system32\drivers\fileinfo.sys
0x82CF2000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82CFB000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82E0B000 \SystemRoot\system32\drivers\ndis.sys
0x82F16000 \SystemRoot\system32\drivers\msrpc.sys
0x82F41000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A60A000 \SystemRoot\System32\drivers\tcpip.sys
0x8A6F4000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A80E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A91E000 \SystemRoot\system32\drivers\volsnap.sys
0x8A957000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x8A95C000 \SystemRoot\system32\DRIVERS\tos_sps32.sys
0x8A9A7000 \SystemRoot\System32\Drivers\spldr.sys
0x8A9AF000 \SystemRoot\System32\Drivers\mup.sys
0x8A9BE000 \SystemRoot\System32\drivers\ecache.sys
0x8A9E5000 \SystemRoot\system32\drivers\disk.sys
0x8A70F000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A9F6000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A745000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A750000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8A759000 \SystemRoot\system32\DRIVERS\FwLnk.sys
0x8A761000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8A770000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8E207000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8E6AB000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8E74C000 \SystemRoot\System32\drivers\watchdog.sys
0x8E758000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E7E5000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8A774000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8E7F0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8A7B2000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8EA08000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x8EDC9000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8EDD8000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x82F7C000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8EDEC000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8A7F3000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x82FCD000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8EA00000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x82E00000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8EA02000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x82D6C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8E200000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x82DA5000 \SystemRoot\System32\Drivers\ks.sys
0x8EE08000 \SystemRoot\System32\Drivers\azor3w8m.SYS
0x8EE41000 \SystemRoot\system32\DRIVERS\Epfwndis.sys
0x8EE4C000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8EE7B000 \SystemRoot\system32\DRIVERS\storport.sys
0x8EEBC000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8EEC7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8EEDE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8EEE9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8EF0C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8EF1B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8EF2F000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8EF44000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8EF54000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8EF56000 \SystemRoot\system32\DRIVERS\NWADIenum.sys
0x8EF8A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8EF94000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8EFA1000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8EFD6000 \SystemRoot\system32\drivers\RtHDMIV.sys
0x82DCF000 \SystemRoot\system32\drivers\portcls.sys
0x90009000 \SystemRoot\system32\drivers\drmk.sys
0x90600000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x9002E000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x9014A000 \SystemRoot\system32\drivers\modem.sys
0x90157000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x907F7000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
0x907F8000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0x90168000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x907F9000 \SystemRoot\System32\Drivers\Null.SYS
0x90171000 \SystemRoot\System32\Drivers\Beep.SYS
0x90178000 \SystemRoot\system32\DRIVERS\ehdrv.sys
0x90194000 \SystemRoot\System32\drivers\vga.sys
0x901A0000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x901C1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x901C9000 \SystemRoot\system32\drivers\rdpencdd.sys
0x901D1000 \SystemRoot\System32\Drivers\Msfs.SYS
0x901DC000 \SystemRoot\System32\Drivers\Npfs.SYS
0x901EA000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x82D84000 \SystemRoot\system32\DRIVERS\tdx.sys
0x90A0C000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0x90A3A000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x90A5F000 \SystemRoot\system32\DRIVERS\smb.sys
0x90A73000 \SystemRoot\system32\drivers\afd.sys
0x90ABB000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90AED000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x90AF6000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90B0C000 \SystemRoot\system32\DRIVERS\netbios.sys
0x90B1A000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90B2D000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0x90B37000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90B73000 \SystemRoot\System32\Drivers\PQNTDrv.SYS
0x90B74000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90B7E000 \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20090625.001\IDSvix86.sys
0x91002000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x91060000 \SystemRoot\System32\Drivers\dfsc.sys
0x91077000 \SystemRoot\System32\Drivers\crashdmp.sys
0x91084000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x9108F000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x91099000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x910B0000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x910B9000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x910C9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x910D0000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x98EB0000 \SystemRoot\System32\win32k.sys
0x910D8000 \SystemRoot\System32\drivers\Dxapi.sys
0x910E2000 \SystemRoot\system32\DRIVERS\monitor.sys
0x990D0000 \SystemRoot\System32\TSDDD.dll
0x990F0000 \SystemRoot\System32\cdd.dll
0x910F1000 \SystemRoot\system32\DRIVERS\eamon.sys
0x911AD000 \SystemRoot\system32\DRIVERS\epfw.sys
0x9C202000 \SystemRoot\system32\drivers\spsys.sys
0x9C2B2000 \SystemRoot\system32\DRIVERS\RMCAST.sys
0x9C2E2000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9C2F2000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9C31C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9C326000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9C339000 \SystemRoot\system32\drivers\HTTP.sys
0x9C3A6000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9C3C3000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9C3DC000 \SystemRoot\System32\drivers\mpsdrv.sys
0x911D0000 \SystemRoot\system32\drivers\mrxdav.sys
0x90BC4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9EA0B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9EA44000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9EA5C000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9EA84000 \SystemRoot\System32\DRIVERS\srv.sys
0x9EAD2000 \SystemRoot\system32\DRIVERS\epfwwfp.sys
0x9EAE0000 \SystemRoot\system32\drivers\peauth.sys
0x9EBBE000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9EBCA000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9EBE0000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x90BE3000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x9C3F1000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x77B50000 \Windows\System32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll

Processes (total 55):
0 System Idle Process
4 System
572 C:\Windows\System32\smss.exe
644 csrss.exe
704 C:\Windows\System32\wininit.exe
716 csrss.exe
748 C:\Windows\System32\services.exe
776 C:\Windows\System32\winlogon.exe
792 C:\Windows\System32\lsass.exe
804 C:\Windows\System32\lsm.exe
968 C:\Windows\System32\svchost.exe
1008 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
1052 C:\Windows\System32\svchost.exe
1104 C:\Windows\System32\svchost.exe
1160 C:\Windows\System32\svchost.exe
1188 C:\Windows\System32\svchost.exe
1204 C:\Windows\System32\svchost.exe
1292 C:\Windows\System32\audiodg.exe
1328 C:\Windows\System32\svchost.exe
1344 C:\Windows\System32\SLsvc.exe
1400 C:\Windows\System32\svchost.exe
1592 C:\Windows\System32\svchost.exe
1900 C:\Windows\System32\spoolsv.exe
1952 C:\Windows\System32\svchost.exe
2032 C:\Windows\System32\dwm.exe
204 C:\Windows\explorer.exe
428 C:\Windows\System32\taskeng.exe
1492 C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
1688 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1988 C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
2228 C:\Windows\System32\taskeng.exe
2268 C:\Program Files\ESET\ESET Smart Security\ekrn.exe
2344 C:\Program Files\Windows Defender\MSASCui.exe
2392 C:\Windows\System32\PnkBstrA.exe
2420 C:\Windows\System32\svchost.exe
2448 C:\Windows\System32\svchost.exe
2500 C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
2664 C:\Windows\System32\svchost.exe
2740 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2944 C:\Windows\System32\SearchIndexer.exe
3056 C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
3124 C:\Program Files\ESET\ESET Smart Security\egui.exe
3160 C:\Windows\ehome\ehtray.exe
3172 C:\Program Files\Windows Media Player\wmpnscfg.exe
3352 C:\Windows\ehome\ehmsas.exe
3624 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3740 C:\Program Files\Windows Media Player\wmpnetwk.exe
4080 C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
1532 dllhost.exe
3980 C:\Program Files\Windows Media Player\wmpnscfg.exe
3412 C:\Windows\System32\wuauclt.exe
2736 C:\Program Files\iPod\bin\iPodService.exe
5008 C:\Program Files\Mozilla Firefox\firefox.exe
3860 C:\Program Files\Mozilla Firefox\plugin-container.exe
1368 C:\Users\Default.Default-PC\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHZ2320BHG1, Rev: 0040020C

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61


Done!



ComboFix 10-12-08.04 - Default 12/09/2010 23:35:29.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1972 [GMT -5:00]
Running from: c:\users\Default.Default-PC\Downloads\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
SP: Norton 360 *disabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Default.Default-PC\AppData\Local\{3BAD1186-0B92-489D-A9A2-81E73CD607BC}
c:\users\Default.Default-PC\AppData\Local\{3BAD1186-0B92-489D-A9A2-81E73CD607BC}\chrome\content\overlay.xul
c:\users\Default.Default-PC\AppData\Local\{3BAD1186-0B92-489D-A9A2-81E73CD607BC}\install.rdf
c:\users\Default.Default-PC\AppData\Roaming\Adobe\AdobeUpdate .exe
c:\users\Default.Default-PC\AppData\Roaming\Adobe\plugs
c:\users\Default.Default-PC\AppData\Roaming\Microsoft\Windows\Recent\Half-Life 2.url
c:\windows\system32\11478.exe
c:\windows\system32\15724.exe
c:\windows\system32\18467.exe
c:\windows\system32\19169.exe
c:\windows\system32\24464.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\29358.exe
c:\windows\system32\5705.exe
c:\windows\system32\6334.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy__VOIDXXQIUVICII
-------\Service__VOIDxxqiuvicii
-------\Service_Ias


((((((((((((((((((((((((( Files Created from 2010-11-10 to 2010-12-10 )))))))))))))))))))))))))))))))
.

2010-12-10 04:41 . 2010-12-10 04:44 -------- d-----w- c:\users\Default.Default-PC\AppData\Local\temp
2010-12-10 04:41 . 2010-12-10 04:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-10 01:48 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1EB5788-6C0C-4149-9951-E4371AF75F55}\mpengine.dll
2010-12-09 00:37 . 2010-12-09 00:37 -------- d-----w- c:\users\Default.Default-PC\DoctorWeb
2010-12-08 22:27 . 2010-12-08 22:27 48640 ---ha-w- c:\windows\system32\cselntui.dll
2010-12-08 20:57 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-08 20:57 . 2010-12-08 20:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-08 20:57 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-08 20:15 . 2010-12-08 20:15 0 ----a-w- c:\users\Default.Default-PC\AppData\Local\Bcizusevihe.bin
2010-11-24 13:49 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-23 23:28 . 2010-11-23 23:28 -------- d-----w- c:\users\Default.Default-PC\AppData\Local\FalloutNV
2010-11-17 23:09 . 2010-11-17 23:09 -------- d-----w- c:\program files\iPod
2010-11-17 23:08 . 2010-11-17 23:11 -------- d-----w- c:\program files\iTunes
2010-11-10 21:46 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-08 20:54 . 2010-04-03 04:17 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-12-04 19:12 . 2009-06-11 02:50 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-12-04 19:12 . 2009-06-11 04:28 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-12-04 19:12 . 2009-06-11 02:50 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-12-04 19:12 . 2009-06-11 02:50 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2010-12-03 01:44 . 2009-06-11 02:50 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-11-17 22:05 . 2009-08-18 16:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2010-11-17 22:05 . 2009-08-18 16:24 17816 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2010-10-26 02:06 . 2009-08-29 20:00 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-10-19 15:41 . 2009-10-21 15:49 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-14 06:36 . 2010-10-14 06:36 15451288 ----a-w- c:\windows\system32\xlive.dll
2010-10-14 06:36 . 2010-10-14 06:36 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2010-09-28 20:44 . 2010-09-28 20:44 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-09-28 20:44 . 2010-09-28 20:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-13 13:56 . 2010-10-13 23:09 8147456 ----a-w- c:\windows\system32\wmploc.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NDSTray.exe"="NDSTray.exe" [BU]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\startupfolder\C:^Users^Default.Default-PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\Default.Default-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Default.Default-PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^QiGO Discovery Agent.lnk]
path=c:\users\Default.Default-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QiGO Discovery Agent.lnk
backup=c:\windows\pss\QiGO Discovery Agent.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-17 06:24 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2008-09-26 18:22 417792 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2007-01-10 05:59 115816 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-02-14 19:08 184320 ----a-w- c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2006-12-11 15:11 82864 ----a-w- c:\program files\Lexmark 2400 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-02-13 02:51 1862144 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-11 05:40 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCRCATS]
2006-11-21 16:27 106496 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\lxcrtime.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcrmon.exe]
2006-12-11 15:11 291760 ----a-w- c:\program files\Lexmark 2400 Series\lxcrmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 03:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMAgent]
2007-12-14 03:52 143360 ----a-w- c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-01-30 01:51 4911104 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 18:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 19:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-09-19 19:41 1242448 ----a-w- c:\program files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
2008-01-29 22:38 583048 ----a-w- c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-08-14 15:40 1348904 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-09-28 21:55 328056 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-07-12 16:32 74752 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil.sys [2007-09-06 13824]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2007-10-12 99200]
R3 SQTECH9051;DB VGA Cam;c:\windows\system32\Drivers\Capt9051.sys [2008-02-14 41216]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2007-01-09 38200]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
R4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R4 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-02 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20090625.001\IDSvix86.sys [2009-05-28 272432]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-02-06 727720]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-02-06 38240]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Default.Default-PC\AppData\Roaming\Mozilla\Firefox\Profiles\5tq1v4q7.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Skype extension for Firefox: {B13721C7-F507-4982-B2E5-502A71474FED} - c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\users\Default.Default-PC\AppData\Roaming\Mozilla\Firefox\Profiles\5tq1v4q7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\Default.Default-PC\AppData\Roaming\Mozilla\Firefox\Profiles\5tq1v4q7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - c:\users\Default.Default-PC\AppData\Roaming\Mozilla\Firefox\Profiles\5tq1v4q7.default\extensions\battlefieldheroespatcher@ea.com
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
MSConfigStartUp-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSConfigStartUp-diledevibe - zosusewa.dll
MSConfigStartUp-Google Update - c:\users\Default.Default-PC\AppData\Local\Google\Update\GoogleUpdate.exe
MSConfigStartUp-ITSecMng - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
MSConfigStartUp-mplay32xe - c:\users\DEFAUL~1.DEF\AppData\Local\Temp\mplay32xe.exe
MSConfigStartUp-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-TOSCDSPD - TOSCDSPD.EXE
MSConfigStartUp-Your Protection - c:\program files\Your Protection\urpprot.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Default.Default-PC\AppData\Roaming\Macromedia\Flash Player\



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-09 23:45
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3577462695-2815796255-52762183-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ae,25,c7,8c,59,96,dd,88,07,c6,19,a9,2d,cf,2c,1f,04,e9,8e,c1,55,ca,90,
57,27,c0,b9,0c,65,ea,ff,54,3a,0a,90,50,16,aa,74,18,cf,7a,a5,b1,09,93,78,31,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-3577462695-2815796255-52762183-1000\Software\SecuROM\License information*]
"datasecu"=hex:bb,7b,ee,7b,57,36,b1,ad,8a,c5,df,d0,93,69,0f,82,2e,76,01,74,a4,
7c,a5,1f,13,5d,45,47,65,7c,6f,24,e5,e6,b8,39,52,a2,ef,f7,8d,33,2f,97,78,ca,\
"rkeysecu"=hex:74,26,ca,e4,f6,4d,93,0c,35,af,4d,7d,3f,b8,04,28

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Toshiba\Power Saver\TPwrMain.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hitman Pro 3.5\djfkdjsf.exe
c:\program files\Toshiba\ConfigFree\CFSwMgr.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2010-12-09 23:50:40 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-10 04:50

Pre-Run: 39,916,163,072 bytes free
Post-Run: 39,531,044,864 bytes free

- - End Of File - - C35005661DC385B47EA5AB4B14F2EB45

 

[Broni]

Good news

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\users\Default.Default-PC\AppData\Local\Bcizusevihe.bin
:\windows\system32\DRIVERS\epfwwfp.sys


Folder::
c:\program files\ESET


Driver::
ekrn
epfwwfp

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[across151]

Combofix deleted my antivirus, should i reinstall or just leave it?







ComboFix 10-12-09.04 - Default 12/10/2010 16:18:54.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1954 [GMT -5:00]
Running from: c:\users\Default.Default-PC\Downloads\ComboFix.exe
Command switches used :: c:\users\Default.Default-PC\Downloads\CFScript.txt
AV: Norton 360 *On-access scanning disabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
SP: Norton 360 *disabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\Default.Default-PC\AppData\Local\Bcizusevihe.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ESET\ESET Smart Security\Drivers\eamon\eamon.cat
c:\program files\ESET\ESET Smart Security\Drivers\eamon\eamon.inf
c:\program files\ESET\ESET Smart Security\Drivers\eamon\eamon.sys
c:\program files\ESET\ESET Smart Security\Drivers\ehdrv\ehdrv.cat
c:\program files\ESET\ESET Smart Security\Drivers\ehdrv\ehdrv.inf
c:\program files\ESET\ESET Smart Security\Drivers\ehdrv\ehdrv.sys
c:\program files\ESET\ESET Smart Security\Drivers\epfw\epfw.cat
c:\program files\ESET\ESET Smart Security\Drivers\epfw\epfw.inf
c:\program files\ESET\ESET Smart Security\Drivers\epfw\epfw.sys
c:\program files\ESET\ESET Smart Security\Drivers\epfwndis\epfwnd_m.inf
c:\program files\ESET\ESET Smart Security\Drivers\epfwndis\epfwndis.cat
c:\program files\ESET\ESET Smart Security\Drivers\epfwndis\epfwndis.inf
c:\program files\ESET\ESET Smart Security\Drivers\epfwndis\epfwndis.sys
c:\program files\ESET\ESET Smart Security\Drivers\epfwwfp\epfwwfp.cat
c:\program files\ESET\ESET Smart Security\Drivers\epfwwfp\EpfwWfp.inf
c:\program files\ESET\ESET Smart Security\Drivers\epfwwfp\EpfwWfp.sys
c:\program files\ESET\ESET Smart Security\mod_comp.dat
c:\program files\ESET\ESET Smart Security\Mozilla Thunderbird\chrome.manifest
c:\users\Default.Default-PC\AppData\Local\Bcizusevihe.bin
c:\program files\ESET . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\callmsi.exe . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\DMON.dll . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\ecls.exe . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\ecmd.exe . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\eeclnt.exe . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\egui.exe . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\eguiAmon.dll . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\eguiDmon.dll . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\eguiEmon.dll . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\eguiEpfw.dll . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\eguiMailPlugins.dll . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\eguiProduct.dll . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\eguiScan.dll . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\eguiSmon.dll . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\eguiUpdate.dll . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\EHttpSrv.exe . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\ekrn.exe . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\ekrnAmon.dll . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\ekrnDmon.dll . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\ekrnEmon.dll . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\ekrnEpfw.dll . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\ekrnMailPlugins.dll . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\ekrnScan.dll . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\ekrnSmon.dll . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\ekrnSmonEngine.dll . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\ekrnUpdate.dll . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\em000_32.dat . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\em001_32.dat . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\em002_32.dat . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\em003_32.dat . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\em004_32.dat . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\em005_32.dat . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\em006_32.dat . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\em008_32.dat . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\em009_32.dat . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\em010_32.dat . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\em013_32.dat . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\eplgHooks.dll . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\eplgOE.dll . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\eplgOEEmon.dll . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\eplgOESmon.dll . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\eplgOutlook.dll . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\eplgOutlookEmon.dll . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\eplgOutlookSmon.dll . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\eplgTbEmon.dll . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\eplgTbSmon.dll . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\eset.chm . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\eula.rtf . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\http_dll.dll . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\mfc80.dll . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\mfc80u.dll . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\Microsoft.VC80.CRT.manifest . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\Microsoft.VC80.MFC.manifest . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\Microsoft.VC80.MFCLOC.manifest . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\Mozilla Thunderbird\Components\eplgTb.dll . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\Mozilla Thunderbird\Components\eplgTb.xpt . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\Mozilla Thunderbird\install.rdf . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\msvcp80.dll . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\msvcr80.dll . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\PPESET.dll . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\PPEset.inf . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\shellExt.dll . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\SysInspector.exe . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\SysRescue.exe . . . . Failed to delete
c:\program files\ESET\ESET Smart Security\updater.dll . . . . Failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EPFWWFP
-------\Service_ekrn
-------\Service_epfwwfp
-------\Service_monitor
-------\Service_EhttpSrv
-------\Service_EhttpSrv


((((((((((((((((((((((((( Files Created from 2010-11-10 to 2010-12-10 )))))))))))))))))))))))))))))))
.

2010-12-10 21:25 . 2010-12-10 21:29 -------- d-----w- c:\users\Default.Default-PC\AppData\Local\temp
2010-12-10 01:48 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1EB5788-6C0C-4149-9951-E4371AF75F55}\mpengine.dll
2010-12-09 00:37 . 2010-12-09 00:37 -------- d-----w- c:\users\Default.Default-PC\DoctorWeb
2010-12-08 22:27 . 2010-12-08 22:27 48640 ---ha-w- c:\windows\system32\cselntui.dll
2010-12-08 20:57 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-08 20:57 . 2010-12-08 20:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-08 20:57 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-24 13:49 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-23 23:28 . 2010-11-23 23:28 -------- d-----w- c:\users\Default.Default-PC\AppData\Local\FalloutNV
2010-11-17 23:09 . 2010-11-17 23:09 -------- d-----w- c:\program files\iPod
2010-11-17 23:08 . 2010-11-17 23:11 -------- d-----w- c:\program files\iTunes
2010-11-10 21:46 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-10 21:11 . 2010-04-03 04:17 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-12-04 19:12 . 2009-06-11 02:50 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-12-04 19:12 . 2009-06-11 04:28 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-12-04 19:12 . 2009-06-11 02:50 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-12-04 19:12 . 2009-06-11 02:50 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2010-12-03 01:44 . 2009-06-11 02:50 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-11-17 22:05 . 2009-08-18 16:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2010-11-17 22:05 . 2009-08-18 16:24 17816 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2010-10-26 02:06 . 2009-08-29 20:00 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-10-19 15:41 . 2009-10-21 15:49 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-14 06:36 . 2010-10-14 06:36 15451288 ----a-w- c:\windows\system32\xlive.dll
2010-10-14 06:36 . 2010-10-14 06:36 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2010-09-28 20:44 . 2010-09-28 20:44 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-09-28 20:44 . 2010-09-28 20:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-13 13:56 . 2010-10-13 23:09 8147456 ----a-w- c:\windows\system32\wmploc.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NDSTray.exe"="NDSTray.exe" [BU]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-12-10 2021400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\startupfolder\C:^Users^Default.Default-PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\Default.Default-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Default.Default-PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^QiGO Discovery Agent.lnk]
path=c:\users\Default.Default-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QiGO Discovery Agent.lnk
backup=c:\windows\pss\QiGO Discovery Agent.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-17 06:24 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2008-09-26 18:22 417792 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2007-01-10 05:59 115816 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-02-14 19:08 184320 ----a-w- c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2006-12-11 15:11 82864 ----a-w- c:\program files\Lexmark 2400 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-02-13 02:51 1862144 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-11 05:40 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCRCATS]
2006-11-21 16:27 106496 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\lxcrtime.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcrmon.exe]
2006-12-11 15:11 291760 ----a-w- c:\program files\Lexmark 2400 Series\lxcrmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 03:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMAgent]
2007-12-14 03:52 143360 ----a-w- c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-01-30 01:51 4911104 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 18:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 19:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-09-19 19:41 1242448 ----a-w- c:\program files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
2008-01-29 22:38 583048 ----a-w- c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-08-14 15:40 1348904 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-09-28 21:55 328056 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-07-12 16:32 74752 ----a-w- c:\program files\Winamp\winampa.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil.sys [2007-09-06 13824]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2007-10-12 99200]
R3 SQTECH9051;DB VGA Cam;c:\windows\system32\Drivers\Capt9051.sys [2008-02-14 41216]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2007-01-09 38200]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
R4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R4 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-02 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20090625.001\IDSvix86.sys [2009-05-28 272432]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Default.Default-PC\AppData\Roaming\Mozilla\Firefox\Profiles\5tq1v4q7.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Skype extension for Firefox: {B13721C7-F507-4982-B2E5-502A71474FED} - c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\users\Default.Default-PC\AppData\Roaming\Mozilla\Firefox\Profiles\5tq1v4q7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\Default.Default-PC\AppData\Roaming\Mozilla\Firefox\Profiles\5tq1v4q7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - c:\users\Default.Default-PC\AppData\Roaming\Mozilla\Firefox\Profiles\5tq1v4q7.default\extensions\battlefieldheroespatcher@ea.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-10 16:29
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3577462695-2815796255-52762183-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ae,25,c7,8c,59,96,dd,88,07,c6,19,a9,2d,cf,2c,1f,04,e9,8e,c1,55,ca,90,
57,27,c0,b9,0c,65,ea,ff,54,3a,0a,90,50,16,aa,74,18,cf,7a,a5,b1,09,93,78,31,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-3577462695-2815796255-52762183-1000\Software\SecuROM\License information*]
"datasecu"=hex:bb,7b,ee,7b,57,36,b1,ad,8a,c5,df,d0,93,69,0f,82,2e,76,01,74,a4,
7c,a5,1f,13,5d,45,47,65,7c,6f,24,e5,e6,b8,39,52,a2,ef,f7,8d,33,2f,97,78,ca,\
"rkeysecu"=hex:74,26,ca,e4,f6,4d,93,0c,35,af,4d,7d,3f,b8,04,28

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Toshiba\ConfigFree\CFSwMgr.exe
c:\windows\system32\WerCon.exe
.
**************************************************************************
.
Completion time: 2010-12-10 16:34:58 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-10 21:34
ComboFix2.txt 2010-12-10 04:50

Pre-Run: 39,466,622,976 bytes free
Post-Run: 39,344,390,144 bytes free

- - End Of File - - 61BCFF3C458072DD214A5FAFAC892C4E

 

[Broni]

Combofix deleted my antivirus, should i reinstall or just leave it?

That would be my fault, I guess.
I assumed, Norton was your AV program.
If it's Eset, please reinstall it and run Norton Removal Tool: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN
I apologize for my mistake

Combofix log looks good.

How is computer doing?

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[across151]

ok now i cant download anything, i tried downloading OTL over firefox and IE, it didnt appear where it was supposed to be saved, when i checked the download history on firefox, it appeared to be downloaded but when i right clicked the file to open, the options are greyed out.

also i cant reinstall my antivirus because combofix didnt delete everything in the ESET folder, whenever i try to reinstall, it gives out an error saying i need permission to delete the files even though my account is an administrator

 

[Broni]

Try to run Eset removal tool: http://www.nod32.nl/download/tool/nod32removal.exe

 

[across151]

same result as when i tried to download OTL, it wasn't where it was supposed to be saved, tried to download it from internet explorer too and clicked the "run" option but still nothing. i tried to use Search but the files weren't found

 

[Broni]

Download needed files on another working computer and move them to THIS computer using USB flash drive.

 

[across151]

eset removal tool did not work, an error box popped up and nothing happened. OTL worked though. Extras.txt didnt pop up
Error box:

i clicked yes because 'no' didnt seem to do anything. This appeared afterwards.

OTL Log Part 1

OTL logfile created on: 12/12/2010 6:01:04 PM - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Default.Default-PC\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 290.26 Gb Total Space | 30.38 Gb Free Space | 10.47% Space Free | Partition Type: NTFS

Computer Name: DEFAULT-PC | User Name: Default | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/12 17:27:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Default.Default-PC\Desktop\OTL.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/17 18:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2008/01/09 17:02:08 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2007/12/25 16:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2007/12/25 16:06:52 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe


========== Modules (SafeList) ==========

MOD - [2010/12/12 17:27:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Default.Default-PC\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Windows\System32\FastUv32.dll -- (FastUserSwitchingCompatibility)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/15 15:07:16 | 000,025,832 | ---- | M] (BioWare) [Disabled | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/06/11 02:27:33 | 001,251,720 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/02/12 21:51:41 | 001,862,144 | ---- | M] (Google) [Disabled | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/21 18:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 18:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/12/25 16:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/12/12 16:08:46 | 000,155,648 | ---- | M] (Sprint Spectrum, L.L.C) [Disabled | Stopped] -- C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe -- (OSCM Utility Service)
SRV - [2007/12/03 19:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 19:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/10/23 19:27:16 | 000,066,928 | ---- | M] () [Disabled | Stopped] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/09/28 19:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/09/24 20:38:00 | 000,181,784 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/09/12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/01/25 21:47:50 | 000,136,816 | ---- | M] () [Disabled | Stopped] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
SRV - [2007/01/12 22:40:58 | 000,049,248 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/01/10 00:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2007/01/10 00:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007/01/10 00:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/01/10 00:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/12/11 10:12:06 | 000,537,520 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\System32\lxcrcoms.exe -- (lxcr_device)
SRV - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005/11/14 04:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090702.005\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090702.005\NAVENG.SYS -- (NAVENG)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\DEFAUL~1.DEF\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/06/23 08:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/02/02 15:20:43 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/06/11 02:29:41 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/05/27 23:13:24 | 000,272,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20090625.001\IDSvix86.sys -- (IDSvix86)
DRV - [2009/05/13 08:23:24 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/04/10 23:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2009/02/06 14:24:22 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009/02/06 14:24:18 | 000,130,952 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2009/02/06 14:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/02/06 14:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2008/11/17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/08/14 10:40:40 | 000,203,312 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/02/14 18:01:06 | 000,041,216 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Capt9051.sys -- (SQTECH9051)
DRV - [2008/01/30 18:24:00 | 003,483,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/01/30 13:34:20 | 002,058,528 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/21 17:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 000,052,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msdv.sys -- (MSDV)
DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:23 | 000,045,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\61883.sys -- (61883)
DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008/01/20 21:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:20 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc.sys -- (Avc)
DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/17 13:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/11/30 23:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/11/30 23:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/11/30 23:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/11/09 16:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/12 17:04:38 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2007/10/12 17:04:38 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2007/10/12 17:04:38 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2007/09/06 16:30:28 | 000,013,824 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2007/09/06 16:30:24 | 000,194,048 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2007/06/02 13:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2007/05/14 12:10:02 | 000,135,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2007/04/19 11:09:42 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2007/04/14 02:49:32 | 000,418,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/03/22 01:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 17:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 19:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/09 17:32:14 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/01/09 17:32:14 | 000,145,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2007/01/09 17:32:14 | 000,040,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2007/01/09 17:32:14 | 000,038,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2007/01/09 17:32:14 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/01/09 17:32:14 | 000,012,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2006/11/28 17:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 17:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/10/23 19:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/18 13:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/04 21:42:42 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/10/04 21:42:42 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/06/24 17:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 10:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 10:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2004/07/29 13:14:22 | 000,091,577 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\P0620Vid.sys -- (PD0620VID)
DRV - [2002/09/16 16:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\PQNTDRV.sys -- (PQNTDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial"
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/11 10:07:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/11 10:07:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/12/11 10:53:41 | 000,000,000 | ---D | M]

[2009/07/27 13:16:32 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Extensions
[2009/07/27 13:16:32 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/12/12 14:41:12 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\5tq1v4q7.default\extensions
[2009/06/24 23:13:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\5tq1v4q7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/13 23:38:32 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\5tq1v4q7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/10/21 15:45:38 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\mozilla\Firefox\Profiles\5tq1v4q7.default\extensions\battlefieldheroespatcher@ea.com
[2010/12/12 18:00:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/12 11:12:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/12 11:12:17 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/12 11:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/12/10 16:29:04 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [NDSTray.exe] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\toshiba_1920x1200-3.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\toshiba_1920x1200-3.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - C:\Windows\System32\FastUv32.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.I420 - msh263.drv File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/12/12 17:30:26 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Default.Default-PC\Desktop\OTL.exe
[2010/12/10 16:35:00 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Local\temp
[2010/12/10 16:29:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/12/10 16:25:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/12/10 16:15:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/12/09 23:34:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/12/09 23:34:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/12/09 23:34:04 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/12/09 23:34:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/09 23:33:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/08 19:37:47 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\DoctorWeb
[2010/12/08 15:57:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/08 15:57:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/08 15:57:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/23 18:28:20 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-PC\AppData\Local\FalloutNV
[2010/11/18 16:47:51 | 000,000,000 | ---D | C] -- C:\WCamInst
[2010/11/17 18:09:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/11/17 18:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/09/12 18:15:04 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCRhcp.dll
[2006/11/06 15:37:46 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcrpmui.dll
[2006/11/06 15:35:50 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxcrserv.dll
[2006/11/06 15:28:08 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcrcomm.dll
[2006/11/06 15:26:14 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcrlmpm.dll
[2006/11/06 15:24:44 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcriesc.dll
[2006/11/06 15:21:48 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcrpplc.dll
[2006/11/06 15:20:48 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcrcomc.dll
[2006/11/06 15:20:14 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcrprox.dll
[2006/11/06 15:12:44 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcrinpa.dll
[2006/11/06 15:11:58 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxcrusb1.dll

========== Files - Modified Within 30 Days ==========

[2010/12/12 17:54:20 | 000,015,716 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\lel.jpg
[2010/12/12 17:53:57 | 000,010,052 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\lelel.jpg
[2010/12/12 17:30:32 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/12 17:30:32 | 000,105,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/12 17:28:48 | 000,181,156 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\nod32removal.exe
[2010/12/12 17:27:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Default.Default-PC\Desktop\OTL.exe
[2010/12/12 16:06:01 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/12 16:06:01 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/12 15:10:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/12 14:41:05 | 000,151,140 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\Untitled.jpg
[2010/12/10 18:29:58 | 000,138,160 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/12/10 18:29:51 | 000,271,200 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010/12/10 18:29:47 | 000,271,200 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2010/12/10 16:29:04 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/12/10 16:11:46 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/12/09 22:46:14 | 000,049,664 | ---- | M] () -- C:\Users\Default.Default-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/08 19:19:17 | 000,001,753 | ---- | M] () -- C:\Users\Default.Default-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/08 17:27:23 | 000,048,640 | -H-- | M] () -- C:\Windows\System32\cselntui.dll
[2010/12/08 16:00:37 | 000,001,753 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\Mozilla Firefox.lnk
[2010/12/08 15:57:54 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/08 15:15:02 | 000,000,120 | ---- | M] () -- C:\Users\Default.Default-PC\AppData\Local\Htili.dat
[2010/11/30 16:37:21 | 000,013,713 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\fnv.docx
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/27 17:55:18 | 000,001,356 | ---- | M] () -- C:\Users\Default.Default-PC\AppData\Local\d3d9caps.dat
[2010/11/23 23:44:57 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/11/23 17:16:48 | 000,001,665 | ---- | M] () -- C:\Users\Public\Desktop\Fallout New Vegas.lnk
[2010/11/17 18:11:58 | 000,001,675 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/16 20:46:48 | 000,000,815 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/11/12 19:37:04 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\ooVoo.lnk

========== Files Created - No Company Name ==========

[2010/12/12 17:54:20 | 000,015,716 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\lel.jpg
[2010/12/12 17:53:57 | 000,010,052 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\lelel.jpg
[2010/12/12 17:30:26 | 000,181,156 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\nod32removal.exe
[2010/12/11 10:20:28 | 000,151,140 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\Untitled.jpg
[2010/12/09 23:34:04 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/09 23:34:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/09 23:34:04 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/09 23:34:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/09 23:34:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/08 19:19:17 | 000,001,753 | ---- | C] () -- C:\Users\Default.Default-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/08 17:27:23 | 000,048,640 | -H-- | C] () -- C:\Windows\System32\cselntui.dll
[2010/12/08 16:00:37 | 000,001,753 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\Mozilla Firefox.lnk
[2010/12/08 15:57:54 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/08 15:15:02 | 000,000,120 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Local\Htili.dat
[2010/11/30 16:37:20 | 000,013,713 | ---- | C] () -- C:\Users\Default.Default-PC\Desktop\fnv.docx
[2010/11/23 17:16:48 | 000,001,665 | ---- | C] () -- C:\Users\Public\Desktop\Fallout New Vegas.lnk
[2010/11/18 16:47:51 | 000,004,749 | ---- | C] () -- C:\Windows\PD0620.uns
[2010/11/17 18:11:58 | 000,001,675 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/16 20:46:48 | 000,000,815 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/11/04 17:45:30 | 000,000,358 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/10/13 15:40:40 | 000,000,600 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Roaming\winscp.rnd
[2010/04/02 23:17:19 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/01/02 20:14:29 | 000,002,531 | -HS- | C] () -- C:\Windows\System32\tavagato.dll
[2009/12/03 08:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/11/13 17:22:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/24 19:15:55 | 000,032,768 | ---- | C] () -- C:\Windows\System32\mf (2).dll
[2009/09/12 18:15:04 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCRinst.dll
[2009/09/04 12:01:32 | 000,001,356 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Local\d3d9caps.dat
[2009/08/29 16:23:03 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2009/08/29 14:34:33 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/22 12:42:02 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/06/10 21:50:55 | 000,138,160 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/06/10 21:50:54 | 000,022,328 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Roaming\PnkBstrK.sys
[2009/06/10 21:50:31 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2009/06/10 20:20:14 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/06/10 18:22:01 | 000,049,664 | ---- | C] () -- C:\Users\Default.Default-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/08 18:24:28 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009/06/08 18:24:27 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009/06/08 18:24:27 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009/06/08 18:24:27 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2009/06/08 16:52:00 | 000,000,015 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/03/17 22:36:21 | 000,000,006 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2008/02/12 22:07:53 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/02/12 21:43:52 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/02/12 21:43:52 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/02/12 21:43:52 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/02/12 21:43:52 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/02/12 21:43:52 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/02/12 21:43:52 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/02/12 21:09:34 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/01/30 17:30:22 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/01/28 20:01:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/01/28 20:01:06 | 000,471,040 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/01/28 19:53:02 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/01/28 19:53:02 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/01/28 19:53:02 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/01/28 19:52:28 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2007/12/21 19:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/30 10:32:52 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxcrcoin.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/14 15:01:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxcrcaps.dll
[2006/08/08 13:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxcrdrs.dll
[2006/03/23 02:33:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxcrvs.dll
[2006/03/09 12:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/12/20 10:54:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxcrcnv4.dll
[2005/07/23 00:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

 

[across151]

OTL Log Part 2


========== LOP Check ==========

[2010/04/26 15:31:07 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\AnvSoft
[2010/04/15 19:34:58 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\Auslogics
[2010/04/24 22:13:42 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\Bioshock
[2009/08/29 14:39:47 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\DAEMON Tools Lite
[2009/06/10 19:00:36 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\ESET
[2010/12/10 18:50:19 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\foobar2000
[2009/07/30 19:25:32 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\GSC 2.00
[2010/09/19 16:21:20 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\HamsterSoft
[2010/09/18 22:32:42 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\ImTOO
[2010/05/08 11:48:35 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\JAM Software
[2009/06/19 09:28:56 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\Juniper Networks
[2010/10/08 23:46:01 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\LimeWire
[2009/10/01 19:52:15 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\Mattel
[2010/10/17 19:36:51 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\ooVoo Details
[2010/02/22 16:22:50 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\QiGO
[2010/11/09 16:40:39 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\SystemRequirementsLab
[2009/06/13 10:35:18 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\TOSHIBA
[2010/12/06 22:33:36 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\uTorrent
[2009/06/08 17:46:49 | 000,000,000 | ---D | M] -- C:\Users\Default.Default-PC\AppData\Roaming\WinBatch
[2010/12/11 10:54:15 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/02/12 20:37:54 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010/12/10 16:34:58 | 000,025,151 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/01/08 15:54:23 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/03/20 13:45:42 | 000,009,772 | ---- | M] () -- C:\lxcr.log
[2010/01/08 15:54:23 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/12/12 14:05:49 | 3532,713,984 | -HS- | M] () -- C:\pagefile.sys
[2009/06/11 03:58:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/06/11 17:49:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/06/11 18:11:41 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/06/26 18:56:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/06/26 22:08:05 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/06/27 14:29:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/06/27 15:01:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/07/12 22:15:14 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/07/13 02:13:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/07/13 15:16:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/07/13 22:59:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/07/14 06:57:55 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/06/11 03:58:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/06/11 17:49:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/06/11 18:11:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/06/26 18:56:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/06/26 22:08:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/06/27 14:29:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/06/27 15:01:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/07/12 22:15:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/07/13 02:13:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/07/13 15:16:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/07/13 22:59:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/07/14 06:57:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/12/09 15:47:53 | 000,069,304 | ---- | M] () -- C:\TDSSKiller.2.4.11.0_09.12.2010_15.46.52_log.txt
[2010/05/14 15:00:06 | 000,000,077 | ---- | M] () -- C:\wepkeys.txt
[2010/10/19 15:35:04 | 000,224,113 | ---- | M] () -- C:\Windows6.0-KB934374-x86.msu

< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/05/30 09:41:24 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/08/12 09:58:10 | 000,314,880 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpfpp082.dll
[2008/01/20 21:23:14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/11/27 01:50:22 | 000,117,760 | ---- | M] () -- C:\Windows\System32\spool\prtprocs\w32x86\lxcrpp5c.dll
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/02/12 20:37:43 | 012,820,480 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/02/12 20:37:38 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/02/12 20:37:43 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2008/02/12 20:37:50 | 017,186,816 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2008/02/12 20:37:52 | 006,635,520 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/08/23 15:10:47 | 000,000,286 | -HS- | M] () -- C:\Users\Default.Default-PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
< %USERPROFILE%\Desktop\*.exe >
[2010/12/12 17:28:48 | 000,181,156 | ---- | M] () -- C:\Users\Default.Default-PC\Desktop\nod32removal.exe
[2010/12/12 17:27:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Default.Default-PC\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/12/08 19:03:42 | 000,000,307 | ---- | M] () -- C:\Users\Default.Default-PC\Favorites\Computer - Shortcut.lnk
[2009/06/08 16:52:17 | 000,000,402 | -HS- | M] () -- C:\Users\Default.Default-PC\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/11/04 17:47:07 | 000,000,358 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2009/06/22 12:42:02 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Default.Default-PC\Documents\MOV00253.MPG:TOC.WMV
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMPFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

 

[Broni]

First let see, if we can reverse changes made by Combofix to restore your Eset....

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

DEQUARANTINE::
C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\eamon\eamon.cat.vir
C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\eamon\eamon.inf.vir
C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\eamon\eamon.sys.vir
C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\ehdrv\ehdrv.cat.vir
C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\ehdrv\ehdrv.inf.vir
C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\ehdrv\ehdrv.sys.vir
C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\epfw\epfw.cat.vir
C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\epfw\epfw.inf.vir
C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\epfw\epfw.sys.vir
C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\epfwndis\epfwnd_m.inf.vir
C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\epfwndis\epfwndis.cat.vir
C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\epfwndis\epfwndis.inf.vir
C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\epfwndis\epfwndis.sys.vir
C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\epfwwfp\epfwwfp.cat.vir
C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\epfwwfp\EpfwWfp.inf.vir
C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\epfwwfp\EpfwWfp.sys.vir
C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\mod_comp.dat.vir
C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Mozilla Thunderbird\chrome.manifest.vir
QUIT::

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

Make sure, you restart computer and see, if Eset will work.

 

[across151]

Restarted after ComboFix but ESET still doesn't work. Combofix.txt did not appear, only DeQuarantine.txt appeared and here's what it said


C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\eamon\eamon.cat.vir -> c:\program files\ESET\ESET Smart Security\Drivers\eamon\eamon.cat ( 7225 bytes )
C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\eamon\eamon.inf.vir -> c:\program files\ESET\ESET Smart Security\Drivers\eamon\eamon.inf ( 1523 bytes )
C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\eamon\eamon.sys.vir -> c:\program files\ESET\ESET Smart Security\Drivers\eamon\eamon.sys ( 113448 bytes )
C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\ehdrv\ehdrv.cat.vir -> c:\program files\ESET\ESET Smart Security\Drivers\ehdrv\ehdrv.cat ( 7225 bytes )
C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\ehdrv\ehdrv.inf.vir -> c:\program files\ESET\ESET Smart Security\Drivers\ehdrv\ehdrv.inf ( 1483 bytes )
C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\ehdrv\ehdrv.sys.vir -> c:\program files\ESET\ESET Smart Security\Drivers\ehdrv\ehdrv.sys ( 106208 bytes )
C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\epfw\epfw.cat.vir -> c:\program files\ESET\ESET Smart Security\Drivers\epfw\epfw.cat ( 7225 bytes )
C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\epfw\epfw.inf.vir -> c:\program files\ESET\ESET Smart Security\Drivers\epfw\epfw.inf ( 1493 bytes )
C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\epfw\epfw.sys.vir -> c:\program files\ESET\ESET Smart Security\Drivers\epfw\epfw.sys ( 130952 bytes )
C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\epfwndis\epfwnd_m.inf.vir -> c:\program files\ESET\ESET Smart Security\Drivers\epfwndis\epfwnd_m.inf ( 1461 bytes )
C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\epfwndis\epfwndis.cat.vir -> c:\program files\ESET\ESET Smart Security\Drivers\epfwndis\epfwndis.cat ( 7515 bytes )
C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\epfwndis\epfwndis.inf.vir -> c:\program files\ESET\ESET Smart Security\Drivers\epfwndis\epfwndis.inf ( 3421 bytes )
C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\epfwndis\epfwndis.sys.vir -> c:\program files\ESET\ESET Smart Security\Drivers\epfwndis\epfwndis.sys ( 33096 bytes )
C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\epfwwfp\epfwwfp.cat.vir -> c:\program files\ESET\ESET Smart Security\Drivers\epfwwfp\epfwwfp.cat ( 7225 bytes )
C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\epfwwfp\EpfwWfp.inf.vir -> c:\program files\ESET\ESET Smart Security\Drivers\epfwwfp\EpfwWfp.inf ( 1506 bytes )
C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Drivers\epfwwfp\EpfwWfp.sys.vir -> c:\program files\ESET\ESET Smart Security\Drivers\epfwwfp\EpfwWfp.sys ( 38240 bytes )
C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\mod_comp.dat.vir -> c:\program files\ESET\ESET Smart Security\mod_comp.dat ( 225 bytes )
C:\Qoobox\Quarantine\c\program files\ESET\ESET Smart Security\Mozilla Thunderbird\chrome.manifest.vir -> c:\program files\ESET\ESET Smart Security\Mozilla Thunderbird\chrome.manifest ( 29 bytes )

 

[Broni]

Let's see, if anything else important has been removed....

Please, navigate to:
C:\Qoobox
Open ComboFix-quarantined-files.txt in a Notepad, copy everything, and paste into your next reply.

 

[across151]

there's no ComboFix-quarantined-files.txt in C:\Qoobox, the only things there are these.

 

[Broni]

Weird.
Check "Quarantine" folder.

or...

* Click on Start, then Run.
* Copy and Paste the bold text below in to the Run Box:


cmd /c dir /a /s C:\QooBox >log.txt&start log.txt


* Then click on OK.
* A Text File will open up, please Copy and Paste the contents in your next reply.

 

[across151]

Volume in drive C is SQ004710V01
Volume Serial Number is 7813-5D2F

Directory of C:\QooBox

12/12/2010 07:19 PM <DIR> .
12/12/2010 07:19 PM <DIR> ..
12/10/2010 04:34 PM 8,330 Add-Remove Programs.txt
12/12/2010 07:18 PM <DIR> BackEnv
12/10/2010 04:14 PM 493 CFScript_used_2010-12-10_16.18.02.txt
12/12/2010 07:15 PM 1,691 CFScript_used_2010-12-12_19.19.18.txt
12/10/2010 04:34 PM 25,151 ComboFix2.txt
12/09/2010 11:50 PM 20,817 ComboFix3.txt
12/12/2010 07:16 PM <DIR> LastRun
12/10/2010 04:18 PM <DIR> Quarantine
12/10/2010 04:33 PM 0 SnapShot@2010-12-10_21.29.08.dat
12/12/2010 07:16 PM <DIR> Test
12/12/2010 07:16 PM <DIR> TestC
6 File(s) 56,482 bytes

Directory of C:\QooBox\BackEnv

12/12/2010 07:18 PM <DIR> .
12/12/2010 07:18 PM <DIR> ..
12/12/2010 07:18 PM 136 AppData.folder.dat
12/12/2010 07:18 PM 241 Cache.folder.dat
12/12/2010 07:18 PM 73 Cookies.folder.dat
12/12/2010 07:18 PM 94 Desktop.folder.dat
12/12/2010 07:18 PM 134 Favorites.folder.dat
12/12/2010 07:18 PM 71 History.folder.dat
12/12/2010 07:18 PM 112 LocalAppData.folder.dat
12/12/2010 07:18 PM 112 LocalSettings.folder.dat
12/12/2010 07:18 PM 62 Music.folder.dat
12/12/2010 07:18 PM 83 NetHood.folder.dat
12/12/2010 07:18 PM 100 Personal.folder.dat
12/12/2010 07:18 PM 97 Pictures.folder.dat
12/12/2010 07:18 PM 83 PrintHood.folder.dat
12/12/2010 07:18 PM 190 Profiles.Folder.dat
12/12/2010 07:18 PM 269 Profiles.Folder.folder.dat
12/12/2010 07:18 PM 370 Programs.folder.dat
12/12/2010 07:18 PM 72 Recent.folder.dat
12/12/2010 07:18 PM 72 SendTo.folder.dat
12/12/2010 07:18 PM 5,330 SetPath.bat
12/12/2010 07:18 PM 252 StartMenu.folder.dat
12/12/2010 07:18 PM 410 StartUp.folder.dat
12/12/2010 07:18 PM 829 SysPath.dat
12/12/2010 07:18 PM 248 Templates.folder.dat
12/12/2010 07:18 PM 2,160 VikPev00
24 File(s) 11,600 bytes

Directory of C:\QooBox\LastRun

12/12/2010 07:16 PM <DIR> .
12/12/2010 07:16 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine

12/10/2010 04:18 PM <DIR> .
12/10/2010 04:18 PM <DIR> ..
12/10/2010 04:24 PM <DIR> C
12/12/2010 07:19 PM 35,424 catchme.log
12/12/2010 07:19 PM 0 catchme.txt
12/10/2010 04:33 PM <DIR> Registry_backups
2 File(s) 35,424 bytes

Directory of C:\QooBox\Quarantine\C

12/10/2010 04:24 PM <DIR> .
12/10/2010 04:24 PM <DIR> ..
12/10/2010 04:24 PM <DIR> Program Files
12/09/2010 11:41 PM <DIR> Users
12/09/2010 11:41 PM <DIR> Windows
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Program Files

12/10/2010 04:24 PM <DIR> .
12/10/2010 04:24 PM <DIR> ..
12/10/2010 04:24 PM <DIR> ESET
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Program Files\ESET

12/10/2010 04:24 PM <DIR> .
12/10/2010 04:24 PM <DIR> ..
12/10/2010 04:29 PM <DIR> ESET Smart Security
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security

12/10/2010 04:29 PM <DIR> .
12/10/2010 04:29 PM <DIR> ..
12/10/2010 04:24 PM <DIR> Drivers
01/27/2010 06:27 PM 225 mod_comp.dat.vir
12/10/2010 04:28 PM <DIR> Mozilla Thunderbird
12/10/2010 04:27 PM 61,213 _callmsi_.exe.zip
12/10/2010 04:27 PM 137,800 _DMON_.dll.zip
12/10/2010 04:27 PM 240,023 _ecls_.exe.zip
12/10/2010 04:27 PM 43,526 _ecmd_.exe.zip
12/10/2010 04:27 PM 47,618 _eeclnt_.exe.zip
12/10/2010 04:27 PM 111,431 _eguiAmon_.dll.zip
12/10/2010 04:27 PM 83,067 _eguiDmon_.dll.zip
12/10/2010 04:27 PM 87,613 _eguiEmon_.dll.zip
12/10/2010 04:27 PM 694,581 _eguiEpfw_.dll.zip
12/10/2010 04:27 PM 82,300 _eguiMailPlugins_.dll.zip
12/10/2010 04:27 PM 593,443 _eguiProduct_.dll.zip
12/10/2010 04:27 PM 268,818 _eguiScan_.dll.zip
12/10/2010 04:27 PM 147,130 _eguiSmon_.dll.zip
12/10/2010 04:27 PM 205,187 _eguiUpdate_.dll.zip
12/10/2010 04:27 PM 1,930,800 _egui_.exe.zip
12/10/2010 04:27 PM 21,495 _EHttpSrv_.exe.zip
12/10/2010 04:27 PM 136,213 _ekrnAmon_.dll.zip
12/10/2010 04:27 PM 91,207 _ekrnDmon_.dll.zip
12/10/2010 04:27 PM 92,475 _ekrnEmon_.dll.zip
12/10/2010 04:27 PM 388,715 _ekrnEpfw_.dll.zip
12/10/2010 04:27 PM 93,298 _ekrnMailPlugins_.dll.zip
12/10/2010 04:27 PM 145,993 _ekrnScan_.dll.zip
12/10/2010 04:27 PM 4,810,473 _ekrnSmonEngine_.dll.zip
12/10/2010 04:27 PM 200,185 _ekrnSmon_.dll.zip
12/10/2010 04:27 PM 141,693 _ekrnUpdate_.dll.zip
12/10/2010 04:27 PM 671,136 _ekrn_.exe.zip
12/10/2010 04:27 PM 97,454 _em000_32_.dat.zip
12/10/2010 04:27 PM 834,652 _em001_32_.dat.zip
12/10/2010 04:27 PM 56,272,608 _em002_32_.dat.zip
12/10/2010 04:28 PM 917,794 _em003_32_.dat.zip
12/10/2010 04:28 PM 927,722 _em004_32_.dat.zip
12/10/2010 04:28 PM 100,612 _em005_32_.dat.zip
12/10/2010 04:28 PM 147,386 _em006_32_.dat.zip
12/10/2010 04:28 PM 444,844 _em008_32_.dat.zip
12/10/2010 04:28 PM 2,049,356 _em009_32_.dat.zip
12/10/2010 04:28 PM 356,072 _em010_32_.dat.zip
12/10/2010 04:28 PM 76,216 _em013_32_.dat.zip
12/10/2010 04:28 PM 12,993 _eplgHooks_.dll.zip
12/10/2010 04:28 PM 193,056 _eplgOEEmon_.dll.zip
12/10/2010 04:28 PM 260,444 _eplgOESmon_.dll.zip
12/10/2010 04:28 PM 348,307 _eplgOE_.dll.zip
12/10/2010 04:28 PM 156,631 _eplgOutlookEmon_.dll.zip
12/10/2010 04:28 PM 296,508 _eplgOutlookSmon_.dll.zip
12/10/2010 04:28 PM 263,918 _eplgOutlook_.dll.zip
12/10/2010 04:28 PM 197,420 _eplgTbEmon_.dll.zip
12/10/2010 04:28 PM 280,434 _eplgTbSmon_.dll.zip
12/10/2010 04:28 PM 9,034,692 _eset_.chm.zip
12/10/2010 04:28 PM 16,214 _eula_.rtf.zip
12/10/2010 04:28 PM 70,296 _http_dll_.dll.zip
12/10/2010 04:28 PM 1,033,260 _mfc80u_.dll.zip
12/10/2010 04:28 PM 1,035,879 _mfc80_.dll.zip
12/10/2010 04:25 PM 750 _Microsoft.VC80.CRT_.manifest.zip
12/10/2010 04:25 PM 754 _Microsoft.VC80.MFCLOC_.manifest.zip
12/10/2010 04:25 PM 808 _Microsoft.VC80.MFC_.manifest.zip
12/10/2010 04:28 PM 297,748 _msvcp80_.dll.zip
12/10/2010 04:28 PM 636,322 _msvcr80_.dll.zip
12/10/2010 04:28 PM 226,076 _PPESET_.dll.zip
12/10/2010 04:28 PM 854 _PPEset_.inf.zip
12/10/2010 04:28 PM 177,593 _shellExt_.dll.zip
12/10/2010 04:29 PM 707,606 _SysInspector_.exe.zip
12/10/2010 04:29 PM 1,013,973 _SysRescue_.exe.zip
12/10/2010 04:29 PM 210,283 _updater_.dll.zip
63 File(s) 90,225,193 bytes

Directory of C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers

12/10/2010 04:24 PM <DIR> .
12/10/2010 04:24 PM <DIR> ..
12/10/2010 04:24 PM <DIR> eamon
12/10/2010 04:24 PM <DIR> ehdrv
12/10/2010 04:24 PM <DIR> epfw
12/10/2010 04:24 PM <DIR> epfwndis
12/10/2010 04:24 PM <DIR> epfwwfp
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\eamon

12/10/2010 04:24 PM <DIR> .
12/10/2010 04:24 PM <DIR> ..
02/06/2009 02:19 PM 7,225 eamon.cat.vir
02/06/2009 02:19 PM 1,523 eamon.inf.vir
02/06/2009 02:19 PM 113,448 eamon.sys.vir
3 File(s) 122,196 bytes

Directory of C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\ehdrv

12/10/2010 04:24 PM <DIR> .
12/10/2010 04:24 PM <DIR> ..
02/06/2009 02:23 PM 7,225 ehdrv.cat.vir
02/06/2009 02:19 PM 1,483 ehdrv.inf.vir
02/06/2009 02:23 PM 106,208 ehdrv.sys.vir
3 File(s) 114,916 bytes

Directory of C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\epfw

12/10/2010 04:24 PM <DIR> .
12/10/2010 04:24 PM <DIR> ..
02/06/2009 02:24 PM 7,225 epfw.cat.vir
02/06/2009 02:19 PM 1,493 epfw.inf.vir
02/06/2009 02:24 PM 130,952 epfw.sys.vir
3 File(s) 139,670 bytes

Directory of C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\epfwndis

12/10/2010 04:24 PM <DIR> .
12/10/2010 04:24 PM <DIR> ..
02/06/2009 02:24 PM 7,515 epfwndis.cat.vir
02/06/2009 02:19 PM 3,421 epfwndis.inf.vir
02/06/2009 02:24 PM 33,096 epfwndis.sys.vir
02/06/2009 02:19 PM 1,461 epfwnd_m.inf.vir
4 File(s) 45,493 bytes

Directory of C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\epfwwfp

12/10/2010 04:24 PM <DIR> .
12/10/2010 04:24 PM <DIR> ..
02/06/2009 02:24 PM 7,225 epfwwfp.cat.vir
02/06/2009 02:19 PM 1,506 EpfwWfp.inf.vir
02/06/2009 02:24 PM 38,240 EpfwWfp.sys.vir
3 File(s) 46,971 bytes

Directory of C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

12/10/2010 04:28 PM <DIR> .
12/10/2010 04:28 PM <DIR> ..
07/11/2008 12:07 PM 29 chrome.manifest.vir
12/10/2010 04:28 PM <DIR> Components
12/10/2010 04:28 PM 924 _install_.rdf.zip
2 File(s) 953 bytes

Directory of C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird\Components

12/10/2010 04:28 PM <DIR> .
12/10/2010 04:28 PM <DIR> ..
12/10/2010 04:28 PM 310,231 _eplgTb_.dll.zip
12/10/2010 04:28 PM 1,162 _eplgTb_.xpt.zip
2 File(s) 311,393 bytes

Directory of C:\QooBox\Quarantine\C\Users

12/09/2010 11:41 PM <DIR> .
12/09/2010 11:41 PM <DIR> ..
12/09/2010 11:41 PM <DIR> Default.Default-PC
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Users\Default.Default-PC

12/09/2010 11:41 PM <DIR> .
12/09/2010 11:41 PM <DIR> ..
12/09/2010 11:41 PM <DIR> AppData
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Users\Default.Default-PC\AppData

12/09/2010 11:41 PM <DIR> .
12/09/2010 11:41 PM <DIR> ..
12/10/2010 04:25 PM <DIR> Local
12/09/2010 11:41 PM <DIR> Roaming
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Users\Default.Default-PC\AppData\Local

12/10/2010 04:25 PM <DIR> .
12/10/2010 04:25 PM <DIR> ..
12/08/2010 03:15 PM 0 Bcizusevihe.bin.vir
12/09/2010 11:41 PM <DIR> {3BAD1186-0B92-489D-A9A2-81E73CD607BC}
1 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Users\Default.Default-PC\AppData\Local\{3BAD1186-0B92-489D-A9A2-81E73CD607BC}

12/09/2010 11:41 PM <DIR> .
12/09/2010 11:41 PM <DIR> ..
12/09/2010 11:41 PM <DIR> chrome
12/08/2010 03:15 PM 764 install.rdf.vir
1 File(s) 764 bytes

Directory of C:\QooBox\Quarantine\C\Users\Default.Default-PC\AppData\Local\{3BAD1186-0B92-489D-A9A2-81E73CD607BC}\chrome

12/09/2010 11:41 PM <DIR> .
12/09/2010 11:41 PM <DIR> ..
12/09/2010 11:41 PM <DIR> content
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Users\Default.Default-PC\AppData\Local\{3BAD1186-0B92-489D-A9A2-81E73CD607BC}\chrome\content

12/09/2010 11:41 PM <DIR> .
12/09/2010 11:41 PM <DIR> ..
12/08/2010 03:15 PM 5,954 overlay.xul.vir
1 File(s) 5,954 bytes

Directory of C:\QooBox\Quarantine\C\Users\Default.Default-PC\AppData\Roaming

12/09/2010 11:41 PM <DIR> .
12/09/2010 11:41 PM <DIR> ..
12/09/2010 11:41 PM <DIR> Adobe
12/09/2010 11:41 PM <DIR> Microsoft
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Users\Default.Default-PC\AppData\Roaming\Adobe

12/09/2010 11:41 PM <DIR> .
12/09/2010 11:41 PM <DIR> ..
03/08/2009 06:31 AM 45,568 AdobeUpdate .exe.vir
1 File(s) 45,568 bytes

Directory of C:\QooBox\Quarantine\C\Users\Default.Default-PC\AppData\Roaming\Microsoft

12/09/2010 11:41 PM <DIR> .
12/09/2010 11:41 PM <DIR> ..
12/09/2010 11:41 PM <DIR> Windows
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Users\Default.Default-PC\AppData\Roaming\Microsoft\Windows

12/09/2010 11:41 PM <DIR> .
12/09/2010 11:41 PM <DIR> ..
12/09/2010 11:41 PM <DIR> Recent
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Users\Default.Default-PC\AppData\Roaming\Microsoft\Windows\Recent

12/09/2010 11:41 PM <DIR> .
12/09/2010 11:41 PM <DIR> ..
06/15/2010 06:41 PM 213 Half-Life 2.url.vir
1 File(s) 213 bytes

Directory of C:\QooBox\Quarantine\C\Windows

12/09/2010 11:41 PM <DIR> .
12/09/2010 11:41 PM <DIR> ..
12/09/2010 11:41 PM <DIR> System32
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Windows\System32

12/09/2010 11:41 PM <DIR> .
12/09/2010 11:41 PM <DIR> ..
01/08/2010 05:54 PM 2,344 11478.exe.vir
01/08/2010 05:34 PM 2,344 15724.exe.vir
01/08/2010 04:14 PM 2,344 18467.exe.vir
01/08/2010 05:14 PM 2,344 19169.exe.vir
01/08/2010 06:55 PM 2,344 24464.exe.vir
01/08/2010 04:54 PM 2,344 26500.exe.vir
01/08/2010 06:35 PM 2,344 26962.exe.vir
01/08/2010 06:15 PM 2,344 29358.exe.vir
01/08/2010 07:15 PM 2,344 5705.exe.vir
01/08/2010 04:34 PM 2,344 6334.exe.vir
10 File(s) 23,440 bytes

Directory of C:\QooBox\Quarantine\Registry_backups

12/10/2010 04:33 PM <DIR> .
12/10/2010 04:33 PM <DIR> ..
12/09/2010 11:49 PM 748 AddRemove-Octoshape add-in for Adobe Flash Player.reg.dat
12/09/2010 11:49 PM 160 HKLM-Run-HSON.reg.dat
12/09/2010 11:49 PM 161 HKLM-Run-TPwrMain.reg.dat
12/10/2010 04:23 PM 1,088 Legacy_EPFWWFP.reg.dat
12/09/2010 11:40 PM 1,114 Legacy__VOIDXXQIUVICII.reg.dat
12/09/2010 11:49 PM 892 MSConfigStartUp-00TCrdMain.reg.dat
12/09/2010 11:49 PM 856 MSConfigStartUp-diledevibe.reg.dat
12/09/2010 11:49 PM 978 MSConfigStartUp-Google Update.reg.dat
12/09/2010 11:49 PM 924 MSConfigStartUp-ITSecMng.reg.dat
12/09/2010 11:49 PM 926 MSConfigStartUp-mplay32xe.reg.dat
12/09/2010 11:49 PM 896 MSConfigStartUp-SmoothView.reg.dat
12/09/2010 11:49 PM 924 MSConfigStartUp-swg.reg.dat
12/09/2010 11:49 PM 810 MSConfigStartUp-TOSCDSPD.reg.dat
12/09/2010 11:49 PM 932 MSConfigStartUp-Your Protection.reg.dat
12/10/2010 04:24 PM 208 Service_EhttpSrv.reg.dat
12/10/2010 04:23 PM 1,470 Service_ekrn.reg.dat
12/10/2010 04:23 PM 1,212 Service_epfwwfp.reg.dat
12/09/2010 11:40 PM 1,764 Service_Ias.reg.dat
12/10/2010 04:23 PM 1,408 Service_monitor.reg.dat
12/09/2010 11:40 PM 1,264 Service__VOIDxxqiuvicii.reg.dat
12/10/2010 04:23 PM 4,955 tcpip.reg
21 File(s) 23,690 bytes

Directory of C:\QooBox\Test

12/12/2010 07:16 PM <DIR> .
12/12/2010 07:16 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\QooBox\TestC

12/12/2010 07:16 PM <DIR> .
12/12/2010 07:16 PM <DIR> ..
0 File(s) 0 bytes

Total Files Listed:
151 File(s) 91,209,920 bytes
98 Dir(s) 36,799,885,312 bytes free

 

[across151]

Volume in drive C is SQ004710V01
Volume Serial Number is 7813-5D2F

Directory of C:\QooBox

12/12/2010 07:19 PM <DIR> .
12/12/2010 07:19 PM <DIR> ..
12/10/2010 04:34 PM 8,330 Add-Remove Programs.txt
12/12/2010 07:18 PM <DIR> BackEnv
12/10/2010 04:14 PM 493 CFScript_used_2010-12-10_16.18.02.txt
12/12/2010 07:15 PM 1,691 CFScript_used_2010-12-12_19.19.18.txt
12/10/2010 04:34 PM 25,151 ComboFix2.txt
12/09/2010 11:50 PM 20,817 ComboFix3.txt
12/12/2010 07:16 PM <DIR> LastRun
12/10/2010 04:18 PM <DIR> Quarantine
12/10/2010 04:33 PM 0 SnapShot@2010-12-10_21.29.08.dat
12/12/2010 07:16 PM <DIR> Test
12/12/2010 07:16 PM <DIR> TestC
6 File(s) 56,482 bytes

Directory of C:\QooBox\BackEnv

12/12/2010 07:18 PM <DIR> .
12/12/2010 07:18 PM <DIR> ..
12/12/2010 07:18 PM 136 AppData.folder.dat
12/12/2010 07:18 PM 241 Cache.folder.dat
12/12/2010 07:18 PM 73 Cookies.folder.dat
12/12/2010 07:18 PM 94 Desktop.folder.dat
12/12/2010 07:18 PM 134 Favorites.folder.dat
12/12/2010 07:18 PM 71 History.folder.dat
12/12/2010 07:18 PM 112 LocalAppData.folder.dat
12/12/2010 07:18 PM 112 LocalSettings.folder.dat
12/12/2010 07:18 PM 62 Music.folder.dat
12/12/2010 07:18 PM 83 NetHood.folder.dat
12/12/2010 07:18 PM 100 Personal.folder.dat
12/12/2010 07:18 PM 97 Pictures.folder.dat
12/12/2010 07:18 PM 83 PrintHood.folder.dat
12/12/2010 07:18 PM 190 Profiles.Folder.dat
12/12/2010 07:18 PM 269 Profiles.Folder.folder.dat
12/12/2010 07:18 PM 370 Programs.folder.dat
12/12/2010 07:18 PM 72 Recent.folder.dat
12/12/2010 07:18 PM 72 SendTo.folder.dat
12/12/2010 07:18 PM 5,330 SetPath.bat
12/12/2010 07:18 PM 252 StartMenu.folder.dat
12/12/2010 07:18 PM 410 StartUp.folder.dat
12/12/2010 07:18 PM 829 SysPath.dat
12/12/2010 07:18 PM 248 Templates.folder.dat
12/12/2010 07:18 PM 2,160 VikPev00
24 File(s) 11,600 bytes

Directory of C:\QooBox\LastRun

12/12/2010 07:16 PM <DIR> .
12/12/2010 07:16 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine

12/10/2010 04:18 PM <DIR> .
12/10/2010 04:18 PM <DIR> ..
12/10/2010 04:24 PM <DIR> C
12/12/2010 07:19 PM 35,424 catchme.log
12/12/2010 07:19 PM 0 catchme.txt
12/10/2010 04:33 PM <DIR> Registry_backups
2 File(s) 35,424 bytes

Directory of C:\QooBox\Quarantine\C

12/10/2010 04:24 PM <DIR> .
12/10/2010 04:24 PM <DIR> ..
12/10/2010 04:24 PM <DIR> Program Files
12/09/2010 11:41 PM <DIR> Users
12/09/2010 11:41 PM <DIR> Windows
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Program Files

12/10/2010 04:24 PM <DIR> .
12/10/2010 04:24 PM <DIR> ..
12/10/2010 04:24 PM <DIR> ESET
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Program Files\ESET

12/10/2010 04:24 PM <DIR> .
12/10/2010 04:24 PM <DIR> ..
12/10/2010 04:29 PM <DIR> ESET Smart Security
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security

12/10/2010 04:29 PM <DIR> .
12/10/2010 04:29 PM <DIR> ..
12/10/2010 04:24 PM <DIR> Drivers
01/27/2010 06:27 PM 225 mod_comp.dat.vir
12/10/2010 04:28 PM <DIR> Mozilla Thunderbird
12/10/2010 04:27 PM 61,213 _callmsi_.exe.zip
12/10/2010 04:27 PM 137,800 _DMON_.dll.zip
12/10/2010 04:27 PM 240,023 _ecls_.exe.zip
12/10/2010 04:27 PM 43,526 _ecmd_.exe.zip
12/10/2010 04:27 PM 47,618 _eeclnt_.exe.zip
12/10/2010 04:27 PM 111,431 _eguiAmon_.dll.zip
12/10/2010 04:27 PM 83,067 _eguiDmon_.dll.zip
12/10/2010 04:27 PM 87,613 _eguiEmon_.dll.zip
12/10/2010 04:27 PM 694,581 _eguiEpfw_.dll.zip
12/10/2010 04:27 PM 82,300 _eguiMailPlugins_.dll.zip
12/10/2010 04:27 PM 593,443 _eguiProduct_.dll.zip
12/10/2010 04:27 PM 268,818 _eguiScan_.dll.zip
12/10/2010 04:27 PM 147,130 _eguiSmon_.dll.zip
12/10/2010 04:27 PM 205,187 _eguiUpdate_.dll.zip
12/10/2010 04:27 PM 1,930,800 _egui_.exe.zip
12/10/2010 04:27 PM 21,495 _EHttpSrv_.exe.zip
12/10/2010 04:27 PM 136,213 _ekrnAmon_.dll.zip
12/10/2010 04:27 PM 91,207 _ekrnDmon_.dll.zip
12/10/2010 04:27 PM 92,475 _ekrnEmon_.dll.zip
12/10/2010 04:27 PM 388,715 _ekrnEpfw_.dll.zip
12/10/2010 04:27 PM 93,298 _ekrnMailPlugins_.dll.zip
12/10/2010 04:27 PM 145,993 _ekrnScan_.dll.zip
12/10/2010 04:27 PM 4,810,473 _ekrnSmonEngine_.dll.zip
12/10/2010 04:27 PM 200,185 _ekrnSmon_.dll.zip
12/10/2010 04:27 PM 141,693 _ekrnUpdate_.dll.zip
12/10/2010 04:27 PM 671,136 _ekrn_.exe.zip
12/10/2010 04:27 PM 97,454 _em000_32_.dat.zip
12/10/2010 04:27 PM 834,652 _em001_32_.dat.zip
12/10/2010 04:27 PM 56,272,608 _em002_32_.dat.zip
12/10/2010 04:28 PM 917,794 _em003_32_.dat.zip
12/10/2010 04:28 PM 927,722 _em004_32_.dat.zip
12/10/2010 04:28 PM 100,612 _em005_32_.dat.zip
12/10/2010 04:28 PM 147,386 _em006_32_.dat.zip
12/10/2010 04:28 PM 444,844 _em008_32_.dat.zip
12/10/2010 04:28 PM 2,049,356 _em009_32_.dat.zip
12/10/2010 04:28 PM 356,072 _em010_32_.dat.zip
12/10/2010 04:28 PM 76,216 _em013_32_.dat.zip
12/10/2010 04:28 PM 12,993 _eplgHooks_.dll.zip
12/10/2010 04:28 PM 193,056 _eplgOEEmon_.dll.zip
12/10/2010 04:28 PM 260,444 _eplgOESmon_.dll.zip
12/10/2010 04:28 PM 348,307 _eplgOE_.dll.zip
12/10/2010 04:28 PM 156,631 _eplgOutlookEmon_.dll.zip
12/10/2010 04:28 PM 296,508 _eplgOutlookSmon_.dll.zip
12/10/2010 04:28 PM 263,918 _eplgOutlook_.dll.zip
12/10/2010 04:28 PM 197,420 _eplgTbEmon_.dll.zip
12/10/2010 04:28 PM 280,434 _eplgTbSmon_.dll.zip
12/10/2010 04:28 PM 9,034,692 _eset_.chm.zip
12/10/2010 04:28 PM 16,214 _eula_.rtf.zip
12/10/2010 04:28 PM 70,296 _http_dll_.dll.zip
12/10/2010 04:28 PM 1,033,260 _mfc80u_.dll.zip
12/10/2010 04:28 PM 1,035,879 _mfc80_.dll.zip
12/10/2010 04:25 PM 750 _Microsoft.VC80.CRT_.manifest.zip
12/10/2010 04:25 PM 754 _Microsoft.VC80.MFCLOC_.manifest.zip
12/10/2010 04:25 PM 808 _Microsoft.VC80.MFC_.manifest.zip
12/10/2010 04:28 PM 297,748 _msvcp80_.dll.zip
12/10/2010 04:28 PM 636,322 _msvcr80_.dll.zip
12/10/2010 04:28 PM 226,076 _PPESET_.dll.zip
12/10/2010 04:28 PM 854 _PPEset_.inf.zip
12/10/2010 04:28 PM 177,593 _shellExt_.dll.zip
12/10/2010 04:29 PM 707,606 _SysInspector_.exe.zip
12/10/2010 04:29 PM 1,013,973 _SysRescue_.exe.zip
12/10/2010 04:29 PM 210,283 _updater_.dll.zip
63 File(s) 90,225,193 bytes

Directory of C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers

12/10/2010 04:24 PM <DIR> .
12/10/2010 04:24 PM <DIR> ..
12/10/2010 04:24 PM <DIR> eamon
12/10/2010 04:24 PM <DIR> ehdrv
12/10/2010 04:24 PM <DIR> epfw
12/10/2010 04:24 PM <DIR> epfwndis
12/10/2010 04:24 PM <DIR> epfwwfp
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\eamon

12/10/2010 04:24 PM <DIR> .
12/10/2010 04:24 PM <DIR> ..
02/06/2009 02:19 PM 7,225 eamon.cat.vir
02/06/2009 02:19 PM 1,523 eamon.inf.vir
02/06/2009 02:19 PM 113,448 eamon.sys.vir
3 File(s) 122,196 bytes

Directory of C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\ehdrv

12/10/2010 04:24 PM <DIR> .
12/10/2010 04:24 PM <DIR> ..
02/06/2009 02:23 PM 7,225 ehdrv.cat.vir
02/06/2009 02:19 PM 1,483 ehdrv.inf.vir
02/06/2009 02:23 PM 106,208 ehdrv.sys.vir
3 File(s) 114,916 bytes

Directory of C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\epfw

12/10/2010 04:24 PM <DIR> .
12/10/2010 04:24 PM <DIR> ..
02/06/2009 02:24 PM 7,225 epfw.cat.vir
02/06/2009 02:19 PM 1,493 epfw.inf.vir
02/06/2009 02:24 PM 130,952 epfw.sys.vir
3 File(s) 139,670 bytes

Directory of C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\epfwndis

12/10/2010 04:24 PM <DIR> .
12/10/2010 04:24 PM <DIR> ..
02/06/2009 02:24 PM 7,515 epfwndis.cat.vir
02/06/2009 02:19 PM 3,421 epfwndis.inf.vir
02/06/2009 02:24 PM 33,096 epfwndis.sys.vir
02/06/2009 02:19 PM 1,461 epfwnd_m.inf.vir
4 File(s) 45,493 bytes

Directory of C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\epfwwfp

12/10/2010 04:24 PM <DIR> .
12/10/2010 04:24 PM <DIR> ..
02/06/2009 02:24 PM 7,225 epfwwfp.cat.vir
02/06/2009 02:19 PM 1,506 EpfwWfp.inf.vir
02/06/2009 02:24 PM 38,240 EpfwWfp.sys.vir
3 File(s) 46,971 bytes

Directory of C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

12/10/2010 04:28 PM <DIR> .
12/10/2010 04:28 PM <DIR> ..
07/11/2008 12:07 PM 29 chrome.manifest.vir
12/10/2010 04:28 PM <DIR> Components
12/10/2010 04:28 PM 924 _install_.rdf.zip
2 File(s) 953 bytes

Directory of C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird\Components

12/10/2010 04:28 PM <DIR> .
12/10/2010 04:28 PM <DIR> ..
12/10/2010 04:28 PM 310,231 _eplgTb_.dll.zip
12/10/2010 04:28 PM 1,162 _eplgTb_.xpt.zip
2 File(s) 311,393 bytes

Directory of C:\QooBox\Quarantine\C\Users

12/09/2010 11:41 PM <DIR> .
12/09/2010 11:41 PM <DIR> ..
12/09/2010 11:41 PM <DIR> Default.Default-PC
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Users\Default.Default-PC

12/09/2010 11:41 PM <DIR> .
12/09/2010 11:41 PM <DIR> ..
12/09/2010 11:41 PM <DIR> AppData
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Users\Default.Default-PC\AppData

12/09/2010 11:41 PM <DIR> .
12/09/2010 11:41 PM <DIR> ..
12/10/2010 04:25 PM <DIR> Local
12/09/2010 11:41 PM <DIR> Roaming
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Users\Default.Default-PC\AppData\Local

12/10/2010 04:25 PM <DIR> .
12/10/2010 04:25 PM <DIR> ..
12/08/2010 03:15 PM 0 Bcizusevihe.bin.vir
12/09/2010 11:41 PM <DIR> {3BAD1186-0B92-489D-A9A2-81E73CD607BC}
1 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Users\Default.Default-PC\AppData\Local\{3BAD1186-0B92-489D-A9A2-81E73CD607BC}

12/09/2010 11:41 PM <DIR> .
12/09/2010 11:41 PM <DIR> ..
12/09/2010 11:41 PM <DIR> chrome
12/08/2010 03:15 PM 764 install.rdf.vir
1 File(s) 764 bytes

Directory of C:\QooBox\Quarantine\C\Users\Default.Default-PC\AppData\Local\{3BAD1186-0B92-489D-A9A2-81E73CD607BC}\chrome

12/09/2010 11:41 PM <DIR> .
12/09/2010 11:41 PM <DIR> ..
12/09/2010 11:41 PM <DIR> content
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Users\Default.Default-PC\AppData\Local\{3BAD1186-0B92-489D-A9A2-81E73CD607BC}\chrome\content

12/09/2010 11:41 PM <DIR> .
12/09/2010 11:41 PM <DIR> ..
12/08/2010 03:15 PM 5,954 overlay.xul.vir
1 File(s) 5,954 bytes

Directory of C:\QooBox\Quarantine\C\Users\Default.Default-PC\AppData\Roaming

12/09/2010 11:41 PM <DIR> .
12/09/2010 11:41 PM <DIR> ..
12/09/2010 11:41 PM <DIR> Adobe
12/09/2010 11:41 PM <DIR> Microsoft
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Users\Default.Default-PC\AppData\Roaming\Adobe

12/09/2010 11:41 PM <DIR> .
12/09/2010 11:41 PM <DIR> ..
03/08/2009 06:31 AM 45,568 AdobeUpdate .exe.vir
1 File(s) 45,568 bytes

Directory of C:\QooBox\Quarantine\C\Users\Default.Default-PC\AppData\Roaming\Microsoft

12/09/2010 11:41 PM <DIR> .
12/09/2010 11:41 PM <DIR> ..
12/09/2010 11:41 PM <DIR> Windows
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Users\Default.Default-PC\AppData\Roaming\Microsoft\Windows

12/09/2010 11:41 PM <DIR> .
12/09/2010 11:41 PM <DIR> ..
12/09/2010 11:41 PM <DIR> Recent
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Users\Default.Default-PC\AppData\Roaming\Microsoft\Windows\Recent

12/09/2010 11:41 PM <DIR> .
12/09/2010 11:41 PM <DIR> ..
06/15/2010 06:41 PM 213 Half-Life 2.url.vir
1 File(s) 213 bytes

Directory of C:\QooBox\Quarantine\C\Windows

12/09/2010 11:41 PM <DIR> .
12/09/2010 11:41 PM <DIR> ..
12/09/2010 11:41 PM <DIR> System32
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Windows\System32

12/09/2010 11:41 PM <DIR> .
12/09/2010 11:41 PM <DIR> ..
01/08/2010 05:54 PM 2,344 11478.exe.vir
01/08/2010 05:34 PM 2,344 15724.exe.vir
01/08/2010 04:14 PM 2,344 18467.exe.vir
01/08/2010 05:14 PM 2,344 19169.exe.vir
01/08/2010 06:55 PM 2,344 24464.exe.vir
01/08/2010 04:54 PM 2,344 26500.exe.vir
01/08/2010 06:35 PM 2,344 26962.exe.vir
01/08/2010 06:15 PM 2,344 29358.exe.vir
01/08/2010 07:15 PM 2,344 5705.exe.vir
01/08/2010 04:34 PM 2,344 6334.exe.vir
10 File(s) 23,440 bytes

Directory of C:\QooBox\Quarantine\Registry_backups

12/10/2010 04:33 PM <DIR> .
12/10/2010 04:33 PM <DIR> ..
12/09/2010 11:49 PM 748 AddRemove-Octoshape add-in for Adobe Flash Player.reg.dat
12/09/2010 11:49 PM 160 HKLM-Run-HSON.reg.dat
12/09/2010 11:49 PM 161 HKLM-Run-TPwrMain.reg.dat
12/10/2010 04:23 PM 1,088 Legacy_EPFWWFP.reg.dat
12/09/2010 11:40 PM 1,114 Legacy__VOIDXXQIUVICII.reg.dat
12/09/2010 11:49 PM 892 MSConfigStartUp-00TCrdMain.reg.dat
12/09/2010 11:49 PM 856 MSConfigStartUp-diledevibe.reg.dat
12/09/2010 11:49 PM 978 MSConfigStartUp-Google Update.reg.dat
12/09/2010 11:49 PM 924 MSConfigStartUp-ITSecMng.reg.dat
12/09/2010 11:49 PM 926 MSConfigStartUp-mplay32xe.reg.dat
12/09/2010 11:49 PM 896 MSConfigStartUp-SmoothView.reg.dat
12/09/2010 11:49 PM 924 MSConfigStartUp-swg.reg.dat
12/09/2010 11:49 PM 810 MSConfigStartUp-TOSCDSPD.reg.dat
12/09/2010 11:49 PM 932 MSConfigStartUp-Your Protection.reg.dat
12/10/2010 04:24 PM 208 Service_EhttpSrv.reg.dat
12/10/2010 04:23 PM 1,470 Service_ekrn.reg.dat
12/10/2010 04:23 PM 1,212 Service_epfwwfp.reg.dat
12/09/2010 11:40 PM 1,764 Service_Ias.reg.dat
12/10/2010 04:23 PM 1,408 Service_monitor.reg.dat
12/09/2010 11:40 PM 1,264 Service__VOIDxxqiuvicii.reg.dat
12/10/2010 04:23 PM 4,955 tcpip.reg
21 File(s) 23,690 bytes

Directory of C:\QooBox\Test

12/12/2010 07:16 PM <DIR> .
12/12/2010 07:16 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\QooBox\TestC

12/12/2010 07:16 PM <DIR> .
12/12/2010 07:16 PM <DIR> ..
0 File(s) 0 bytes

Total Files Listed:
151 File(s) 91,209,920 bytes
98 Dir(s) 36,275,924,992 bytes free

 

[Broni]

OK. Re-run Combofix with this code:

DEQUARANTINE::
C:\QooBox\Quarantine\C\Program Files
C:\QooBox\Quarantine\C\Program Files\ESET
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\eamon
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\ehdrv
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\epfw
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\epfwndis
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\epfwwfp
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird\Components
QUIT::

Save the above as CFScript.txt

Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Post DeQuarantine.txt log, restart computer and check on Eset.

 

[across151]

C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\mod_comp.dat -> C:\Program Files\ESET\ESET Smart Security\mod_comp.dat
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_callmsi_.exe.zip -> C:\Program Files\ESET\ESET Smart Security\_callmsi_.exe.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_DMON_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_DMON_.dll.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_ecls_.exe.zip -> C:\Program Files\ESET\ESET Smart Security\_ecls_.exe.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_ecmd_.exe.zip -> C:\Program Files\ESET\ESET Smart Security\_ecmd_.exe.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_eeclnt_.exe.zip -> C:\Program Files\ESET\ESET Smart Security\_eeclnt_.exe.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_eguiAmon_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_eguiAmon_.dll.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_eguiDmon_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_eguiDmon_.dll.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_eguiEmon_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_eguiEmon_.dll.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_eguiEpfw_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_eguiEpfw_.dll.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_eguiMailPlugins_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_eguiMailPlugins_.dll.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_eguiProduct_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_eguiProduct_.dll.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_eguiScan_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_eguiScan_.dll.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_eguiSmon_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_eguiSmon_.dll.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_eguiUpdate_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_eguiUpdate_.dll.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_egui_.exe.zip -> C:\Program Files\ESET\ESET Smart Security\_egui_.exe.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_EHttpSrv_.exe.zip -> C:\Program Files\ESET\ESET Smart Security\_EHttpSrv_.exe.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_ekrnAmon_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_ekrnAmon_.dll.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_ekrnDmon_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_ekrnDmon_.dll.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_ekrnEmon_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_ekrnEmon_.dll.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_ekrnEpfw_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_ekrnEpfw_.dll.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_ekrnMailPlugins_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_ekrnMailPlugins_.dll.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_ekrnScan_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_ekrnScan_.dll.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_ekrnSmonEngine_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_ekrnSmonEngine_.dll.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_ekrnSmon_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_ekrnSmon_.dll.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_ekrnUpdate_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_ekrnUpdate_.dll.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_ekrn_.exe.zip -> C:\Program Files\ESET\ESET Smart Security\_ekrn_.exe.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_em000_32_.dat.zip -> C:\Program Files\ESET\ESET Smart Security\_em000_32_.dat.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_em001_32_.dat.zip -> C:\Program Files\ESET\ESET Smart Security\_em001_32_.dat.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_em002_32_.dat.zip -> C:\Program Files\ESET\ESET Smart Security\_em002_32_.dat.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_em003_32_.dat.zip -> C:\Program Files\ESET\ESET Smart Security\_em003_32_.dat.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_em004_32_.dat.zip -> C:\Program Files\ESET\ESET Smart Security\_em004_32_.dat.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_em005_32_.dat.zip -> C:\Program Files\ESET\ESET Smart Security\_em005_32_.dat.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_em006_32_.dat.zip -> C:\Program Files\ESET\ESET Smart Security\_em006_32_.dat.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_em008_32_.dat.zip -> C:\Program Files\ESET\ESET Smart Security\_em008_32_.dat.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_em009_32_.dat.zip -> C:\Program Files\ESET\ESET Smart Security\_em009_32_.dat.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_em010_32_.dat.zip -> C:\Program Files\ESET\ESET Smart Security\_em010_32_.dat.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_em013_32_.dat.zip -> C:\Program Files\ESET\ESET Smart Security\_em013_32_.dat.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_eplgHooks_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_eplgHooks_.dll.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_eplgOEEmon_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_eplgOEEmon_.dll.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_eplgOESmon_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_eplgOESmon_.dll.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_eplgOE_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_eplgOE_.dll.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_eplgOutlookEmon_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_eplgOutlookEmon_.dll.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_eplgOutlookSmon_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_eplgOutlookSmon_.dll.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_eplgOutlook_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_eplgOutlook_.dll.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_eplgTbEmon_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_eplgTbEmon_.dll.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_eplgTbSmon_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_eplgTbSmon_.dll.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_eset_.chm.zip -> C:\Program Files\ESET\ESET Smart Security\_eset_.chm.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_eula_.rtf.zip -> C:\Program Files\ESET\ESET Smart Security\_eula_.rtf.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_http_dll_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_http_dll_.dll.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_mfc80u_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_mfc80u_.dll.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_mfc80_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_mfc80_.dll.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_Microsoft.VC80.CRT_.manifest.zip -> C:\Program Files\ESET\ESET Smart Security\_Microsoft.VC80.CRT_.manifest.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_Microsoft.VC80.MFCLOC_.manifest.zip -> C:\Program Files\ESET\ESET Smart Security\_Microsoft.VC80.MFCLOC_.manifest.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_Microsoft.VC80.MFC_.manifest.zip -> C:\Program Files\ESET\ESET Smart Security\_Microsoft.VC80.MFC_.manifest.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_msvcp80_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_msvcp80_.dll.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_msvcr80_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_msvcr80_.dll.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_PPESET_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_PPESET_.dll.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_PPEset_.inf.zip -> C:\Program Files\ESET\ESET Smart Security\_PPEset_.inf.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_shellExt_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_shellExt_.dll.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_SysInspector_.exe.zip -> C:\Program Files\ESET\ESET Smart Security\_SysInspector_.exe.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_SysRescue_.exe.zip -> C:\Program Files\ESET\ESET Smart Security\_SysRescue_.exe.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\_updater_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\_updater_.dll.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\eamon\eamon.cat -> C:\Program Files\ESET\ESET Smart Security\Drivers\eamon\eamon.cat
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\eamon\eamon.inf -> C:\Program Files\ESET\ESET Smart Security\Drivers\eamon\eamon.inf
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\eamon\eamon.sys -> C:\Program Files\ESET\ESET Smart Security\Drivers\eamon\eamon.sys
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\ehdrv\ehdrv.cat -> C:\Program Files\ESET\ESET Smart Security\Drivers\ehdrv\ehdrv.cat
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\ehdrv\ehdrv.inf -> C:\Program Files\ESET\ESET Smart Security\Drivers\ehdrv\ehdrv.inf
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\ehdrv\ehdrv.sys -> C:\Program Files\ESET\ESET Smart Security\Drivers\ehdrv\ehdrv.sys
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\epfw\epfw.cat -> C:\Program Files\ESET\ESET Smart Security\Drivers\epfw\epfw.cat
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\epfw\epfw.inf -> C:\Program Files\ESET\ESET Smart Security\Drivers\epfw\epfw.inf
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\epfw\epfw.sys -> C:\Program Files\ESET\ESET Smart Security\Drivers\epfw\epfw.sys
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\epfwndis\epfwndis.cat -> C:\Program Files\ESET\ESET Smart Security\Drivers\epfwndis\epfwndis.cat
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\epfwndis\epfwndis.inf -> C:\Program Files\ESET\ESET Smart Security\Drivers\epfwndis\epfwndis.inf
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\epfwndis\epfwndis.sys -> C:\Program Files\ESET\ESET Smart Security\Drivers\epfwndis\epfwndis.sys
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\epfwndis\epfwnd_m.inf -> C:\Program Files\ESET\ESET Smart Security\Drivers\epfwndis\epfwnd_m.inf
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\epfwwfp\epfwwfp.cat -> C:\Program Files\ESET\ESET Smart Security\Drivers\epfwwfp\epfwwfp.cat
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\epfwwfp\EpfwWfp.inf -> C:\Program Files\ESET\ESET Smart Security\Drivers\epfwwfp\EpfwWfp.inf
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Drivers\epfwwfp\EpfwWfp.sys -> C:\Program Files\ESET\ESET Smart Security\Drivers\epfwwfp\EpfwWfp.sys
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird\chrome.manifest -> C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird\chrome.manifest
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird\_install_.rdf.zip -> C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird\_install_.rdf.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird\Components\_eplgTb_.dll.zip -> C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird\Components\_eplgTb_.dll.zip
C:\QooBox\Quarantine\C\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird\Components\_eplgTb_.xpt.zip -> C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird\Components\_eplgTb_.xpt.zip
83 File(s) copied

 

[Broni]

How is Eset doing?

 

[across151]

still getting "insufficient privilages" error. I still cant download anything either, maybe its related to combofix since i havent been able to download anything on this machine since the first time i ran combofix