TechSpot

Search Engine Redirecting

By LozzaLay
Nov 11, 2010
  1. Hi,

    When I tried to use Google the other day, I found that everytime I clicked on a link I would be redirected to somewhere else. I tried sites that I had previously gone to, and I got redirected somewhere else.

    I ran a MBAM scan, but it said that it found nothing. Here's the log:

    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org

    Database version: 3930

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18975

    11/11/2010 8:21:53 PM
    mbam-log-2010-11-11 (20-21-53).txt

    Scan type: Full scan (C:\|D:\|E:\|)
    Objects scanned: 242031
    Time elapsed: 1 hour(s), 50 minute(s), 43 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    I've also tried a scan with a spybot program, and ESET, but they didn't pick up anything either. Can somebody please help me? I don't know what I should do.

    Thanks
     
  2. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:

    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. LozzaLay

    LozzaLay TS Rookie Topic Starter Posts: 24

    Step 3: MBAM

    Hey,

    Thanks for the fast response. Ok, I've started following the steps and here is the latest MBAM log:

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4052

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18975

    12/11/2010 5:10:02 PM
    mbam-log-2010-11-12 (17-10-02).txt

    Scan type: Quick scan
    Objects scanned: 120655
    Time elapsed: 11 minute(s), 39 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    I'll keep following the step and post the other logs when they're done.
     
  4. LozzaLay

    LozzaLay TS Rookie Topic Starter Posts: 24

    Reply 4: GMER

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-11-13 00:14:47
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST925082 rev.3.AA
    Running: ti19lsjl.exe; Driver: C:\Users\Lauren\AppData\Local\Temp\axddikoc.sys


    ---- System - GMER 1.0.15 ----

    SSDT 8FF99118 ZwAlertResumeThread
    SSDT 87B22060 ZwAlertThread
    SSDT 8FFB1110 ZwAllocateVirtualMemory
    SSDT 87B817D8 ZwAlpcConnectPort
    SSDT 908F9068 ZwAssignProcessToJobObject
    SSDT 908F8448 ZwCreateMutant
    SSDT 908FB0B8 ZwCreateSymbolicLinkObject
    SSDT 91DFDC00 ZwCreateThread
    SSDT 908E11A8 ZwDebugActiveProcess
    SSDT 8FF50F00 ZwDuplicateObject
    SSDT 8FFB4110 ZwFreeVirtualMemory
    SSDT 908F1108 ZwImpersonateAnonymousToken
    SSDT 908D3108 ZwImpersonateThread
    SSDT 87B22028 ZwLoadDriver
    SSDT 91FBDBD8 ZwMapViewOfSection
    SSDT 8FFB8118 ZwOpenEvent
    SSDT 908E6AD8 ZwOpenProcess
    SSDT 908BF120 ZwOpenProcessToken
    SSDT 8FF9E118 ZwOpenSection
    SSDT 91FBD490 ZwOpenThread
    SSDT 908FBB20 ZwProtectVirtualMemory
    SSDT 91DECD58 ZwResumeThread
    SSDT 8FFF0450 ZwSetContextThread
    SSDT 908B9E00 ZwSetInformationProcess
    SSDT 8FF3FCB0 ZwSetSystemInformation
    SSDT 8FFBB678 ZwSuspendProcess
    SSDT 8FF53F70 ZwSuspendThread
    SSDT 8FE21DD8 ZwTerminateProcess
    SSDT 91FFF710 ZwTerminateThread
    SSDT 8FFE1D58 ZwUnmapViewOfSection
    SSDT 8FFB3110 ZwWriteVirtualMemory
    SSDT 908FB4D8 ZwCreateThreadEx

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!KeSetEvent + 11D 822EA880 8 Bytes [18, 91, F9, 8F, 60, 20, B2, ...] {SBB [ECX+0x20608ff9], DL; MOV DL, 0x87}
    .text ntkrnlpa.exe!KeSetEvent + 131 822EA894 4 Bytes [10, 11, FB, 8F]
    .text ntkrnlpa.exe!KeSetEvent + 13D 822EA8A0 4 Bytes [D8, 17, B8, 87]
    .text ntkrnlpa.exe!KeSetEvent + 191 822EA8F4 4 Bytes [68, 90, 8F, 90]
    .text ntkrnlpa.exe!KeSetEvent + 1F5 822EA958 4 Bytes [48, 84, 8F, 90]
    .text ...
    .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8E602340, 0x3D7A87, 0xE8000020]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\Explorer.EXE[3308] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 7634B37C 4 Bytes [50, 26, 00, 10] {PUSH EAX; ADD ES:[EAX], DL}

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\Explorer.EXE[3308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [738F7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7394A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [738FBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [738EF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [738F75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [738EE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73928395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [738FDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [738EFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [738EFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [738E71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7397CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7391C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [738ED968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [738E6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [738E687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [738F2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3308] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [100027E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
    IAT C:\Windows\Explorer.EXE[3308] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001B60] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
    IAT C:\Windows\Explorer.EXE[3308] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002B60] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
    IAT C:\Windows\Explorer.EXE[3308] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001167ccc5e7
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001fe1f484ef
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001fe1f484ef@0023d700293b 0x53 0x92 0x5B 0xD1 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001fe1f484ef@00131771d3e5 0xD8 0xE3 0x1B 0xB1 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\001167ccc5e7 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\001fe1f484ef (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\001fe1f484ef@0023d700293b 0x53 0x92 0x5B 0xD1 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\001fe1f484ef@00131771d3e5 0xD8 0xE3 0x1B 0xB1 ...

    ---- EOF - GMER 1.0.15 ----
     
  5. LozzaLay

    LozzaLay TS Rookie Topic Starter Posts: 24

    Step 5: DDS

    DDS (Ver_10-11-10.01) - NTFSx86
    Run by Lauren at 0:19:13.76 on Sat 13/11/2010
    Internet Explorer: 8.0.6001.18975
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3066.1244 [GMT 10:00]

    SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Acer\Mobility Center\MobilityService.exe
    C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
    C:\Windows\PLFSetI.exe
    C:\Windows\System32\rundll32.exe
    C:\Users\Lauren\AppData\Local\Temp\RtkBtMnt.exe
    C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Users\Lauren\Program Files\DNA\btdna.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Windows Mail\WinMail.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    E:\stuff\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.jcu.edu.au/
    mStart Page = hxxp://en.au.acer.yahoo.com
    mDefault_Page_URL = hxxp://en.au.acer.yahoo.com
    uInternet Settings,ProxyOverride = <local>;*.local
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.8.0.41\IPSBHO.DLL
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [EPSON TX100 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiedp.exe /fu "c:\windows\temp\E_S29A0.tmp" /EF "HKCU"
    uRun: [BitTorrent DNA] "c:\users\lauren\program files\dna\btdna.exe"
    uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
    uRun: [tuzwtuog] rundll32 "c:\windows\system32\trkwksz.dll",Xipgnwxyr
    uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"http://people.eku.edu/ritchisong/birdrespiration.html"
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
    mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
    mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
    mRun: [PLFSetI] c:\windows\PLFSetI.exe
    mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [eRecoveryService]
    mRun: [ZPdtWzdVitaKey MC3000] "c:\program files\acer\acer bio protection\PdtWzd.exe" show
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Skytel] Skytel.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\users\lauren\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer\acer bio protection\PwdBank.exe
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.8.0.41\CoIEPlg.dll
    Notify: AWinNotifyVitaKey MC3000 - c:\program files\acer\acer bio protection\WinNotify.dll
    LSA: Notification Packages = scecli c:\program files\acer\acer bio protection\PwdFilter

    ============= SERVICES / DRIVERS ===============

    R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\drivers\AlfaFF.sys [2008-7-13 43184]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-2-3 310320]
    R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-2-3 259632]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-2-3 482432]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20101111.001\IDSvix86.sys [2010-10-20 353840]
    R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-4 16384]
    R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-5-15 24576]
    R2 IGBASVC;iGroupTec Service;c:\program files\acer\acer bio protection\BASVC.exe [2008-7-13 3435008]
    R2 N360;Norton 360;c:\program files\norton 360\engine\3.8.0.41\ccSvcHst.exe [2010-2-3 117640]
    R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-7 50424]
    R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-4 131072]
    R2 PenCommService;Livescribe Smartpen Service;c:\program files\common files\livescribe\pencomm\PenCommService.exe [2010-10-18 457728]
    R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-5-11 1153368]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-3-28 210432]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-29 102448]
    R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-5-15 81296]
    R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-5-15 3658752]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-4-21 43552]
    R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\n360\0308000.029\symndisv.sys [2010-2-3 48688]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-5-10 38224]
    S3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\drivers\PulseUsb.sys [2010-5-24 20480]

    =============== Created Last 30 ================

    2010-11-11 08:22:29 -------- d-----r- c:\program files\Norton Support
    2010-11-09 08:04:38 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{48b1c0b1-2fe5-4b04-bd7d-d2b03ee5fc13}\mpengine.dll
    2010-11-07 07:44:36 109056 --sha-r- c:\windows\system32\trkwksz.dll
    2010-10-30 02:19:42 -------- d-----w- c:\progra~2\Livescribe
    2010-10-30 02:09:15 -------- d-----w- c:\users\lauren\appdata\roaming\Temp
    2010-10-28 13:28:37 -------- d-----w- c:\users\lauren\appdata\local\Livescribe
    2010-10-28 13:28:32 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2010-10-28 13:28:32 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
    2010-10-28 13:20:17 -------- d-----w- c:\program files\common files\Livescribe
    2010-10-28 13:20:01 -------- d-----w- c:\progra~2\Livescribe, Inc
    2010-10-28 13:16:21 -------- d-----w- c:\users\lauren\appdata\roaming\Downloaded Installations
    2010-10-27 04:58:16 -------- d-----w- c:\program files\Lame for Audacity
    2010-10-27 04:26:35 -------- d-----w- c:\users\lauren\appdata\roaming\FileOpen
    2010-10-27 04:26:35 -------- d-----w- c:\progra~2\FileOpen
    2010-10-27 04:26:06 -------- d-----w- c:\program files\FileOpen
    2010-10-27 03:30:47 -------- d-----w- c:\program files\Audacity
    2010-10-16 03:18:04 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
    2010-10-16 03:18:02 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2010-10-16 03:16:46 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2010-10-16 03:16:44 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-10-16 03:16:43 304128 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-10-16 03:16:42 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-10-16 03:16:39 17920 ----a-w- c:\windows\system32\netevent.dll
    2010-10-16 03:16:08 274944 ----a-w- c:\windows\system32\schannel.dll
    2010-10-16 03:16:00 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
    2010-10-16 03:16:00 1316864 ----a-w- c:\windows\system32\ole32.dll
    2010-10-16 03:14:50 2038272 ----a-w- c:\windows\system32\win32k.sys
    2010-10-16 03:14:45 231424 ----a-w- c:\windows\system32\msshsq.dll
    2010-10-16 03:14:41 867328 ----a-w- c:\windows\system32\wmpmde.dll
    2010-10-16 03:14:34 531968 ----a-w- c:\windows\system32\comctl32.dll

    ==================== Find3M ====================

    2010-11-11 12:20:14 952 --sha-w- c:\progra~2\KGyGaAvL.sys
    2010-10-19 01:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-09-14 18:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
    2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-09-08 01:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 01:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-08-31 15:46:37 954752 ----a-w- c:\windows\system32\mfc40.dll
    2010-08-31 15:46:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2010-08-26 16:37:45 157184 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
    2008-09-10 07:39:54 14228264 ----a-w- c:\program files\iTunes.exe

    ============= FINISH: 0:20:13.13 ===============
     
  6. LozzaLay

    LozzaLay TS Rookie Topic Starter Posts: 24

    Step 5: DDS - Attach log

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-11-10.01)

    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 13/07/2008 2:52:44 PM
    System Uptime: 11/12/2010 8:40:59 PM (-692 hours ago)

    Motherboard: Acer, Inc. | | Monserrat
    Processor: Intel(R) Core(TM)2 Duo CPU T9400 @ 2.53GHz | U2E1 | 800/266mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 111 GiB total, 56.662 GiB free.
    D: is FIXED (NTFS) - 233 GiB total, 13.949 GiB free.
    E: is FIXED (NTFS) - 111 GiB total, 74.135 GiB free.
    F: is CDROM (UDF)

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================


    ==== Installed Programs ======================

    2007 Microsoft Office system
    AAC Decoder
    ABBYY FineReader 6.0 Sprint
    AC3Filter (remove only)
    Acer Bio Protection
    Acer Crystal Eye Webcam 2.0.8
    Acer eDataSecurity Management
    Acer Empowering Technology
    Acer ePower Management
    Acer eRecovery Management
    Acer eSettings Management
    Acer GridVista
    Acer Mobility Center Plug-In
    Acer ScreenSaver
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe Flash Player 10 ActiveX
    Adobe Reader 8.1.6
    Adobe Shockwave Player
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Audacity 1.2.6
    AuthenTec Fingerprint Sensor Minimum Install
    AutoUpdate
    Beatles Mad Day Screensaver
    BitTorrent
    Bonjour
    Broadcom Gigabit Integrated Controller
    Business Contact Manager for Outlook 2007 SP2
    CCleaner
    DC++ 0.7091
    DivX Codec
    DivX Plus DirectShow Filters
    DivX Version Checker
    DivX Web Player
    DNA
    EndNote X2
    Epson Easy Photo Print 2
    EPSON Scan
    EPSON Stylus SX100_TX100 Manual
    EPSON TX100 Series Printer Uninstall
    FileOpen Client
    GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
    GearDrvs
    H.264 Decoder
    HDAUDIO Soft Data Fax Modem with SmartCP
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Intel® Matrix Storage Manager
    InterVideo WinDVD 8
    ISI ResearchSoft - Export Helper
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 22
    JMicron JMB38X Flash Media Controller
    KIMI RÄIKKÖNEN Screen Saver
    LAME v3.98.2 for Audacity
    Launch Manager
    LightScribe 1.4.142.1
    Livescribe Desktop
    Livescribe Desktop Documentation
    Livescribe Desktop Print Your Own Paper
    Livescribe Desktop Vision Objects Elements
    Livescribe Smartpen Driver
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Hybrid 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    mIRC
    MKV Splitter
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Norton 360
    NTI Backup Now 5
    NTI Backup Now Standard
    NTI Media Maker 8
    NTI Shadow
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    QuickTime
    Realtek High Definition Audio Driver
    SAMSUNG Mobile Composite Device Software
    SAMSUNG Mobile Modem Driver Set
    Samsung Mobile phone USB driver Software
    SAMSUNG Mobile USB Modem 1.0 Software
    SAMSUNG Mobile USB Modem Software
    Samsung PC Studio 3
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office Outlook 2007 (KB2288953)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB982124)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Skype web features
    Skype™ 4.1
    Spelling Dictionaries Support For Adobe Reader 8
    Spybot - Search & Destroy
    Synaptics Pointing Device Driver
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Outlook 2007 Junk Email Filter (KB2443839)
    VC80CRTRedist - 8.0.50727.762
    VLC media player 0.9.9
    WIDCOMM Bluetooth Software 6.0.1.6300
    Windows Driver Package - Livescribe (PulseUsb) DigitalPen (07/22/2009 2.1.6.0)
    Windows Driver Package - Livescribe (PulseUsb) DigitalPen (08/03/2010 2.2.6.0)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Yahoo! Toolbar

    ==== End Of File ===========================
     
  7. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.
     
  8. LozzaLay

    LozzaLay TS Rookie Topic Starter Posts: 24

    MBRCheck

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 32-bit
    Base Board Manufacturer: Acer, Inc.
    BIOS Manufacturer: Acer
    System Manufacturer: Acer, inc.
    System Product Name: TravelMate 7730G
    Logical Drives Mask: 0x0000003c

    Kernel Drivers (total 170):
    0x8223E000 \SystemRoot\system32\ntkrnlpa.exe
    0x8220B000 \SystemRoot\system32\hal.dll
    0x80402000 \SystemRoot\system32\kdcom.dll
    0x80409000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x80479000 \SystemRoot\system32\PSHED.dll
    0x8048A000 \SystemRoot\system32\BOOTVID.dll
    0x80492000 \SystemRoot\system32\CLFS.SYS
    0x804D3000 \SystemRoot\system32\CI.dll
    0x80606000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x80677000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x80685000 \SystemRoot\system32\drivers\acpi.sys
    0x806CB000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x806D4000 \SystemRoot\system32\drivers\msisadrv.sys
    0x806DC000 \SystemRoot\system32\drivers\pci.sys
    0x80703000 \SystemRoot\System32\drivers\partmgr.sys
    0x80712000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x80715000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x8071F000 \SystemRoot\system32\drivers\volmgr.sys
    0x8072E000 \SystemRoot\System32\drivers\volmgrx.sys
    0x80778000 \SystemRoot\system32\DRIVERS\pcmcia.sys
    0x807A5000 \SystemRoot\System32\drivers\mountmgr.sys
    0x807B5000 \SystemRoot\System32\Drivers\UBHelper.sys
    0x8A204000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x8A2D2000 \SystemRoot\system32\drivers\atapi.sys
    0x8A2DA000 \SystemRoot\system32\drivers\ataport.SYS
    0x8A2F8000 \SystemRoot\system32\drivers\fltmgr.sys
    0x8A32A000 \SystemRoot\system32\drivers\fileinfo.sys
    0x8A33A000 \SystemRoot\system32\DRIVERS\psdfilter.sys
    0x8A343000 \SystemRoot\system32\drivers\N360\0308000.029\SYMEFA.SYS
    0x8A392000 \SystemRoot\system32\Drivers\AlfaFF.sys
    0x8A404000 \SystemRoot\system32\Drivers\ksecdd.sys
    0x8A475000 \SystemRoot\system32\drivers\ndis.sys
    0x8A580000 \SystemRoot\system32\drivers\msrpc.sys
    0x8A5AB000 \SystemRoot\system32\drivers\NETIO.SYS
    0x8A607000 \SystemRoot\System32\drivers\tcpip.sys
    0x8A6F1000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8A802000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x8A912000 \SystemRoot\system32\drivers\volsnap.sys
    0x8A94B000 \SystemRoot\System32\Drivers\spldr.sys
    0x8A953000 \SystemRoot\System32\Drivers\mup.sys
    0x8A962000 \SystemRoot\System32\drivers\ecache.sys
    0x8A989000 \SystemRoot\system32\drivers\disk.sys
    0x8A99A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x8A9BB000 \SystemRoot\system32\drivers\crcdisk.sys
    0x8A9D1000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x8A9DC000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x8A9E5000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x8A9E9000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x8E602000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x8ED1C000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x8EDBB000 \SystemRoot\System32\drivers\watchdog.sys
    0x8EDC7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x8A39B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x8EDD2000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x8F20C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x8F299000 \SystemRoot\system32\DRIVERS\jmcr.sys
    0x8F2AD000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    0x8F404000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
    0x8F78B000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
    0x8F7C2000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x8F7D5000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
    0x8F7DF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x8F2D3000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x8F7EA000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x8F7EC000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x8F302000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8F7F7000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
    0x8F31A000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x8F320000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x8F32F000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x8F35E000 \SystemRoot\system32\DRIVERS\storport.sys
    0x8F39F000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8F3AA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8F3C1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8F3CC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x8F3EF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x8EDE1000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x8A7DA000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x8A7EF000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8F400000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x807BD000 \SystemRoot\system32\DRIVERS\ks.sys
    0x8F200000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x8A9F2000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x805B3000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x8A5E6000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x8F800000 \SystemRoot\system32\drivers\RTKVHDA.sys
    0x8FA0E000 \SystemRoot\system32\drivers\portcls.sys
    0x8FA3B000 \SystemRoot\system32\drivers\drmk.sys
    0x8FA60000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
    0x8FA9E000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
    0x8FC05000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
    0x8FCBA000 \SystemRoot\system32\drivers\modem.sys
    0x8FCC7000 \SystemRoot\system32\drivers\nvhda32v.sys
    0x8FCD5000 \SystemRoot\system32\DRIVERS\ATSwpDrv.sys
    0x8FCF8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x8FD0F000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x8FD30000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x8FD39000 \SystemRoot\System32\Drivers\Null.SYS
    0x8FD40000 \SystemRoot\System32\Drivers\Beep.SYS
    0x8FD47000 \SystemRoot\System32\drivers\vga.sys
    0x8FD53000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x8FD74000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x8FD7C000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x8FD84000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x8FD8F000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x8FD9D000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x8FDA6000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x8FDBC000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMTDI.SYS
    0x8FBA1000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
    0x8FDF0000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMNDISV.SYS
    0x8FBC6000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMFW.SYS
    0x8FBDB000 \SystemRoot\system32\DRIVERS\smb.sys
    0x90E09000 \SystemRoot\system32\drivers\afd.sys
    0x90E51000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x90E83000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x90E99000 \SystemRoot\system32\DRIVERS\SymIMv.sys
    0x90EA2000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x90EB0000 \SystemRoot\System32\Drivers\StarOpen.SYS
    0x90EB6000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x90EC9000 \SystemRoot\system32\drivers\N360\0308000.029\SRTSPX.SYS
    0x90ED3000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x90F0F000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x90F19000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101111.001\IDSvix86.sys
    0x90F74000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    0x90FD2000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    0x8A3D9000 \SystemRoot\System32\Drivers\dfsc.sys
    0x91A02000 \SystemRoot\System32\Drivers\N360\0308000.029\ccHPx86.sys
    0x91A7D000 \SystemRoot\System32\Drivers\N360\0308000.029\BHDrvx86.sys
    0x91ABF000 \SystemRoot\system32\DRIVERS\udfs.sys
    0x91AFA000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x91B07000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x9C270000 \SystemRoot\System32\win32k.sys
    0x91BD5000 \SystemRoot\System32\drivers\Dxapi.sys
    0x91BDF000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x9C490000 \SystemRoot\System32\TSDDD.dll
    0x8A70C000 \SystemRoot\system32\drivers\luafv.sys
    0x9C4B0000 \SystemRoot\System32\cdd.dll
    0x8A727000 \SystemRoot\system32\drivers\spsys.sys
    0x91BEE000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0xA0808000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0xA0832000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xA083C000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0xA084F000 \SystemRoot\system32\drivers\HTTP.sys
    0xA08BC000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0xA08D9000 \SystemRoot\system32\DRIVERS\bowser.sys
    0xA08F2000 \SystemRoot\System32\drivers\mpsdrv.sys
    0xA0907000 \SystemRoot\system32\drivers\mrxdav.sys
    0xA0928000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xA0947000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0xA0980000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0xA0998000 \SystemRoot\System32\DRIVERS\srv2.sys
    0xA2202000 \SystemRoot\System32\DRIVERS\srv.sys
    0xA2250000 \??\C:\Windows\system32\drivers\int15.sys
    0xA2261000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xA2265000 \SystemRoot\system32\drivers\peauth.sys
    0xA2343000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
    0xA234C000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
    0xA235E000 \SystemRoot\system32\drivers\regi.sys
    0xA2360000 \SystemRoot\System32\Drivers\secdrv.SYS
    0xA236A000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xA2376000 \SystemRoot\system32\DRIVERS\xaudio.sys
    0xA237E000 \SystemRoot\System32\Drivers\N360\0308000.029\SRTSP.SYS
    0xAA364000 \??\C:\Users\Lauren\AppData\Local\Temp\axddikoc.sys
    0xAA3C0000 \??\C:\Users\Lauren\AppData\Local\Temp\mbr.sys
    0xAA200000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101112.002\NAVEX15.SYS
    0xAA34E000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101112.002\NAVENG.SYS
    0xAA3DB000 \SystemRoot\system32\DRIVERS\sscdwh.sys
    0xAA3F8000 \SystemRoot\system32\DRIVERS\sscdcm.sys
    0xA23D1000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x778A0000 \Windows\System32\ntdll.dll

    Processes (total 91):
    0 System Idle Process
    4 System
    484 C:\Windows\System32\smss.exe
    552 csrss.exe
    604 C:\Windows\System32\wininit.exe
    612 csrss.exe
    648 C:\Windows\System32\services.exe
    680 C:\Windows\System32\lsass.exe
    688 C:\Windows\System32\lsm.exe
    816 C:\Windows\System32\svchost.exe
    860 C:\Windows\System32\nvvsvc.exe
    884 C:\Windows\System32\svchost.exe
    924 C:\Windows\System32\svchost.exe
    976 C:\Windows\System32\svchost.exe
    1008 C:\Windows\System32\svchost.exe
    1020 C:\Windows\System32\svchost.exe
    1096 C:\Windows\System32\audiodg.exe
    1116 C:\Windows\System32\svchost.exe
    1132 C:\Windows\System32\SLsvc.exe
    1180 C:\Windows\System32\svchost.exe
    1284 C:\Windows\System32\winlogon.exe
    1360 C:\Windows\System32\svchost.exe
    1548 C:\Windows\System32\rundll32.exe
    1620 C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
    1788 C:\Windows\System32\spoolsv.exe
    1828 C:\Windows\System32\svchost.exe
    2000 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    2028 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    124 C:\Program Files\Bonjour\mDNSResponder.exe
    228 C:\Windows\System32\svchost.exe
    300 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    348 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    676 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    1172 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    596 C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
    1868 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    1916 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    280 C:\ACER\Mobility Center\MobilityService.exe
    2084 C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
    2140 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    2160 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    2236 C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe
    2292 C:\Windows\System32\svchost.exe
    2360 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    2412 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    2440 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    2464 C:\Windows\System32\svchost.exe
    2508 C:\Windows\System32\svchost.exe
    2548 C:\Windows\System32\SearchIndexer.exe
    2584 C:\Windows\System32\drivers\XAudio.exe
    2748 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    3112 unsecapp.exe
    3120 WmiPrvSE.exe
    3144 dllhost.exe
    3472 C:\Windows\System32\svchost.exe
    3844 C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
    2884 C:\Windows\System32\taskeng.exe
    1196 C:\Windows\System32\dwm.exe
    3308 C:\Windows\explorer.exe
    452 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    1400 C:\Windows\RtHDVCpl.exe
    1680 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    3696 C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
    3692 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    520 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
    2172 C:\Windows\PLFSetI.exe
    4388 C:\Windows\System32\rundll32.exe
    4412 C:\Users\Lauren\AppData\Local\Temp\RtkBtMnt.exe
    4420 C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
    4456 C:\Program Files\iTunes\iTunesHelper.exe
    4472 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    4484 C:\Program Files\Windows Sidebar\sidebar.exe
    4560 C:\Program Files\Windows Sidebar\sidebar.exe
    4776 C:\Users\Lauren\Program Files\DNA\btdna.exe
    4832 C:\Windows\System32\wbem\unsecapp.exe
    4880 C:\Windows\System32\rundll32.exe
    4932 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    5032 C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
    5228 C:\Program Files\iPod\bin\iPodService.exe
    1204 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    4188 C:\Program Files\Windows Mail\WinMail.exe
    5928 C:\Windows\System32\taskeng.exe
    4960 C:\Windows\System32\mobsync.exe
    2200 taskeng.exe
    2888 C:\Windows\System32\VSSVC.exe
    3832 C:\Windows\System32\svchost.exe
    5884 C:\Windows\System32\SearchProtocolHost.exe
    3244 C:\Windows\System32\SearchFilterHost.exe
    6032 dllhost.exe
    1068 dllhost.exe
    4536 E:\stuff\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
    \\.\E: --> \\.\PhysicalDrive0 at offset 0x0000001e`5c500000 (NTFS)

    PhysicalDrive0 Model Number: ST9250827AS, Rev: 3.AAA
    PhysicalDrive1 Model Number: ST9250827AS, Rev: 3.AAA

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 Acer MBR code detected
    SHA1: 32C70BE973F8E85AEDC1594C905FB8D402DF20D6
    232 GB \\.\PhysicalDrive1 Unknown MBR code
    SHA1: B8E2175818464D3FFEB1C1B647995AD0F49BFDB5


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!
     
  9. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    That looks good :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.pif
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  10. LozzaLay

    LozzaLay TS Rookie Topic Starter Posts: 24

    ComboFix

    ComboFix 10-11-12.01 - Lauren 13/11/2010 13:13:55.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3066.1147 [GMT 10:00]
    Running from: e:\stuff\ComboFix.exe
    SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Acer\Acer Bio Protection\PwdFilter.dll

    .
    ((((((((((((((((((((((((( Files Created from 2010-10-13 to 2010-11-13 )))))))))))))))))))))))))))))))
    .

    2010-11-13 03:27 . 2010-11-13 03:33 -------- d-----w- c:\users\Lauren\AppData\Local\temp
    2010-11-13 03:27 . 2010-11-13 03:27 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-11-13 00:49 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AE729071-7A95-484F-BE06-6D5B09AF76FB}\mpengine.dll
    2010-11-11 08:22 . 2010-11-11 08:22 -------- d-----r- c:\program files\Norton Support
    2010-11-11 06:33 . 2010-11-11 06:33 -------- d-----w- c:\program files\Common Files\Java
    2010-11-07 07:44 . 2010-11-07 07:44 109056 --sha-r- c:\windows\system32\trkwksz.dll
    2010-10-30 02:19 . 2010-10-30 02:19 -------- d-----w- c:\programdata\Livescribe
    2010-10-28 13:28 . 2010-10-28 13:32 -------- d-----w- c:\users\Lauren\AppData\Local\Livescribe
    2010-10-28 13:28 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2010-10-28 13:28 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
    2010-10-28 13:20 . 2010-10-30 02:19 -------- d-----w- c:\program files\Common Files\Livescribe
    2010-10-28 13:16 . 2010-10-28 13:16 -------- d-----w- c:\users\Lauren\AppData\Roaming\Downloaded Installations
    2010-10-27 04:58 . 2010-10-27 04:58 -------- d-----w- c:\program files\Lame for Audacity
    2010-10-27 04:26 . 2010-10-27 04:26 -------- d-----w- c:\users\Lauren\AppData\Roaming\FileOpen
    2010-10-27 04:26 . 2010-10-27 04:26 -------- d-----w- c:\programdata\FileOpen
    2010-10-27 04:26 . 2010-10-27 04:26 -------- d-----w- c:\program files\FileOpen
    2010-10-27 03:30 . 2010-10-27 03:30 -------- d-----w- c:\program files\Audacity
    2010-10-27 03:26 . 2010-10-27 03:26 -------- d-----w- c:\users\Lauren\AppData\Roaming\Syntrillium
    2010-10-16 03:18 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
    2010-10-16 03:18 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2010-10-16 03:16 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2010-10-16 03:16 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-10-16 03:16 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-10-16 03:16 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-10-16 03:16 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
    2010-10-16 03:16 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
    2010-10-16 03:16 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
    2010-10-16 03:16 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
    2010-10-16 03:14 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
    2010-10-16 03:14 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
    2010-10-16 03:14 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
    2010-10-16 03:14 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-11 12:20 . 2009-05-11 06:30 952 --sha-w- c:\programdata\KGyGaAvL.sys
    2010-10-19 01:41 . 2010-02-21 16:40 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-10-04 10:07 . 2010-10-04 10:07 9524240 ----a-w- c:\users\Public\LDWin_Update_17_29661.exe
    2010-09-14 18:50 . 2010-05-31 01:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-08 01:17 . 2010-09-08 01:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 01:17 . 2010-09-08 01:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-08-17 14:11 . 2010-09-15 01:47 128000 ----a-w- c:\windows\system32\spoolsv.exe
    2008-09-10 07:39 . 2009-02-12 22:08 14228264 ----a-w- c:\program files\iTunes.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2008-03-05 06:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "BitTorrent DNA"="c:\users\Lauren\Program Files\DNA\btdna.exe" [2009-10-07 323392]
    "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]
    "tuzwtuog"="c:\windows\system32\trkwksz.dll" [2010-11-07 109056]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-04-21 6037504]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
    "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-23 397312]
    "eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 526896]
    "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040]
    "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
    "LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-07-08 858632]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-21 13535776]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-21 92704]
    "ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-07-13 3625984]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
    "Skytel"="Skytel.exe" [2008-04-21 1826816]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-23 421160]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

    c:\users\Lauren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-13 723496]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
    2008-07-13 05:08 2938880 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
    @="FSFilter Activity Monitor"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
    R3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\DRIVERS\PulseUsb.sys [2010-05-23 20480]
    R3 SmartpenBus;Smartpen Enumerator;c:\windows\system32\DRIVERS\SmartpenBus.sys [x]
    R3 SmartpenCom;Smartpen Communications;c:\windows\system32\DRIVERS\SmartpenCom.sys [x]
    S0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2008-07-13 43184]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2009-08-22 310320]
    S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2009-08-22 259632]
    S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2009-08-22 482432]
    S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101112.001\IDSvix86.sys [2010-10-19 353840]
    S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
    S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
    S2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2008-07-13 3435008]
    S2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2009-08-22 117640]
    S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-07 50424]
    S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
    S2 PenCommService;Livescribe Smartpen Service;c:\program files\Common Files\Livescribe\PenComm\PenCommService.exe [2010-10-18 457728]
    S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448]
    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-21 81296]
    S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-04-21 43552]
    S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [2009-08-22 48688]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    .
    Contents of the 'Scheduled Tasks' folder

    2010-11-13 c:\windows\Tasks\User_Feed_Synchronization-{7F5CCD73-BC79-44E7-A722-80D8A7E7FA7C}.job
    - c:\windows\system32\msfeedssync.exe [2010-10-16 04:25]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.jcu.edu.au/
    mStart Page = hxxp://en.au.acer.yahoo.com
    uInternet Settings,ProxyOverride = <local>;*.local
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-eRecoveryService - (no file)



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-13 13:33
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    c:\windows\TEMP\TMP0000003FA9E098AC53B9EC62 524288 bytes executable

    scan completed successfully
    hidden files: 1

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(3908)
    c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
    c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
    c:\windows\System32\NLSData0009.dll
    c:\windows\System32\SyncCenter.dll
    c:\windows\system32\btncopy.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\acer\Mobility Center\MobilityService.exe
    c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\windows\system32\DllHost.exe
    .
    **************************************************************************
    .
    Completion time: 2010-11-13 13:39:11 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-11-13 03:39

    Pre-Run: 60,728,655,872 bytes free
    Post-Run: 60,372,389,888 bytes free

    - - End Of File - - 358B4CF86461F6877D82AA42C6C58AD4
     
  11. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    My instructions CLEARLY say to run Combofix from the desktop.
    Please, move Combofix to appropriate location.

    ========================================================================

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system32\trkwksz.dll
    c:\windows\TEMP\TMP0000003FA9E098AC53B9EC62
    
    DDS::
    uInternet Settings,ProxyOverride = <local>;*.local
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    
    
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "tuzwtuog"=-
    
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  12. LozzaLay

    LozzaLay TS Rookie Topic Starter Posts: 24

    Combo Fix

    ComboFix 10-11-12.01 - Lauren 14/11/2010 10:51:39.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3066.1774 [GMT 10:00]
    Running from: C:\Users\Lauren\Desktop\ComboFix.exe
    Command switches used :: C:\Users\Lauren\Desktop\CFScript.txt
    SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    FILE ::
    "c:\windows\system32\trkwksz.dll"
    "c:\windows\TEMP\TMP0000003FA9E098AC53B9EC62"
    .

    ((((((((((((((((((((((((( Files Created from 2010-10-14 to 2010-11-14 )))))))))))))))))))))))))))))))
    .

    2010-11-14 01:04:07 . 2010-11-14 01:04:17 -------- d-----w- C:\Users\Lauren\AppData\Local\temp
    2010-11-14 01:04:07 . 2010-11-14 01:04:07 -------- d-----w- C:\Users\Default\AppData\Local\temp
    2010-11-13 00:49:44 . 2010-10-07 23:21:31 6146896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AE729071-7A95-484F-BE06-6D5B09AF76FB}\mpengine.dll
    2010-11-11 08:22:29 . 2010-11-11 08:22:30 -------- d-----r- C:\Program Files\Norton Support
    2010-11-11 06:33:15 . 2010-11-11 06:33:15 -------- d-----w- C:\Program Files\Common Files\Java
    2010-11-07 07:44:36 . 2010-11-07 07:44:36 109056 --sha-r- C:\Windows\system32\trkwksz.dll
    2010-10-30 02:19:42 . 2010-10-30 02:19:42 -------- d-----w- C:\ProgramData\Livescribe
    2010-10-28 13:28:37 . 2010-10-28 13:32:12 -------- d-----w- C:\Users\Lauren\AppData\Local\Livescribe
    2010-10-28 13:28:32 . 2009-07-14 17:45:07 445008 ----a-w- C:\Windows\system32\drivers\Wdf01000.sys
    2010-10-28 13:28:32 . 2009-07-14 17:45:07 38480 ----a-w- C:\Windows\system32\drivers\WdfLdr.sys
    2010-10-28 13:20:17 . 2010-10-30 02:19:41 -------- d-----w- C:\Program Files\Common Files\Livescribe
    2010-10-28 13:16:21 . 2010-10-28 13:16:21 -------- d-----w- C:\Users\Lauren\AppData\Roaming\Downloaded Installations
    2010-10-27 04:58:16 . 2010-10-27 04:58:16 -------- d-----w- C:\Program Files\Lame for Audacity
    2010-10-27 04:26:35 . 2010-10-27 04:26:40 -------- d-----w- C:\Users\Lauren\AppData\Roaming\FileOpen
    2010-10-27 04:26:35 . 2010-10-27 04:26:35 -------- d-----w- C:\ProgramData\FileOpen
    2010-10-27 04:26:06 . 2010-10-27 04:26:06 -------- d-----w- C:\Program Files\FileOpen
    2010-10-27 03:30:47 . 2010-10-27 03:30:49 -------- d-----w- C:\Program Files\Audacity
    2010-10-27 03:26:23 . 2010-10-27 03:26:23 -------- d-----w- C:\Users\Lauren\AppData\Roaming\Syntrillium
    2010-10-16 03:18:04 . 2010-09-13 13:56:02 168960 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
    2010-10-16 03:18:02 . 2010-09-13 13:56:41 8147456 ----a-w- C:\Windows\system32\wmploc.DLL
    2010-10-16 03:16:46 . 2010-09-06 16:20:29 125952 ----a-w- C:\Windows\system32\srvsvc.dll
    2010-10-16 03:16:44 . 2010-09-06 13:45:19 102400 ----a-w- C:\Windows\system32\drivers\srvnet.sys
    2010-10-16 03:16:43 . 2010-09-06 13:45:38 304128 ----a-w- C:\Windows\system32\drivers\srv.sys
    2010-10-16 03:16:42 . 2010-09-06 13:45:22 145408 ----a-w- C:\Windows\system32\drivers\srv2.sys
    2010-10-16 03:16:39 . 2010-09-06 16:19:06 17920 ----a-w- C:\Windows\system32\netevent.dll
    2010-10-16 03:16:08 . 2010-08-10 15:53:15 274944 ----a-w- C:\Windows\system32\schannel.dll
    2010-10-16 03:16:00 . 2010-06-28 17:00:21 1316864 ----a-w- C:\Windows\system32\ole32.dll
    2010-10-16 03:16:00 . 2010-06-28 14:54:38 339968 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
    2010-10-16 03:14:50 . 2010-08-31 13:27:38 2038272 ----a-w- C:\Windows\system32\win32k.sys
    2010-10-16 03:14:45 . 2010-05-04 19:13:07 231424 ----a-w- C:\Windows\system32\msshsq.dll
    2010-10-16 03:14:41 . 2010-08-20 16:05:07 867328 ----a-w- C:\Windows\system32\wmpmde.dll
    2010-10-16 03:14:34 . 2010-08-31 15:44:31 531968 ----a-w- C:\Windows\system32\comctl32.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-11 12:20:14 . 2009-05-11 06:30:34 952 --sha-w- C:\ProgramData\KGyGaAvL.sys
    2010-10-19 01:41:44 . 2010-02-21 16:40:44 222080 ------w- C:\Windows\system32\MpSigStub.exe
    2010-10-04 10:07:35 . 2010-10-04 10:07:28 9524240 ----a-w- C:\Users\Public\LDWin_Update_17_29661.exe
    2010-09-14 18:50:37 . 2010-05-31 01:29:45 472808 ----a-w- C:\Windows\system32\deployJava1.dll
    2010-09-08 01:17:46 . 2010-09-08 01:17:46 94208 ----a-w- C:\Windows\system32\QuickTimeVR.qtx
    2010-09-08 01:17:46 . 2010-09-08 01:17:46 69632 ----a-w- C:\Windows\system32\QuickTime.qts
    2010-08-17 14:11:37 . 2010-09-15 01:47:06 128000 ----a-w- C:\Windows\system32\spoolsv.exe
    2008-09-10 07:39:54 . 2009-02-12 22:08:43 14228264 ----a-w- C:\Program Files\iTunes.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2008-03-05 06:38:12 121392 ----a-w- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2009-04-11 06:28:03 1233920]
    "BitTorrent DNA"="C:\Users\Lauren\Program Files\DNA\btdna.exe" [2009-10-07 09:19:04 323392]
    "AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 01:02:04 2356088]
     
  13. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    The log is incomplete.
    Please, repost.
     
  14. LozzaLay

    LozzaLay TS Rookie Topic Starter Posts: 24

    That's all that there was in the text document. Do you want me to re-run ComboFix again?
     
  15. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Please do.
    Make sure, you include the script from my reply #11.
     
  16. LozzaLay

    LozzaLay TS Rookie Topic Starter Posts: 24

    ComboFix 10-11-12.01 - Lauren 14/11/2010 12:53:57.3.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3066.1832 [GMT 10:00]
    Running from: c:\users\Lauren\Desktop\ComboFix.exe
    Command switches used :: c:\users\Lauren\Desktop\CFScript.txt
    SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    FILE ::
    "c:\windows\system32\trkwksz.dll"
    "c:\windows\TEMP\TMP0000003FA9E098AC53B9EC62"
    .

    ((((((((((((((((((((((((( Files Created from 2010-10-14 to 2010-11-14 )))))))))))))))))))))))))))))))
    .

    2010-11-14 03:06 . 2010-11-14 03:06 -------- d-----w- c:\users\Lauren\AppData\Local\temp
    2010-11-14 03:06 . 2010-11-14 03:06 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-11-13 00:49 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AE729071-7A95-484F-BE06-6D5B09AF76FB}\mpengine.dll
    2010-11-11 08:22 . 2010-11-11 08:22 -------- d-----r- c:\program files\Norton Support
    2010-11-11 06:33 . 2010-11-11 06:33 -------- d-----w- c:\program files\Common Files\Java
    2010-11-07 07:44 . 2010-11-07 07:44 109056 --sha-r- c:\windows\system32\trkwksz.dll
    2010-10-30 02:19 . 2010-10-30 02:19 -------- d-----w- c:\programdata\Livescribe
    2010-10-28 13:28 . 2010-10-28 13:32 -------- d-----w- c:\users\Lauren\AppData\Local\Livescribe
    2010-10-28 13:28 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2010-10-28 13:28 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
    2010-10-28 13:20 . 2010-10-30 02:19 -------- d-----w- c:\program files\Common Files\Livescribe
    2010-10-28 13:16 . 2010-10-28 13:16 -------- d-----w- c:\users\Lauren\AppData\Roaming\Downloaded Installations
    2010-10-27 04:58 . 2010-10-27 04:58 -------- d-----w- c:\program files\Lame for Audacity
    2010-10-27 04:26 . 2010-10-27 04:26 -------- d-----w- c:\users\Lauren\AppData\Roaming\FileOpen
    2010-10-27 04:26 . 2010-10-27 04:26 -------- d-----w- c:\programdata\FileOpen
    2010-10-27 04:26 . 2010-10-27 04:26 -------- d-----w- c:\program files\FileOpen
    2010-10-27 03:30 . 2010-10-27 03:30 -------- d-----w- c:\program files\Audacity
    2010-10-27 03:26 . 2010-10-27 03:26 -------- d-----w- c:\users\Lauren\AppData\Roaming\Syntrillium
    2010-10-16 03:18 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
    2010-10-16 03:18 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2010-10-16 03:16 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2010-10-16 03:16 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-10-16 03:16 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-10-16 03:16 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-10-16 03:16 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
    2010-10-16 03:16 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
    2010-10-16 03:16 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
    2010-10-16 03:16 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
    2010-10-16 03:14 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
    2010-10-16 03:14 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
    2010-10-16 03:14 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
    2010-10-16 03:14 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-11 12:20 . 2009-05-11 06:30 952 --sha-w- c:\programdata\KGyGaAvL.sys
    2010-10-19 01:41 . 2010-02-21 16:40 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-10-04 10:07 . 2010-10-04 10:07 9524240 ----a-w- c:\users\Public\LDWin_Update_17_29661.exe
    2010-09-14 18:50 . 2010-05-31 01:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-08 01:17 . 2010-09-08 01:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 01:17 . 2010-09-08 01:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-08-17 14:11 . 2010-09-15 01:47 128000 ----a-w- c:\windows\system32\spoolsv.exe
    2008-09-10 07:39 . 2009-02-12 22:08 14228264 ----a-w- c:\program files\iTunes.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2008-03-05 06:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "BitTorrent DNA"="c:\users\Lauren\Program Files\DNA\btdna.exe" [2009-10-07 323392]
    "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-04-21 6037504]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
    "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-23 397312]
    "eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 526896]
    "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040]
    "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
    "LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-07-08 858632]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-21 13535776]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-21 92704]
    "ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-07-13 3625984]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
    "Skytel"="Skytel.exe" [2008-04-21 1826816]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-23 421160]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

    c:\users\Lauren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-13 723496]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
    2008-07-13 05:08 2938880 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
    @="FSFilter Activity Monitor"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    R2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2008-07-13 3435008]
    R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
    R3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\DRIVERS\PulseUsb.sys [2010-05-23 20480]
    R3 SmartpenBus;Smartpen Enumerator;c:\windows\system32\DRIVERS\SmartpenBus.sys [x]
    R3 SmartpenCom;Smartpen Communications;c:\windows\system32\DRIVERS\SmartpenCom.sys [x]
    S0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2008-07-13 43184]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2009-08-22 310320]
    S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2009-08-22 259632]
    S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2009-08-22 482432]
    S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101112.001\IDSvix86.sys [2010-10-19 353840]
    S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
    S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
    S2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2009-08-22 117640]
    S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-07 50424]
    S2 PenCommService;Livescribe Smartpen Service;c:\program files\Common Files\Livescribe\PenComm\PenCommService.exe [2010-10-18 457728]
    S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448]
    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-21 81296]
    S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-04-21 43552]
    S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [2009-08-22 48688]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    .
    Contents of the 'Scheduled Tasks' folder

    2010-11-14 c:\windows\Tasks\User_Feed_Synchronization-{7F5CCD73-BC79-44E7-A722-80D8A7E7FA7C}.job
    - c:\windows\system32\msfeedssync.exe [2010-10-16 04:25]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.jcu.edu.au/
    mStart Page = hxxp://en.au.acer.yahoo.com
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-14 13:06
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(4924)
    c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
    c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
    c:\windows\system32\btmmhook.dll
    c:\windows\System32\SysHook.dll
    c:\windows\System32\NLSLexicons0009.dll
    .
    Completion time: 2010-11-14 13:10:17
    ComboFix-quarantined-files.txt 2010-11-14 03:10
    ComboFix2.txt 2010-11-13 03:39

    Pre-Run: 63,457,038,336 bytes free
    Post-Run: 63,233,892,352 bytes free

    - - End Of File - - 95ECAED50634EC6978CDABC925A0E636
     
  17. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system32\trkwksz.dll
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  18. LozzaLay

    LozzaLay TS Rookie Topic Starter Posts: 24

    ComboFix 10-11-12.01 - Lauren 14/11/2010 14:30:54.4.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3066.1791 [GMT 10:00]
    Running from: c:\users\Lauren\Desktop\ComboFix.exe
    Command switches used :: c:\users\Lauren\Desktop\CFScript.txt
    SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    FILE ::
    "c:\windows\system32\trkwksz.dll"
    .

    ((((((((((((((((((((((((( Files Created from 2010-10-14 to 2010-11-14 )))))))))))))))))))))))))))))))
    .

    2010-11-14 04:44 . 2010-11-14 04:44 -------- d-----w- c:\users\Lauren\AppData\Local\temp
    2010-11-14 04:44 . 2010-11-14 04:44 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-11-13 00:49 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AE729071-7A95-484F-BE06-6D5B09AF76FB}\mpengine.dll
    2010-11-11 08:22 . 2010-11-11 08:22 -------- d-----r- c:\program files\Norton Support
    2010-11-11 06:33 . 2010-11-11 06:33 -------- d-----w- c:\program files\Common Files\Java
    2010-11-07 07:44 . 2010-11-07 07:44 109056 --sha-r- c:\windows\system32\trkwksz.dll
    2010-10-30 02:19 . 2010-10-30 02:19 -------- d-----w- c:\programdata\Livescribe
    2010-10-28 13:28 . 2010-10-28 13:32 -------- d-----w- c:\users\Lauren\AppData\Local\Livescribe
    2010-10-28 13:28 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2010-10-28 13:28 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
    2010-10-28 13:20 . 2010-10-30 02:19 -------- d-----w- c:\program files\Common Files\Livescribe
    2010-10-28 13:16 . 2010-10-28 13:16 -------- d-----w- c:\users\Lauren\AppData\Roaming\Downloaded Installations
    2010-10-27 04:58 . 2010-10-27 04:58 -------- d-----w- c:\program files\Lame for Audacity
    2010-10-27 04:26 . 2010-10-27 04:26 -------- d-----w- c:\users\Lauren\AppData\Roaming\FileOpen
    2010-10-27 04:26 . 2010-10-27 04:26 -------- d-----w- c:\programdata\FileOpen
    2010-10-27 04:26 . 2010-10-27 04:26 -------- d-----w- c:\program files\FileOpen
    2010-10-27 03:30 . 2010-10-27 03:30 -------- d-----w- c:\program files\Audacity
    2010-10-27 03:26 . 2010-10-27 03:26 -------- d-----w- c:\users\Lauren\AppData\Roaming\Syntrillium
    2010-10-16 03:18 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
    2010-10-16 03:18 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2010-10-16 03:16 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2010-10-16 03:16 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-10-16 03:16 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-10-16 03:16 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-10-16 03:16 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
    2010-10-16 03:16 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
    2010-10-16 03:16 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
    2010-10-16 03:16 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
    2010-10-16 03:14 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
    2010-10-16 03:14 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
    2010-10-16 03:14 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
    2010-10-16 03:14 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-11 12:20 . 2009-05-11 06:30 952 --sha-w- c:\programdata\KGyGaAvL.sys
    2010-10-19 01:41 . 2010-02-21 16:40 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-10-04 10:07 . 2010-10-04 10:07 9524240 ----a-w- c:\users\Public\LDWin_Update_17_29661.exe
    2010-09-14 18:50 . 2010-05-31 01:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-08 01:17 . 2010-09-08 01:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 01:17 . 2010-09-08 01:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-08-17 14:11 . 2010-09-15 01:47 128000 ----a-w- c:\windows\system32\spoolsv.exe
    2008-09-10 07:39 . 2009-02-12 22:08 14228264 ----a-w- c:\program files\iTunes.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2008-03-05 06:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "BitTorrent DNA"="c:\users\Lauren\Program Files\DNA\btdna.exe" [2009-10-07 323392]
    "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-04-21 6037504]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
    "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-23 397312]
    "eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 526896]
    "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040]
    "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
    "LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-07-08 858632]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-21 13535776]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-21 92704]
    "ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-07-13 3625984]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
    "Skytel"="Skytel.exe" [2008-04-21 1826816]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-23 421160]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

    c:\users\Lauren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-13 723496]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
    2008-07-13 05:08 2938880 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
    @="FSFilter Activity Monitor"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    R2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2008-07-13 3435008]
    R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
    R3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\DRIVERS\PulseUsb.sys [2010-05-23 20480]
    R3 SmartpenBus;Smartpen Enumerator;c:\windows\system32\DRIVERS\SmartpenBus.sys [x]
    R3 SmartpenCom;Smartpen Communications;c:\windows\system32\DRIVERS\SmartpenCom.sys [x]
    S0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2008-07-13 43184]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2009-08-22 310320]
    S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2009-08-22 259632]
    S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2009-08-22 482432]
    S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101112.001\IDSvix86.sys [2010-10-19 353840]
    S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
    S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
    S2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2009-08-22 117640]
    S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-07 50424]
    S2 PenCommService;Livescribe Smartpen Service;c:\program files\Common Files\Livescribe\PenComm\PenCommService.exe [2010-10-18 457728]
    S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448]
    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-21 81296]
    S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-04-21 43552]
    S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [2009-08-22 48688]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    .
    Contents of the 'Scheduled Tasks' folder

    2010-11-14 c:\windows\Tasks\User_Feed_Synchronization-{7F5CCD73-BC79-44E7-A722-80D8A7E7FA7C}.job
    - c:\windows\system32\msfeedssync.exe [2010-10-16 04:25]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.jcu.edu.au/
    mStart Page = hxxp://en.au.acer.yahoo.com
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-14 14:44
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(2512)
    c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
    c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
    c:\windows\system32\btmmhook.dll
    c:\windows\System32\SysHook.dll
    c:\windows\System32\NLSData0009.dll
    .
    Completion time: 2010-11-14 14:47:38
    ComboFix-quarantined-files.txt 2010-11-14 04:47
    ComboFix2.txt 2010-11-14 03:10
    ComboFix3.txt 2010-11-13 03:39

    Pre-Run: 63,361,454,080 bytes free
    Post-Run: 63,332,827,136 bytes free

    - - End Of File - - 30178DC94BBE94C512468DC0D283BCC1
     
  19. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    For some reason, we can't get rid of that stubborn file.

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  20. LozzaLay

    LozzaLay TS Rookie Topic Starter Posts: 24

    TDSSKiller log

    2010/11/15 11:53:00.0605 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
    2010/11/15 11:53:00.0605 ================================================================================
    2010/11/15 11:53:00.0605 SystemInfo:
    2010/11/15 11:53:00.0605
    2010/11/15 11:53:00.0605 OS Version: 6.0.6002 ServicePack: 2.0
    2010/11/15 11:53:00.0605 Product type: Workstation
    2010/11/15 11:53:00.0605 ComputerName: LAURENS-LAPTOP
    2010/11/15 11:53:00.0605 UserName: Lauren
    2010/11/15 11:53:00.0605 Windows directory: C:\Windows
    2010/11/15 11:53:00.0605 System windows directory: C:\Windows
    2010/11/15 11:53:00.0605 Processor architecture: Intel x86
    2010/11/15 11:53:00.0605 Number of processors: 2
    2010/11/15 11:53:00.0605 Page size: 0x1000
    2010/11/15 11:53:00.0605 Boot type: Normal boot
    2010/11/15 11:53:00.0605 ================================================================================
    2010/11/15 11:53:01.0978 Initialize success
    2010/11/15 11:53:04.0911 ================================================================================
    2010/11/15 11:53:04.0911 Scan started
    2010/11/15 11:53:04.0911 Mode: Manual;
    2010/11/15 11:53:04.0911 ================================================================================
    2010/11/15 11:53:05.0738 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    2010/11/15 11:53:05.0909 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    2010/11/15 11:53:06.0081 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    2010/11/15 11:53:06.0252 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    2010/11/15 11:53:06.0362 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    2010/11/15 11:53:06.0596 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
    2010/11/15 11:53:06.0783 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    2010/11/15 11:53:06.0908 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2010/11/15 11:53:07.0064 AlfaFF (8d59617a9c3dbf4650aa44f4e9215744) C:\Windows\system32\Drivers\AlfaFF.sys
    2010/11/15 11:53:07.0235 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
    2010/11/15 11:53:07.0391 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    2010/11/15 11:53:07.0516 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
    2010/11/15 11:53:07.0688 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    2010/11/15 11:53:07.0859 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
    2010/11/15 11:53:08.0156 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    2010/11/15 11:53:08.0327 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    2010/11/15 11:53:08.0499 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    2010/11/15 11:53:08.0592 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
    2010/11/15 11:53:08.0717 ATSWPDRV (5e19f7b730c6a32e83174e2d6fee4389) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
    2010/11/15 11:53:08.0982 b57nd60x (7d0f2bfa273831124fa08526af48af18) C:\Windows\system32\DRIVERS\b57nd60x.sys
    2010/11/15 11:53:09.0248 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    2010/11/15 11:53:09.0513 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\Windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys
    2010/11/15 11:53:09.0731 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    2010/11/15 11:53:09.0996 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
    2010/11/15 11:53:10.0152 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2010/11/15 11:53:10.0215 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2010/11/15 11:53:10.0371 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2010/11/15 11:53:10.0433 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2010/11/15 11:53:10.0480 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2010/11/15 11:53:10.0527 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2010/11/15 11:53:10.0636 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
    2010/11/15 11:53:10.0745 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
    2010/11/15 11:53:10.0854 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
    2010/11/15 11:53:10.0979 BthPort (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
    2010/11/15 11:53:11.0120 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
    2010/11/15 11:53:11.0276 btwaudio (3ea1a20dc0ca1ad23e7aa8c37a91bcd1) C:\Windows\system32\drivers\btwaudio.sys
    2010/11/15 11:53:11.0447 btwavdt (195872e48a7fb01f8bc9b800f70f4054) C:\Windows\system32\drivers\btwavdt.sys
    2010/11/15 11:53:11.0541 btwrchid (0724e7d6c9b6a289eddda33fa8176e80) C:\Windows\system32\DRIVERS\btwrchid.sys
    2010/11/15 11:53:11.0962 ccHP (8973ff34b83572d867b5b928905ad5ac) C:\Windows\System32\Drivers\N360\0308000.029\ccHPx86.sys
    2010/11/15 11:53:12.0118 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    2010/11/15 11:53:12.0336 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    2010/11/15 11:53:12.0461 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
    2010/11/15 11:53:12.0602 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    2010/11/15 11:53:12.0804 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    2010/11/15 11:53:12.0929 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
    2010/11/15 11:53:13.0070 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    2010/11/15 11:53:13.0319 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    2010/11/15 11:53:13.0444 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    2010/11/15 11:53:13.0631 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
    2010/11/15 11:53:13.0818 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    2010/11/15 11:53:13.0912 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
    2010/11/15 11:53:14.0099 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    2010/11/15 11:53:14.0208 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
    2010/11/15 11:53:14.0427 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2010/11/15 11:53:14.0676 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    2010/11/15 11:53:14.0848 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    2010/11/15 11:53:15.0066 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    2010/11/15 11:53:15.0269 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    2010/11/15 11:53:15.0472 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
    2010/11/15 11:53:15.0737 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    2010/11/15 11:53:15.0924 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    2010/11/15 11:53:16.0080 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    2010/11/15 11:53:16.0205 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    2010/11/15 11:53:16.0346 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    2010/11/15 11:53:16.0439 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    2010/11/15 11:53:16.0611 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    2010/11/15 11:53:16.0736 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    2010/11/15 11:53:16.0798 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    2010/11/15 11:53:16.0923 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2010/11/15 11:53:17.0063 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    2010/11/15 11:53:17.0235 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2010/11/15 11:53:17.0375 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    2010/11/15 11:53:17.0453 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    2010/11/15 11:53:17.0547 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    2010/11/15 11:53:17.0640 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
    2010/11/15 11:53:17.0765 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
    2010/11/15 11:53:17.0937 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
    2010/11/15 11:53:18.0062 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
    2010/11/15 11:53:18.0171 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    2010/11/15 11:53:18.0280 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    2010/11/15 11:53:18.0374 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    2010/11/15 11:53:18.0561 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
    2010/11/15 11:53:18.0639 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    2010/11/15 11:53:18.0842 IDSVix86 (ee90168d5578359fe9a295b8611330c0) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101112.001\IDSvix86.sys
    2010/11/15 11:53:19.0029 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2010/11/15 11:53:19.0107 int15 (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Windows\system32\drivers\int15.sys
    2010/11/15 11:53:19.0310 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
    2010/11/15 11:53:19.0450 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    2010/11/15 11:53:19.0528 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    2010/11/15 11:53:19.0653 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2010/11/15 11:53:19.0746 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
    2010/11/15 11:53:19.0793 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    2010/11/15 11:53:19.0887 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    2010/11/15 11:53:19.0965 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    2010/11/15 11:53:20.0043 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    2010/11/15 11:53:20.0090 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2010/11/15 11:53:20.0199 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2010/11/15 11:53:20.0324 JMCR (858c550ebbd243826a2193262c1b54a3) C:\Windows\system32\DRIVERS\jmcr.sys
    2010/11/15 11:53:20.0355 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2010/11/15 11:53:20.0464 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
    2010/11/15 11:53:20.0651 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    2010/11/15 11:53:20.0870 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    2010/11/15 11:53:20.0994 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
    2010/11/15 11:53:21.0104 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
    2010/11/15 11:53:21.0228 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
    2010/11/15 11:53:21.0306 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    2010/11/15 11:53:21.0416 MBAMSwissArmy (c7dd7d9739785bd3a6b8499eec1dee7e) C:\Windows\system32\drivers\mbamswissarmy.sys
    2010/11/15 11:53:21.0634 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    2010/11/15 11:53:21.0728 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
    2010/11/15 11:53:21.0899 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
    2010/11/15 11:53:22.0008 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    2010/11/15 11:53:22.0118 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    2010/11/15 11:53:22.0227 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    2010/11/15 11:53:22.0398 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
    2010/11/15 11:53:22.0476 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    2010/11/15 11:53:22.0648 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
    2010/11/15 11:53:22.0726 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    2010/11/15 11:53:22.0804 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2010/11/15 11:53:22.0898 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    2010/11/15 11:53:23.0038 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2010/11/15 11:53:23.0116 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2010/11/15 11:53:23.0256 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2010/11/15 11:53:23.0366 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
    2010/11/15 11:53:23.0428 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
    2010/11/15 11:53:23.0522 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    2010/11/15 11:53:23.0662 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    2010/11/15 11:53:23.0818 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    2010/11/15 11:53:23.0880 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    2010/11/15 11:53:23.0990 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    2010/11/15 11:53:24.0099 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    2010/11/15 11:53:24.0239 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    2010/11/15 11:53:24.0426 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    2010/11/15 11:53:24.0536 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    2010/11/15 11:53:24.0754 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    2010/11/15 11:53:24.0926 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101114.003\NAVENG.SYS
    2010/11/15 11:53:25.0035 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101114.003\NAVEX15.SYS
    2010/11/15 11:53:25.0284 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    2010/11/15 11:53:25.0409 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    2010/11/15 11:53:25.0503 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    2010/11/15 11:53:25.0612 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2010/11/15 11:53:25.0752 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    2010/11/15 11:53:25.0815 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    2010/11/15 11:53:25.0908 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    2010/11/15 11:53:26.0220 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
    2010/11/15 11:53:26.0392 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    2010/11/15 11:53:26.0564 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    2010/11/15 11:53:26.0642 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    2010/11/15 11:53:26.0766 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    2010/11/15 11:53:26.0954 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
    2010/11/15 11:53:27.0032 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    2010/11/15 11:53:27.0188 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    2010/11/15 11:53:27.0297 NVHDA (f972dc046c374a9e02f2dfbe74ebb203) C:\Windows\system32\drivers\nvhda32v.sys
    2010/11/15 11:53:27.0640 nvlddmkm (0a19680ca54d262534f8a2f4cf79e271) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2010/11/15 11:53:27.0874 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
    2010/11/15 11:53:27.0968 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
    2010/11/15 11:53:28.0124 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
    2010/11/15 11:53:28.0342 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
    2010/11/15 11:53:28.0545 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    2010/11/15 11:53:28.0670 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    2010/11/15 11:53:28.0748 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    2010/11/15 11:53:28.0857 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    2010/11/15 11:53:28.0982 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
    2010/11/15 11:53:29.0091 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
    2010/11/15 11:53:29.0231 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2010/11/15 11:53:29.0512 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    2010/11/15 11:53:29.0652 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
    2010/11/15 11:53:29.0808 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    2010/11/15 11:53:29.0933 PSDFilter (ab94285ff6c6bc5433407d8d182a4bb4) C:\Windows\system32\DRIVERS\psdfilter.sys
    2010/11/15 11:53:29.0996 PSDNServ (2aaf9a5d7a63d26bfaea853c5f2292bc) C:\Windows\system32\DRIVERS\PSDNServ.sys
    2010/11/15 11:53:30.0089 psdvdisk (0eb8cec99855beae5b0d02c2302619ef) C:\Windows\system32\DRIVERS\PSDVdisk.sys
    2010/11/15 11:53:30.0261 PulseUsb (82749a87e49fdc46e6d1b9627507dd75) C:\Windows\system32\DRIVERS\PulseUsb.sys
    2010/11/15 11:53:30.0370 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
    2010/11/15 11:53:30.0557 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2010/11/15 11:53:30.0651 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    2010/11/15 11:53:30.0713 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    2010/11/15 11:53:30.0776 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2010/11/15 11:53:30.0900 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    2010/11/15 11:53:30.0978 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    2010/11/15 11:53:31.0088 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    2010/11/15 11:53:31.0181 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2010/11/15 11:53:31.0337 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
    2010/11/15 11:53:31.0493 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    2010/11/15 11:53:31.0618 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    2010/11/15 11:53:31.0743 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
    2010/11/15 11:53:31.0852 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
    2010/11/15 11:53:32.0039 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    2010/11/15 11:53:32.0133 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    2010/11/15 11:53:32.0351 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
    2010/11/15 11:53:32.0445 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2010/11/15 11:53:32.0585 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    2010/11/15 11:53:32.0679 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    2010/11/15 11:53:32.0757 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    2010/11/15 11:53:32.0913 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
    2010/11/15 11:53:32.0975 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
    2010/11/15 11:53:33.0084 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
    2010/11/15 11:53:33.0225 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    2010/11/15 11:53:33.0334 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
    2010/11/15 11:53:33.0459 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
    2010/11/15 11:53:33.0584 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
    2010/11/15 11:53:34.0005 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    2010/11/15 11:53:34.0208 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    2010/11/15 11:53:34.0535 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\Windows\System32\Drivers\N360\0308000.029\SRTSP.SYS
    2010/11/15 11:53:34.0785 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\Windows\system32\drivers\N360\0308000.029\SRTSPX.SYS
    2010/11/15 11:53:35.0003 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
    2010/11/15 11:53:35.0159 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
    2010/11/15 11:53:35.0424 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
    2010/11/15 11:53:35.0612 sscdbus (92b69020fc480219683d429dca068d71) C:\Windows\system32\DRIVERS\sscdbus.sys
    2010/11/15 11:53:35.0736 sscdmdfl (77a2869d40cc84af711c321f9b0c7a78) C:\Windows\system32\DRIVERS\sscdmdfl.sys
    2010/11/15 11:53:35.0908 sscdmdm (b4255635195a8413fcde7af5b7c4e382) C:\Windows\system32\DRIVERS\sscdmdm.sys
    2010/11/15 11:53:36.0142 StarOpen (306521935042fc0a6988d528643619b3) C:\Windows\system32\drivers\StarOpen.sys
    2010/11/15 11:53:36.0298 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    2010/11/15 11:53:36.0392 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2010/11/15 11:53:36.0641 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\Windows\system32\drivers\N360\0308000.029\SYMEFA.SYS
    2010/11/15 11:53:36.0860 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\Windows\system32\Drivers\SYMEVENT.SYS
    2010/11/15 11:53:37.0094 SYMFW (1e825026436c4eac3e1a11d1e9c33f2c) C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS
    2010/11/15 11:53:37.0265 SymIM (34f1c9d5dcc19df1e824d6b73767b8af) C:\Windows\system32\DRIVERS\SymIMv.sys
    2010/11/15 11:53:37.0468 SYMNDISV (dcbf73da96cce94933c8cc6eded3c98b) C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS
    2010/11/15 11:53:37.0718 SYMTDI (e4fa8bbb96e314e9508865de1a767538) C:\Windows\System32\Drivers\N360\0308000.029\SYMTDI.SYS
    2010/11/15 11:53:37.0874 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2010/11/15 11:53:37.0967 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2010/11/15 11:53:38.0139 SynTP (bf7aa84d5af0faa0978c840e63b17dbf) C:\Windows\system32\DRIVERS\SynTP.sys
    2010/11/15 11:53:38.0326 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
    2010/11/15 11:53:38.0482 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
    2010/11/15 11:53:38.0576 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    2010/11/15 11:53:38.0716 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    2010/11/15 11:53:38.0794 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    2010/11/15 11:53:38.0872 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    2010/11/15 11:53:38.0997 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    2010/11/15 11:53:39.0122 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2010/11/15 11:53:39.0246 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    2010/11/15 11:53:39.0309 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    2010/11/15 11:53:39.0402 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
    2010/11/15 11:53:39.0558 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
    2010/11/15 11:53:39.0652 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    2010/11/15 11:53:39.0824 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
    2010/11/15 11:53:39.0917 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
    2010/11/15 11:53:40.0058 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2010/11/15 11:53:40.0136 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2010/11/15 11:53:40.0214 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    2010/11/15 11:53:40.0401 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
    2010/11/15 11:53:40.0541 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    2010/11/15 11:53:40.0635 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    2010/11/15 11:53:40.0728 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    2010/11/15 11:53:40.0838 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    2010/11/15 11:53:40.0931 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    2010/11/15 11:53:41.0087 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    2010/11/15 11:53:41.0212 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    2010/11/15 11:53:41.0337 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2010/11/15 11:53:41.0430 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    2010/11/15 11:53:41.0571 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    2010/11/15 11:53:41.0742 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    2010/11/15 11:53:41.0820 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    2010/11/15 11:53:41.0914 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
    2010/11/15 11:53:42.0039 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
    2010/11/15 11:53:42.0164 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
    2010/11/15 11:53:42.0257 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    2010/11/15 11:53:42.0398 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    2010/11/15 11:53:42.0507 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    2010/11/15 11:53:42.0647 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
    2010/11/15 11:53:42.0741 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2010/11/15 11:53:42.0897 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/11/15 11:53:42.0975 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/11/15 11:53:43.0100 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    2010/11/15 11:53:43.0224 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    2010/11/15 11:53:43.0474 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    2010/11/15 11:53:43.0661 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2010/11/15 11:53:43.0880 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
    2010/11/15 11:53:44.0004 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    2010/11/15 11:53:44.0192 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2010/11/15 11:53:44.0379 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
    2010/11/15 11:53:45.0190 ================================================================================
    2010/11/15 11:53:45.0190 Scan finished
    2010/11/15 11:53:45.0190 ================================================================================
     
  21. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    OK. Nothing there...

    Please download The Avenger by Swandog46 to your Desktop.
    - Right click on the Avenger.zip folder and select Extract All...
    - Follow the prompts and extract the avenger folder to your desktop

    Double click on avenger.exe.
    Click OK in pop-up window.

    Avenger window will open.

    Click on Execute button.
    Click OK in two consecutive pop-up windows.

    Your computer will re-boot now.

    Upon re-boot, Notepad window will open.
    Select all text, copy it, and paste it into next reply.

    NOTE. If the log doesn't open on reboot, open Avenger again, and go File>Open Log File.
     
  22. LozzaLay

    LozzaLay TS Rookie Topic Starter Posts: 24

    Logfile of The Avenger Version 2.0, (c) by Swandog46
    http://swandog46.geekstogo.com

    Platform: Windows Vista

    *******************

    Script file opened successfully.
    Script file read successfully.

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Rootkit scan active.
    No rootkits found!


    Completed script processing.

    *******************

    Finished! Terminate.
     
  23. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    1. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

    Code:
    Begin copying here:
    Drivers to delete:
    
    Files to delete:
    c:\windows\system32\trkwksz.dll
    
    Folders to delete:
    
    Registry Keys to delete:
    
    Registry values to delete:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools
    

    2. Now, open the Avenger folder and start The Avenger program by clicking on its icon.

    * Right click on the window under Input script here:, and select Paste.
    * You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
    * Click on Execute
    * Answer "Yes" twice when prompted.


    3. The Avenger will automatically do the following:

    * It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
    * On reboot, it will briefly open a black command window on your desktop, this is normal.
    * After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    * The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

    4. Please copy/paste the content of c:\avenger.txt into your reply
     
  24. LozzaLay

    LozzaLay TS Rookie Topic Starter Posts: 24

    //////////////////////////////////////////
    Avenger Pre-Processor log
    //////////////////////////////////////////

    Platform: Windows NT 6.0 (build 6002, Service Pack 2)
    Tue Nov 16 11:59:46 2010

    11:59:31: Error: Invalid registry syntax in command:
    "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools"
    Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
    Skipping line. (Registry value deletion mode)


    //////////////////////////////////////////


    Logfile of The Avenger Version 2.0, (c) by Swandog46
    http://swandog46.geekstogo.com

    Platform: Windows Vista

    *******************

    Script file opened successfully.
    Script file read successfully.

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Rootkit scan active.
    No rootkits found!

    File "c:\windows\system32\trkwksz.dll" deleted successfully.

    Completed script processing.

    *******************

    Finished! Terminate.
     
  25. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Very good :)

    How is redirection issue?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...