Suspected malware: google links do not open...please help

Solved
By nikkhasnsi
Nov 30, 2010
Topic Status:
Not open for further replies.
  1. Hello,

    I have seen this topic many time on this forum. My google link do not open correctly and open different sites.

    I ran Hitman Pro 3.5. It indicates "Possible variant of of the TDL3 (alias Alureon) rootkit detected"

    Cna someone please help me?

    Thanks
  2. Broni

    Broni Malware Annihilator Posts: 45,317   +243

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. nikkhasnsi

    nikkhasnsi Newcomer, in training Topic Starter Posts: 52

  4. Broni

    Broni Malware Annihilator Posts: 45,317   +243

    No problem.
    I'm not talking about 5 days overall, but 5 days without a word from you.
  5. nikkhasnsi

    nikkhasnsi Newcomer, in training Topic Starter Posts: 52

    Was able to do 2 steps, well actually 1.

    Step 1: I already have Norton
    Step 2: Ran TFC. It removed some items from my temp folder, but after reboot it gave some system errors and could not find my setting. I did another reboot and thing were back to normal.

    Do all steps have to be done the same day?
  6. nikkhasnsi

    nikkhasnsi Newcomer, in training Topic Starter Posts: 52

    Google Chrome seems to work fine ie the links are working fine. Did the same in IE and the links get redirected.

    How come the malware affects IE but not Chrome?

    BTW: Not plugging Chrome, tried it for the first time myself.
  7. nikkhasnsi

    nikkhasnsi Newcomer, in training Topic Starter Posts: 52

    Avira Scan results

    Avira AntiVir Personal
    Report file date: Thursday, December 02, 2010 18:13

    Scanning for 3115420 virus strains and unwanted programs.

    The program is running as an unrestricted full version.
    Online services are available:

    Licensee : Avira AntiVir Personal - FREE Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows Vista
    Windows version : (Service Pack 2) [6.0.6002]
    Boot mode : Normally booted
    Username : SYSTEM
    Computer name : HOME

    Version information:
    BUILD.DAT : 10.0.0.592 31823 Bytes 8/9/2010 11:00:00
    AVSCAN.EXE : 10.0.3.1 434344 Bytes 8/3/2010 00:09:56
    AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 21:57:04
    LUKE.DLL : 10.0.2.3 104296 Bytes 8/3/2010 00:10:00
    LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 08:40:49
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 18:05:36
    VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 04:27:49
    VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 02:37:42
    VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 01:37:42
    VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 20:29:03
    VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 00:10:03
    VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 00:10:04
    VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 00:10:06
    VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 01:46:13
    VBASE009.VDF : 7.10.13.80 2265600 Bytes 11/2/2010 01:46:15
    VBASE010.VDF : 7.10.13.81 2048 Bytes 11/2/2010 01:46:16
    VBASE011.VDF : 7.10.13.82 2048 Bytes 11/2/2010 01:46:17
    VBASE012.VDF : 7.10.13.83 2048 Bytes 11/2/2010 01:46:17
    VBASE013.VDF : 7.10.13.116 147968 Bytes 11/4/2010 01:46:18
    VBASE014.VDF : 7.10.13.147 146944 Bytes 11/7/2010 01:46:19
    VBASE015.VDF : 7.10.13.180 123904 Bytes 11/9/2010 01:46:20
    VBASE016.VDF : 7.10.13.211 122368 Bytes 11/11/2010 01:46:21
    VBASE017.VDF : 7.10.13.243 147456 Bytes 11/15/2010 01:46:21
    VBASE018.VDF : 7.10.14.15 142848 Bytes 11/17/2010 01:46:22
    VBASE019.VDF : 7.10.14.41 134144 Bytes 11/19/2010 01:46:22
    VBASE020.VDF : 7.10.14.63 128000 Bytes 11/22/2010 01:46:23
    VBASE021.VDF : 7.10.14.87 143872 Bytes 11/24/2010 01:46:24
    VBASE022.VDF : 7.10.14.116 140800 Bytes 11/26/2010 01:46:25
    VBASE023.VDF : 7.10.14.147 150528 Bytes 11/30/2010 01:46:26
    VBASE024.VDF : 7.10.14.148 2048 Bytes 11/30/2010 01:46:26
    VBASE025.VDF : 7.10.14.149 2048 Bytes 11/30/2010 01:46:26
    VBASE026.VDF : 7.10.14.150 2048 Bytes 11/30/2010 01:46:27
    VBASE027.VDF : 7.10.14.151 2048 Bytes 11/30/2010 01:46:27
    VBASE028.VDF : 7.10.14.152 2048 Bytes 11/30/2010 01:46:27
    VBASE029.VDF : 7.10.14.153 2048 Bytes 11/30/2010 01:46:27
    VBASE030.VDF : 7.10.14.154 2048 Bytes 11/30/2010 01:46:27
    VBASE031.VDF : 7.10.14.171 115712 Bytes 12/2/2010 01:46:29
    Engineversion : 8.2.4.118
    AEVDF.DLL : 8.1.2.1 106868 Bytes 8/3/2010 00:09:54
    AESCRIPT.DLL : 8.1.3.48 1286524 Bytes 12/3/2010 01:46:42
    AESCN.DLL : 8.1.7.2 127349 Bytes 12/3/2010 01:46:40
    AESBX.DLL : 8.1.3.2 254324 Bytes 12/3/2010 01:46:44
    AERDL.DLL : 8.1.9.2 635252 Bytes 12/3/2010 01:46:38
    AEPACK.DLL : 8.2.4.1 512375 Bytes 12/3/2010 01:46:36
    AEOFFICE.DLL : 8.1.1.10 201084 Bytes 12/3/2010 01:46:34
    AEHEUR.DLL : 8.1.2.50 3101046 Bytes 12/3/2010 01:46:34
    AEHELP.DLL : 8.1.16.0 246136 Bytes 12/3/2010 01:46:31
    AEGEN.DLL : 8.1.5.0 397685 Bytes 12/3/2010 01:46:31
    AEEMU.DLL : 8.1.3.0 393589 Bytes 12/3/2010 01:46:30
    AECORE.DLL : 8.1.19.0 196984 Bytes 12/3/2010 01:46:30
    AEBB.DLL : 8.1.1.0 53618 Bytes 8/3/2010 00:09:48
    AVWINLL.DLL : 10.0.0.0 19304 Bytes 8/3/2010 00:09:56
    AVPREF.DLL : 10.0.0.0 44904 Bytes 8/3/2010 00:09:55
    AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 23:27:13
    AVREG.DLL : 10.0.3.2 53096 Bytes 8/3/2010 00:09:55
    AVSCPLR.DLL : 10.0.3.1 83816 Bytes 8/3/2010 00:09:56
    AVARKT.DLL : 10.0.0.14 227176 Bytes 8/3/2010 00:09:54
    AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 8/3/2010 00:09:55
    SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 23:27:22
    AVSMTP.DLL : 10.0.0.17 63848 Bytes 8/3/2010 00:09:56
    NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 23:27:21
    RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 22:10:20
    RCTEXT.DLL : 10.0.58.0 97128 Bytes 8/3/2010 00:10:08

    Configuration settings for the scan:
    Jobname.............................: Complete system scan
    Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
    Logging.............................: low
    Primary action......................: interactive
    Secondary action....................: ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Boot sectors........................: C:, D:, H:,
    Process scan........................: on
    Extended process scan...............: on
    Scan registry.......................: on
    Search for rootkits.................: on
    Integrity checking of system files..: off
    Scan all files......................: All files
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: medium

    Start of the scan: Thursday, December 02, 2010 18:13

    Starting search for hidden objects.
    While loading the module (AVARKT.DLL) the following error occured:
    The file does not exist!
    AVARKT.DLL

    The scan of running processes will be started
    Scan process 'chrome.exe' - '74' Module(s) have been scanned
    Scan process 'avscan.exe' - '74' Module(s) have been scanned
    Scan process 'avscan.exe' - '35' Module(s) have been scanned
    Scan process 'avcenter.exe' - '74' Module(s) have been scanned
    Scan process 'SearchFilterHost.exe' - '41' Module(s) have been scanned
    Scan process 'SearchProtocolHost.exe' - '57' Module(s) have been scanned
    Scan process 'Explorer.EXE' - '161' Module(s) have been scanned
    Scan process 'iPodService.exe' - '40' Module(s) have been scanned
    Scan process 'CCC.exe' - '199' Module(s) have been scanned
    Scan process 'NMIndexingService.exe' - '45' Module(s) have been scanned
    Scan process 'taskmgr.exe' - '42' Module(s) have been scanned
    Scan process 'wmpnetwk.exe' - '67' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '40' Module(s) have been scanned
    Scan process 'NMIndexStoreSvr.exe' - '55' Module(s) have been scanned
    Scan process 'wmpnscfg.exe' - '38' Module(s) have been scanned
    Scan process 'MOM.exe' - '62' Module(s) have been scanned
    Scan process 'avgnt.exe' - '58' Module(s) have been scanned
    Scan process 'DllHost.exe' - '28' Module(s) have been scanned
    Scan process 'ACDaemon.exe' - '29' Module(s) have been scanned
    Scan process 'iTunesHelper.exe' - '85' Module(s) have been scanned
    Scan process 'EEventManager.exe' - '80' Module(s) have been scanned
    Scan process 'ccSvcHst.exe' - '92' Module(s) have been scanned
    Scan process 'YahooAUService.exe' - '71' Module(s) have been scanned
    Scan process 'SearchIndexer.exe' - '68' Module(s) have been scanned
    Scan process 'svchost.exe' - '34' Module(s) have been scanned
    Scan process 'SWGVCSvc.exe' - '42' Module(s) have been scanned
    Scan process 'svchost.exe' - '50' Module(s) have been scanned
    Scan process 'StarWindServiceAE.exe' - '41' Module(s) have been scanned
    Scan process 'svchost.exe' - '46' Module(s) have been scanned
    Scan process 'NBService.exe' - '41' Module(s) have been scanned
    Scan process 'ccSvcHst.exe' - '151' Module(s) have been scanned
    Scan process 'MSCamS32.exe' - '81' Module(s) have been scanned
    Scan process 'avshadow.exe' - '36' Module(s) have been scanned
    Scan process 'MagicTuneEngine.exe' - '41' Module(s) have been scanned
    Scan process 'mDNSResponder.exe' - '37' Module(s) have been scanned
    Scan process 'bgsvcgen.exe' - '25' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '38' Module(s) have been scanned
    Scan process 'avguard.exe' - '69' Module(s) have been scanned
    Scan process 'ACService.exe' - '31' Module(s) have been scanned
    Scan process 'eEBSVC.exe' - '33' Module(s) have been scanned
    Scan process 'taskeng.exe' - '54' Module(s) have been scanned
    Scan process 'Dwm.exe' - '44' Module(s) have been scanned
    Scan process 'taskeng.exe' - '83' Module(s) have been scanned
    Scan process 'svchost.exe' - '66' Module(s) have been scanned
    Scan process 'sched.exe' - '59' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '95' Module(s) have been scanned
    Scan process 'svchost.exe' - '92' Module(s) have been scanned
    Scan process 'svchost.exe' - '91' Module(s) have been scanned
    Scan process 'atieclxx.exe' - '40' Module(s) have been scanned
    Scan process 'SLsvc.exe' - '29' Module(s) have been scanned
    Scan process 'svchost.exe' - '43' Module(s) have been scanned
    Scan process 'AUDIODG.EXE' - '47' Module(s) have been scanned
    Scan process 'svchost.exe' - '149' Module(s) have been scanned
    Scan process 'svchost.exe' - '82' Module(s) have been scanned
    Scan process 'svchost.exe' - '69' Module(s) have been scanned
    Scan process 'atiesrxx.exe' - '34' Module(s) have been scanned
    Scan process 'svchost.exe' - '41' Module(s) have been scanned
    Scan process 'svchost.exe' - '46' Module(s) have been scanned
    Scan process 'winlogon.exe' - '38' Module(s) have been scanned
    Scan process 'lsm.exe' - '34' Module(s) have been scanned
    Scan process 'lsass.exe' - '65' Module(s) have been scanned
    Scan process 'services.exe' - '41' Module(s) have been scanned
    Scan process 'csrss.exe' - '14' Module(s) have been scanned
    Scan process 'wininit.exe' - '34' Module(s) have been scanned
    Scan process 'csrss.exe' - '14' Module(s) have been scanned
    Scan process 'smss.exe' - '2' Module(s) have been scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!
    Boot sector 'H:\'
    [INFO] No virus was found!

    Starting to scan executable files (registry).
    The registry was scanned ( '1008' files ).


    Starting the file scan:

    Begin scan in 'C:\' <OS>
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\QBackup\{FD757D3C-928E-4DF9-A315-4EC0A54B8134}\{BE2681B3-CE5A-4BB5-99F9-847BE310561F}.qbd
    [0] Archive type: HIDDEN
    [DETECTION] Is the TR/Dropper.Gen Trojan
    --> FIL\\\?\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\QBackup\{FD757D3C-928E-4DF9-A315-4EC0A54B8134}\{BE2681B3-CE5A-4BB5-99F9-847BE310561F}.qbd
    [DETECTION] Is the TR/Dropper.Gen Trojan
    Begin scan in 'D:\' <RECOVERY>
    Begin scan in 'H:\'
    Search path H:\ could not be opened!
    System error [3]: The system cannot find the path specified.

    Beginning disinfection:
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\QBackup\{FD757D3C-928E-4DF9-A315-4EC0A54B8134}\{BE2681B3-CE5A-4BB5-99F9-847BE310561F}.qbd
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [WARNING] The file could not be copied to quarantine!
    [WARNING] An exception has been identified!
    [WARNING] The file could not be selected for deletion after the restart. Possible cause: Access is denied.

    The repair notes were written to the file 'C:\avrescue\rescue.avp'.

    ============================================================
    The file 'C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\QBackup\{FD757D3C-928E-4DF9-A315-4EC0A54B8134}\{BE2681B3-CE5A-4BB5-99F9-847BE310561F}.qbd'
    contained a virus or unwanted program 'TR/Dropper.Gen' [trojan]
    Action(s) taken:
    An error has occurred and the file was not deleted. ErrorID: 26004.
    The source file could not be found.
    Attempting to perform action using the ARK library.
    The file could not be copied to quarantine!
    An exception has been identified!
    The file could not be selected for deletion after the restart. Possible cause: Access is denied.
    ===========================================================================
    The file 'C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\QBackup\{FD757D3C-928E-4DF9-A315-4EC0A54B8134}\{BE2681B3-CE5A-4BB5-99F9-847BE310561F}.qbd'
    contained a virus or unwanted program 'TR/Dropper.Gen' [trojan]
    Action(s) taken:
    An error has occurred and the file was not deleted. ErrorID: 26003.
    The file could not be deleted!
    Attempting to perform action using the ARK library.
    The file was moved to the quarantine directory under the name '517bdc7b.qua'.
  8. Broni

    Broni Malware Annihilator Posts: 45,317   +243

    No.
    Please continue...
  9. nikkhasnsi

    nikkhasnsi Newcomer, in training Topic Starter Posts: 52

    Malwarebytes' Anti-Malware 1.50 Result

    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5214

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18975

    12/3/2010 6:19:24 PM
    mbam-log-2010-12-03 (18-19-24).txt

    Scan type: Quick scan
    Objects scanned: 143639
    Time elapsed: 2 minute(s), 36 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  10. nikkhasnsi

    nikkhasnsi Newcomer, in training Topic Starter Posts: 52

    GMER Log

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2010-12-03 18:06:45
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdePort0 ST3250310AS rev.3.ADA
    Running: GMER.exe; Driver: C:\Users\admin\AppData\Local\Temp\fxldipow.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sectors 488280994 (+254): rootkit-like behavior;

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP2T0L0-3 8748BAEA
    Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3 84D421F8
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8748BAEA
    Device \Driver\atapi \Device\Ide\IdePort0 84D421F8
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8748BAEA
    Device \Driver\atapi \Device\Ide\IdePort1 84D421F8
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8748BAEA
    Device \Driver\atapi \Device\Ide\IdePort2 84D421F8
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8748BAEA
    Device \Driver\atapi \Device\Ide\IdePort3 84D421F8
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-2 8748BAEA
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 84D421F8
    Device \Driver\agyoh4d0 \Device\Scsi\agyoh4d01Port5Path0Target0Lun0 8690A1F8
    Device \Driver\agyoh4d0 \Device\Scsi\agyoh4d01 8690A1F8
    Device \FileSystem\Ntfs \Ntfs 84D431F8
    Device \FileSystem\fastfat \Fat 889911F8

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Ip SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

    Device \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskST3250310AS_____________________________3.ADA___#5&16f139c2&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- EOF - GMER 1.0.15 ----
  11. nikkhasnsi

    nikkhasnsi Newcomer, in training Topic Starter Posts: 52

    DDS Log

    DDS (Ver_10-11-27.01) - NTFSx86
    Run by admin at 18:09:34.43 on Fri 12/03/2010
    Internet Explorer: 8.0.6001.18975
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.1968 [GMT -8:00]

    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\System32\bgsvcgen.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Program Files\Norton 360\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Norton 360\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Epson Software\Event Manager\EEventManager.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\taskmgr.exe
    C:\Windows\system32\msiexec.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    \\?\C:\Windows\system32\wbem\WMIADAP.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\admin\Desktop\DDS by sUBs.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\norton 360\engine\4.3.0.5\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\norton 360\engine\4.3.0.5\IPSBHO.DLL
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: kikin Plugin: {e601996f-e400-41ca-804b-cd6373a7eee2} - c:\program files\kikin\ie_kikin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\norton 360\engine\4.3.0.5\coIEPlg.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    uRun: [EPSON WorkForce 610 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifja.exe /fu "c:\windows\temp\E_SF150.tmp" /EF "HKCU"
    uRun: [WorkForce 610(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifja.exe /fu "c:\windows\temp\E_SA565.tmp" /EF "HKCU"
    uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
    uRun: [Google Update] "c:\users\admin\appdata\local\google\update\GoogleUpdate.exe" /c
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
    mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
    mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
    mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
    DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\fdi9ug62.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\users\admin\appdata\roaming\mozilla\plugins\npicaN.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    ============= SERVICES / DRIVERS ===============

    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-11-4 328752]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-11-4 173104]
    R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\bashdefs\20101123.003\BHDrvx86.sys [2010-11-22 691248]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-11-4 501888]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\ipsdefs\20101130.001\IDSvix86.sys [2010-10-19 353840]
    R1 SWIPsec;SonicWALL IPsec Driver;c:\windows\system32\drivers\SWIPsec.sys [2010-10-30 87064]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-11-4 116784]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0403000.005\symtdiv.sys [2010-11-4 339504]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-27 176128]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-2 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-2 267944]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-2 60936]
    R2 N360;Norton 360;c:\program files\norton 360\norton 360\engine\4.3.0.5\ccsvchst.exe [2010-11-4 126392]
    R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
    R2 SWGVCSvc;SonicWALL Global VPN Client Service;c:\program files\sonicwall\sonicwall global vpn client\SWGVCSvc.exe [2009-3-5 227352]
    R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-10-27 6573568]
    R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-10-27 229888]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-11-12 102448]
    R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-5-20 30576]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    S3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\drivers\SWVNIC.sys [2009-3-4 21016]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    =============== Created Last 30 ================

    2010-12-04 01:05:01 -------- d-----w- c:\windows\system32\directx
    2010-12-03 23:51:57 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
    2010-12-03 20:04:09 -------- d-----w- c:\progra~2\TheFallTrilogy
    2010-12-03 19:45:44 -------- d-----w- c:\program files\METRO 2033
    2010-12-03 01:50:43 -------- d-----w- c:\users\admin\appdata\roaming\Avira
    2010-12-03 01:45:38 -------- d-----w- c:\users\admin\appdata\local\Google
    2010-12-03 01:45:12 -------- d-----w- c:\users\admin\appdata\local\Deployment
    2010-12-03 01:45:12 -------- d-----w- c:\users\admin\appdata\local\Apps
    2010-12-03 01:44:35 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-12-03 01:44:31 -------- d-----w- c:\program files\Avira
    2010-12-03 01:44:31 -------- d-----w- c:\progra~2\Avira
    2010-12-02 05:44:01 -------- d-----r- c:\program files\Skype
    2010-12-02 05:40:06 -------- d-----w- c:\users\admin\appdata\local\Yahoo
    2010-12-02 05:37:21 -------- d-----w- c:\program files\Yahoo!
    2010-12-02 03:04:21 -------- d-----w- c:\users\admin\appdata\local\ATI
    2010-12-02 02:58:38 -------- d-----w- c:\program files\common files\ATI Technologies
    2010-12-02 02:58:25 105488 ----a-w- c:\windows\system32\drivers\AtiHdmi.sys
    2010-12-02 02:58:16 0 ----a-w- c:\windows\ativpsrm.bin
    2010-12-02 02:57:34 319456 ----a-w- c:\windows\system32\Difxapi.dll
    2010-12-02 02:57:33 52736 ----a-w- c:\windows\system32\coinst.dll
    2010-12-02 02:56:47 -------- d-----w- c:\program files\ATI Technologies
    2010-12-02 02:56:46 -------- d-----w- c:\program files\ATI
    2010-12-02 02:46:50 753664 ----a-w- c:\windows\system32\nvcplui.exe
    2010-12-02 02:46:50 413696 ----a-w- c:\windows\system32\nvcpl.cpl
    2010-12-02 02:46:50 307200 ----a-w- c:\windows\system32\nvexpbar.dll
    2010-12-02 02:46:50 1073152 ----a-w- c:\windows\system32\nvcpluir.dll
    2010-12-02 02:25:46 -------- d-----w- c:\users\admin\appdata\roaming\kikin
    2010-12-02 02:25:46 -------- d-----w- c:\program files\kikin
    2010-12-02 02:25:37 -------- d-----w- c:\users\admin\appdata\local\OpenCandy
    2010-12-02 02:25:34 -------- d-----w- c:\users\admin\appdata\roaming\OpenCandy
    2010-12-02 02:25:32 -------- d-----w- c:\program files\Phyxion.net
    2010-12-02 02:23:13 -------- d-----w- c:\program files\oZone3D
    2010-12-01 16:53:33 -------- d-----w- c:\program files\MSXML 4.0
    2010-12-01 16:31:47 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
    2010-12-01 16:31:34 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{d9e27a02-2591-454f-8a61-2c3d55cd2011}\mpengine.dll
    2010-12-01 03:22:31 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2010-12-01 03:22:30 -------- d-----w- c:\program files\Hitman Pro 3.5
    2010-12-01 03:21:56 -------- d-----w- c:\progra~2\Hitman Pro
    2010-11-30 02:08:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-30 02:08:24 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-30 02:08:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-11-29 02:40:01 -------- d-----w- c:\users\admin\appdata\roaming\Malwarebytes
    2010-11-29 02:39:41 -------- d-----w- c:\progra~2\Malwarebytes
    2010-11-27 21:20:40 -------- d-----w- C:\Intel
    2010-11-27 20:58:14 521128 ----a-w- c:\windows\system32\dpinst.exe
    2010-11-27 04:57:43 -------- d-----w- c:\users\admin\appdata\roaming\.ABC
    2010-11-27 04:56:48 -------- d-----w- c:\program files\ABC
    2010-11-27 04:27:59 -------- d-----w- c:\windows\The Fall Trilogy
    2010-11-27 04:27:59 -------- d-----w- c:\program files\The Fall Trilogy
    2010-11-27 01:48:10 -------- d-----w- c:\program files\Youdagames
    2010-11-27 01:40:48 -------- d-----w- c:\program files\Roads of Rome
    2010-11-27 00:24:37 -------- d-----w- c:\users\admin\appdata\roaming\Realore_Whiterra Roads Of Rome
    2010-11-27 00:24:07 -------- d-----w- c:\progra~2\Youdagames
    2010-11-26 03:15:00 -------- d-----w- c:\windows\Youda Marina
    2010-11-26 03:15:00 -------- d-----w- c:\program files\Youda Marina
    2010-11-24 02:07:39 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
    2010-11-24 02:07:39 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
    2010-11-24 02:07:39 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
    2010-11-24 02:07:39 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
    2010-11-24 02:07:38 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
    2010-11-24 02:07:33 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
    2010-11-24 02:07:33 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
    2010-11-24 02:06:18 45056 ----a-r- c:\users\admin\appdata\roaming\microsoft\installer\{42929f0f-ce14-47af-9fc7-ff297a603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
    2010-11-24 02:06:13 -------- d-----w- c:\windows\system32\vmm32
    2010-11-24 02:06:13 -------- d-----w- c:\program files\Dell
    2010-11-18 02:17:17 -------- d-----w- c:\users\admin\appdata\local\Ahead
    2010-11-18 02:13:00 -------- d-----w- c:\program files\Nero
    2010-11-18 02:13:00 -------- d-----w- c:\progra~2\Nero
    2010-11-15 04:24:00 90112 ----a-w- c:\windows\unvise32.exe
    2010-11-15 04:23:28 -------- d-----w- c:\program files\DivX
    2010-11-15 02:56:31 10833920 ----a-w- c:\windows\system32\libmfxsw32.dll
    2010-11-15 02:56:30 10915840 ----a-w- c:\windows\system32\libmfxhw32.dll
    2010-11-15 02:11:47 -------- d-----w- c:\users\admin\appdata\roaming\Pavtube
    2010-11-15 02:09:52 -------- d-----w- c:\users\admin\appdata\roaming\GetRightToGo
    2010-11-14 23:17:09 -------- d-----w- c:\users\admin\appdata\roaming\AVS4YOU
    2010-11-14 23:17:06 -------- d-----w- c:\progra~2\AVS4YOU
    2010-11-14 23:14:34 -------- d-----w- c:\program files\common files\AVSMedia
    2010-11-14 23:14:33 974848 ----a-w- c:\windows\system32\mfc70.dll
    2010-11-14 23:14:33 487424 ----a-w- c:\windows\system32\msvcp70.dll
    2010-11-14 23:14:33 344064 ----a-w- c:\windows\system32\msvcr70.dll
    2010-11-14 23:14:32 24576 ----a-w- c:\windows\system32\msxml3a.dll
    2010-11-14 23:14:32 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
    2010-11-14 23:14:32 -------- d-----w- c:\program files\AVS4YOU
    2010-11-14 23:13:44 -------- d-----w- c:\program files\AVS Video Converter
    2010-11-14 22:49:12 -------- d-----w- c:\users\admin\appdata\local\CrashDumps
    2010-11-14 21:41:45 -------- d-----w- c:\progra~2\ArcSoft
    2010-11-14 21:28:09 -------- d-----w- c:\users\admin\appdata\roaming\Moyea
    2010-11-14 21:28:07 -------- d-----w- c:\users\admin\appdata\roaming\leawo
    2010-11-14 21:28:07 -------- d-----w- c:\progra~2\Leawo
    2010-11-14 21:27:22 165376 ----a-w- c:\windows\system32\unrar.dll
    2010-11-14 20:53:35 -------- d-----w- c:\users\admin\appdata\local\ArcSoft
    2010-11-14 20:51:42 11776 ----a-w- c:\windows\system32\drivers\afc.sys
    2010-11-14 20:51:31 126976 ----a-w- c:\windows\system32\MediaImpression Slideshow.scr
    2010-11-14 20:51:04 -------- d-----w- c:\windows\system32\MediaImpression Slideshow
    2010-11-14 20:48:05 33408 ----a-w- c:\windows\system32\drivers\cdrbsdrv.sys
    2010-11-14 20:48:04 59488 ----a-w- c:\windows\system32\GenSvcInst.exe
    2010-11-14 20:48:04 145504 ----a-w- c:\windows\system32\bgsvcgen.exe
    2010-11-14 20:47:22 45056 ----a-w- c:\windows\system32\PhDi2.sys
    2010-11-14 20:39:09 -------- d-----w- c:\program files\BitPim
    2010-11-14 00:18:05 -------- d-----w- c:\progra~2\Elaborate Bytes
    2010-11-13 00:34:07 -------- d-----w- c:\program files\CloneDVD2
    2010-11-12 23:16:44 87608 ----a-w- c:\users\admin\appdata\roaming\inst.exe
    2010-11-12 23:16:44 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
    2010-11-12 23:16:44 47360 ----a-w- c:\users\admin\appdata\roaming\pcouffin.sys
    2010-11-12 23:16:35 -------- d-----w- c:\program files\DVDFab 8
    2010-11-12 22:52:51 -------- d-----w- c:\program files\SlySoft
    2010-11-12 22:39:07 334792 ----a-w- c:\windows\system32\_AxShlEx.dll
    2010-11-12 22:35:25 -------- d-----w- c:\program files\Alcohol Soft
    2010-11-11 16:04:43 716272 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-11-11 15:40:15 -------- d-----w- c:\users\admin\appdata\local\Adobe
    2010-11-11 01:09:00 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2010-11-07 22:35:24 -------- d-----w- c:\users\admin\appdata\local\Microsoft Games
    2010-11-06 18:11:19 -------- d-----w- c:\users\admin\appdata\local\Apple Computer
    2010-11-06 18:09:25 -------- d-----w- c:\program files\iPod
    2010-11-06 18:09:24 -------- d-----w- c:\program files\iTunes
    2010-11-06 18:09:24 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-11-06 17:58:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
    2010-11-06 17:58:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
    2010-11-06 17:58:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
    2010-11-06 17:58:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
    2010-11-06 17:58:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
    2010-11-06 17:58:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
    2010-11-06 17:58:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
    2010-11-06 17:56:29 -------- d-----w- c:\users\admin\appdata\local\Apple
    2010-11-06 17:53:57 -------- d-----w- c:\program files\Bonjour
    2010-11-05 20:49:37 77824 ----a-w- c:\windows\system32\EBAPI.dll
    2010-11-05 20:49:37 65536 ----a-w- c:\windows\system32\EEBUtil.dll
    2010-11-05 20:49:37 55808 ----a-w- c:\windows\system32\EEBSDKIF.dll
    2010-11-05 20:49:37 135168 ----a-w- c:\windows\system32\EEBAPI.dll
    2010-11-05 20:49:37 110592 ----a-w- c:\windows\system32\EEBDSCVR.dll
    2010-11-05 18:16:11 474892 ----a-w- c:\windows\system32\ensppmon.dll
    2010-11-05 18:16:11 474892 ----a-w- c:\windows\system32\enppmon.dll
    2010-11-05 18:16:11 457611 ----a-w- c:\windows\system32\ensppui.dll
    2010-11-05 18:16:11 457611 ----a-w- c:\windows\system32\enppui.dll
    2010-11-05 18:16:11 249344 ----a-w- c:\windows\system32\enspres.dll
    2010-11-05 18:16:11 249344 ----a-w- c:\windows\system32\enpres.dll
    2010-11-05 18:16:10 -------- d-----w- c:\program files\EpsonNet
    2010-11-05 18:15:03 -------- d-----w- c:\program files\common files\EPSON
    2010-11-05 18:13:38 282624 ----a-w- c:\program files\common files\installshield\updateservice\agent.exe
    2010-11-05 18:10:41 342016 ----a-w- c:\windows\system32\eswiaud.dll
    2010-11-05 18:10:41 15872 ----a-w- c:\windows\system32\escdev.dll
    2010-11-05 18:10:41 128392 ----a-w- c:\windows\system32\esdevapp.exe
    2010-11-05 18:10:37 -------- d-----w- c:\program files\epson
    2010-11-05 18:04:22 93696 ----a-w- c:\windows\system32\E_FLBFJA.DLL
    2010-11-05 18:04:22 79360 ----a-w- c:\windows\system32\E_FD4BFJA.DLL
    2010-11-05 18:04:14 -------- d-----w- c:\progra~2\EPSON
    2010-11-04 16:43:05 501888 ----a-w- c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys
    2010-11-04 16:43:05 43696 ----a-w- c:\windows\system32\drivers\n360\0403000.005\srtspx.sys
    2010-11-04 16:43:05 339504 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symtdiv.sys
    2010-11-04 16:43:05 328752 ----a-r- c:\windows\system32\drivers\n360\0403000.005\symds.sys
    2010-11-04 16:43:05 325680 ----a-w- c:\windows\system32\drivers\n360\0403000.005\srtsp.sys
    2010-11-04 16:43:05 173104 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symefa.sys
    2010-11-04 16:43:05 116784 ----a-w- c:\windows\system32\drivers\n360\0403000.005\ironx86.sys
    2010-11-04 16:42:53 -------- d-----w- c:\windows\system32\drivers\n360\0403000.005

    ==================== Find3M ====================

    2010-10-27 11:08:18 16281600 ----a-w- c:\windows\system32\atioglxx.dll
    2010-10-27 10:55:32 143360 ----a-w- c:\windows\system32\atiapfxx.exe
    2010-10-27 10:55:24 547328 ----a-w- c:\windows\system32\aticfx32.dll
    2010-10-27 10:52:18 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2010-10-27 10:51:56 393216 ----a-w- c:\windows\system32\atieclxx.exe
    2010-10-27 10:51:28 176128 ----a-w- c:\windows\system32\atiesrxx.exe
    2010-10-27 10:50:22 159744 ----a-w- c:\windows\system32\atitmmxx.dll
    2010-10-27 10:50:10 356352 ----a-w- c:\windows\system32\atipdlxx.dll
    2010-10-27 10:49:58 278528 ----a-w- c:\windows\system32\Oemdspif.dll
    2010-10-27 10:49:52 15872 ----a-w- c:\windows\system32\atimuixx.dll
    2010-10-27 10:49:46 43520 ----a-w- c:\windows\system32\ati2edxx.dll
    2010-10-27 10:46:58 4020736 ----a-w- c:\windows\system32\atidxx32.dll
    2010-10-27 10:35:28 46080 ----a-w- c:\windows\system32\aticalrt.dll
    2010-10-27 10:35:18 44032 ----a-w- c:\windows\system32\aticalcl.dll
    2010-10-27 10:33:52 5441536 ----a-w- c:\windows\system32\aticaldd.dll
    2010-10-27 10:28:22 4094464 ----a-w- c:\windows\system32\atiumdag.dll
    2010-10-27 10:14:50 249856 ----a-w- c:\windows\system32\atiadlxx.dll
    2010-10-27 10:14:42 12800 ----a-w- c:\windows\system32\atiglpxx.dll
    2010-10-27 10:14:32 27136 ----a-w- c:\windows\system32\atigktxx.dll
    2010-10-27 10:13:36 30720 ----a-w- c:\windows\system32\atiuxpag.dll
    2010-10-27 10:13:24 28672 ----a-w- c:\windows\system32\atiu9pag.dll
    2010-10-27 10:13:04 23040 ----a-w- c:\windows\system32\atitmpxx.dll
    2010-10-27 09:50:10 3460096 ----a-w- c:\windows\system32\atiumdva.dll
    2010-10-27 09:37:14 52736 ----a-w- c:\windows\system32\atimpc32.dll
    2010-10-27 09:37:14 52736 ----a-w- c:\windows\system32\amdpcom32.dll
    2010-10-22 11:43:18 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2010-10-22 11:43:18 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2010-10-19 18:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-10-05 21:47:54 129024 ----a-w- c:\program files\common files\Uninstall.exe
    2010-09-15 21:19:55 89256 ------w- c:\windows\system32\ElbyCDIO.dll
    2010-09-13 13:56:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2010-09-08 18:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 18:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
    2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-09-06 16:20:29 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2010-09-06 16:19:06 17920 ----a-w- c:\windows\system32\netevent.dll

    =================== ROOTKIT ====================

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.0.6002 Disk: ST3250310AS rev.3.ADA -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8748BEC5]<<
    _asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x8556b872; SUB DWORD [EBP-0x4], 0x8556b12e; PUSH EDI; CALL 0xffffffffffffdf33; }
    1 ntkrnlpa!IofCallDriver[0x82256962] -> \Device\Harddisk0\DR0[0x861B3400]
    3 CLASSPNP[0x8B3A18B3] -> ntkrnlpa!IofCallDriver[0x82256962] -> [0x85B2DA08]
    5 acpi[0x8AC136BC] -> ntkrnlpa!IofCallDriver[0x82256962] -> [0x85B5EB98]
    [0x869608E8] -> IRP_MJ_CREATE -> 0x8748BEC5
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
    detected disk devices:
    \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskST3250310AS_____________________________3.ADA___#5&16f139c2&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x8748BAEA
    \Driver\atapi -> 0x84d421f8
    user & kernel MBR OK
    sectors 488281248 (+255): user != kernel
    Warning: possible TDL3 rootkit infection !

    ============= FINISH: 18:10:53.92 ===============
  12. nikkhasnsi

    nikkhasnsi Newcomer, in training Topic Starter Posts: 52

    Attach.txt

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-11-27.01)

    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 10/29/2010 10:59:42 AM
    System Uptime: 12/3/2010 4:43:04 PM (2 hours ago)

    Motherboard: Dell Inc. | | 0CU409
    Processor: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz | Socket 775 | 2200/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 223 GiB total, 169.191 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 4.764 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    G: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: SonicWALL Virtual NIC
    Device ID: ROOT\SWVNIC\0000
    Manufacturer: SonicWALL
    Name: SonicWALL Virtual NIC
    PNP Device ID: ROOT\SWVNIC\0000
    Service: SWVNIC

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    ABC (remove only)
    Adobe Flash Player 10 ActiveX
    Adobe Reader 8.1.1
    Adobe Shockwave Player 11.5
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Software Suite
    ATI AVIVO Codecs
    ATI Catalyst Install Manager
    Avira AntiVir Personal - Free Antivirus
    AVS Screen Capture version 1.1.2
    AVS Update Manager 1.0
    AVS Video Converter 6
    AVS Video Editor 5
    AVS Video Recorder 2.4
    AVS4YOU Software Navigator 1.3
    BitPim 1.0.7
    Bonjour
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Citrix XenApp Web Plugin
    CloneDVD2
    Dell Resource CD
    DivX Codec
    Driver Sweeper version 2.5.0
    DVDFab 8.0.0.5 (25/08/2010)
    Epson Event Manager
    EPSON Scan
    EPSON WorkForce 610 Series Printer Uninstall
    EpsonNet Print
    EpsonNet Setup
    Google Chrome
    Hitman Pro 3.5
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HydraVision
    iTunes
    kikin plugin 2.8
    LG USB Modem driver
    MagicTune Premium
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Corporation
    Microsoft LifeCam
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ Run Time Lib Setup
    Mozilla Firefox (3.6.12)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 8
    neroxml
    Norton 360
    NVIDIA Drivers
    NVIDIA PhysX
    oZone3D.Net FurMark v1.8.2
    PHOTOfunSTUDIO HD Edition
    QuickTime
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Skype Toolbars
    Skype™ 5.0
    SonicWALL Global VPN Client
    The Fall Trilogy
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    VCRedistSetup
    WinRAR archiver
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    Youda Marina
    Youda Survivor 1.00

    ==== Event Viewer Messages From Past Week ========

    12/3/2010 4:45:23 PM, Error: Service Control Manager [7022] - The MSCamSvc service hung on starting.
    12/2/2010 6:06:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    12/2/2010 6:00:21 PM, Error: EventLog [6008] - The previous system shutdown at 5:59:11 PM on 12/2/2010 was unexpected.
    12/2/2010 5:45:24 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
    12/2/2010 10:14:29 PM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).
    12/1/2010 7:16:17 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
    12/1/2010 7:14:25 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    12/1/2010 7:14:25 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.
    12/1/2010 7:12:51 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Update service, but this action failed with the following error: An instance of the service is already running.
    12/1/2010 6:45:17 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070103: Samsung - Display - SyncMaster 2494LW(Digital).
    12/1/2010 6:37:57 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    12/1/2010 6:37:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    12/1/2010 6:37:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    12/1/2010 6:37:24 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 ccHP DfsC eeCtrl ElbyCDIO IDSVix86 NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr SRTSPX SWIPsec SymIRON SYMTDIv tdx Wanarpv6
    12/1/2010 6:37:24 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/1/2010 6:37:24 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    12/1/2010 6:37:24 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
    12/1/2010 6:37:24 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    12/1/2010 6:37:24 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    12/1/2010 6:37:24 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    12/1/2010 6:37:24 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    12/1/2010 6:37:24 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
    12/1/2010 6:37:24 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/1/2010 6:37:24 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/1/2010 6:37:24 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/1/2010 6:37:24 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    12/1/2010 6:37:24 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    12/1/2010 6:37:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    12/1/2010 6:37:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    12/1/2010 6:37:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    12/1/2010 6:37:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    12/1/2010 6:37:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    12/1/2010 6:32:39 PM, Error: EventLog [6008] - The previous system shutdown at 6:28:20 PM on 12/1/2010 was unexpected.
    12/1/2010 5:42:01 PM, Error: EventLog [6008] - The previous system shutdown at 8:56:53 AM on 12/1/2010 was unexpected.

    ==== End Of File ===========================
  13. Broni

    Broni Malware Annihilator Posts: 45,317   +243

    You're running two AV programs, Avira and Norton.
    One of them has to go.
    If Norton, use this tool to remove it: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN

    =====================================================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  14. nikkhasnsi

    nikkhasnsi Newcomer, in training Topic Starter Posts: 52

    Heh...i thought the more the better for Anti virus..i guess not..i kept norton



    2010/12/03 21:37:42.0978 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01
    2010/12/03 21:37:42.0978 ================================================================================
    2010/12/03 21:37:42.0978 SystemInfo:
    2010/12/03 21:37:42.0978
    2010/12/03 21:37:42.0978 OS Version: 6.0.6002 ServicePack: 2.0
    2010/12/03 21:37:42.0978 Product type: Workstation
    2010/12/03 21:37:42.0979 ComputerName: HOME
    2010/12/03 21:37:42.0979 UserName: admin
    2010/12/03 21:37:42.0979 Windows directory: C:\Windows
    2010/12/03 21:37:42.0979 System windows directory: C:\Windows
    2010/12/03 21:37:42.0979 Processor architecture: Intel x86
    2010/12/03 21:37:42.0979 Number of processors: 2
    2010/12/03 21:37:42.0979 Page size: 0x1000
    2010/12/03 21:37:42.0979 Boot type: Normal boot
    2010/12/03 21:37:42.0979 ================================================================================
    2010/12/03 21:37:46.0597 Initialize success
    2010/12/03 21:37:47.0143 ================================================================================
    2010/12/03 21:37:47.0143 Scan started
    2010/12/03 21:37:47.0143 Mode: Manual;
    2010/12/03 21:37:47.0143 ================================================================================
    2010/12/03 21:37:48.0110 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    2010/12/03 21:37:48.0173 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    2010/12/03 21:37:48.0235 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    2010/12/03 21:37:48.0282 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    2010/12/03 21:37:48.0344 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    2010/12/03 21:37:48.0422 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\Windows\system32\drivers\Afc.sys
    2010/12/03 21:37:48.0516 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
    2010/12/03 21:37:48.0563 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    2010/12/03 21:37:48.0656 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2010/12/03 21:37:48.0703 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
    2010/12/03 21:37:48.0781 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    2010/12/03 21:37:48.0843 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
    2010/12/03 21:37:48.0890 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    2010/12/03 21:37:48.0984 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
    2010/12/03 21:37:49.0218 amdkmdag (a91e07a35c0f31da7905f4a79d1ad924) C:\Windows\system32\DRIVERS\atikmdag.sys
    2010/12/03 21:37:49.0358 amdkmdap (baac8ebb76c4cc16a342670263b0ef4d) C:\Windows\system32\DRIVERS\atikmpag.sys
    2010/12/03 21:37:49.0467 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    2010/12/03 21:37:49.0530 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    2010/12/03 21:37:49.0592 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    2010/12/03 21:37:49.0655 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    2010/12/03 21:37:49.0717 AtiHdmiService (e6530b7887652ad6ca32401483ae6766) C:\Windows\system32\drivers\AtiHdmi.sys
    2010/12/03 21:37:49.0811 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    2010/12/03 21:37:50.0029 BHDrvx86 (83a2fec59a0a0fc73bf6598e901b2fbd) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101123.003\BHDrvx86.sys
    2010/12/03 21:37:50.0138 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    2010/12/03 21:37:50.0201 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
    2010/12/03 21:37:50.0247 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2010/12/03 21:37:50.0294 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2010/12/03 21:37:50.0419 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2010/12/03 21:37:50.0466 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2010/12/03 21:37:50.0497 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2010/12/03 21:37:50.0544 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2010/12/03 21:37:50.0591 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    2010/12/03 21:37:50.0700 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys
    2010/12/03 21:37:50.0778 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    2010/12/03 21:37:50.0825 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\Windows\system32\drivers\cdrbsdrv.sys
    2010/12/03 21:37:50.0887 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    2010/12/03 21:37:50.0949 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
    2010/12/03 21:37:50.0996 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    2010/12/03 21:37:51.0059 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
    2010/12/03 21:37:51.0090 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
    2010/12/03 21:37:51.0121 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    2010/12/03 21:37:51.0152 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    2010/12/03 21:37:51.0230 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
    2010/12/03 21:37:51.0355 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    2010/12/03 21:37:51.0402 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys
    2010/12/03 21:37:51.0495 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    2010/12/03 21:37:51.0573 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
    2010/12/03 21:37:51.0651 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
    2010/12/03 21:37:51.0729 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2010/12/03 21:37:51.0807 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    2010/12/03 21:37:51.0885 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    2010/12/03 21:37:51.0995 ElbyCDIO (3a85ddb9da1b86624887e3acef10a944) C:\Windows\system32\Drivers\ElbyCDIO.sys
    2010/12/03 21:37:52.0026 Scan interrupted by user!
    2010/12/03 21:37:52.0026 Scan interrupted by user!
    2010/12/03 21:37:52.0026 ================================================================================
    2010/12/03 21:37:52.0026 Scan finished
    2010/12/03 21:37:52.0026 ================================================================================
    2010/12/03 21:37:59.0545 ================================================================================
    2010/12/03 21:37:59.0545 Scan started
    2010/12/03 21:37:59.0545 Mode: Manual;
    2010/12/03 21:37:59.0545 ================================================================================
    2010/12/03 21:37:59.0846 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    2010/12/03 21:37:59.0884 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    2010/12/03 21:37:59.0932 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    2010/12/03 21:37:59.0967 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    2010/12/03 21:38:00.0003 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    2010/12/03 21:38:00.0056 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\Windows\system32\drivers\Afc.sys
    2010/12/03 21:38:00.0096 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
    2010/12/03 21:38:00.0136 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    2010/12/03 21:38:00.0167 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2010/12/03 21:38:00.0207 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
    2010/12/03 21:38:00.0239 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    2010/12/03 21:38:00.0272 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
    2010/12/03 21:38:00.0294 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    2010/12/03 21:38:00.0345 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
    2010/12/03 21:38:00.0529 amdkmdag (a91e07a35c0f31da7905f4a79d1ad924) C:\Windows\system32\DRIVERS\atikmdag.sys
    2010/12/03 21:38:00.0624 amdkmdap (baac8ebb76c4cc16a342670263b0ef4d) C:\Windows\system32\DRIVERS\atikmpag.sys
    2010/12/03 21:38:00.0689 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    2010/12/03 21:38:00.0716 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    2010/12/03 21:38:00.0787 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    2010/12/03 21:38:00.0850 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    2010/12/03 21:38:00.0881 AtiHdmiService (e6530b7887652ad6ca32401483ae6766) C:\Windows\system32\drivers\AtiHdmi.sys
    2010/12/03 21:38:00.0975 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    2010/12/03 21:38:01.0146 BHDrvx86 (83a2fec59a0a0fc73bf6598e901b2fbd) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101123.003\BHDrvx86.sys
    2010/12/03 21:38:01.0271 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    2010/12/03 21:38:01.0287 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
    2010/12/03 21:38:01.0302 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2010/12/03 21:38:01.0318 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2010/12/03 21:38:01.0349 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2010/12/03 21:38:01.0380 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2010/12/03 21:38:01.0411 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2010/12/03 21:38:01.0427 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2010/12/03 21:38:01.0458 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    2010/12/03 21:38:01.0521 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys
    2010/12/03 21:38:01.0583 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    2010/12/03 21:38:01.0630 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\Windows\system32\drivers\cdrbsdrv.sys
    2010/12/03 21:38:01.0677 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    2010/12/03 21:38:01.0723 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
    2010/12/03 21:38:01.0770 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    2010/12/03 21:38:01.0801 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
    2010/12/03 21:38:01.0817 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
    2010/12/03 21:38:01.0848 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    2010/12/03 21:38:01.0895 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    2010/12/03 21:38:01.0957 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
    2010/12/03 21:38:02.0004 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    2010/12/03 21:38:02.0035 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys
    2010/12/03 21:38:02.0082 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    2010/12/03 21:38:02.0145 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
    2010/12/03 21:38:02.0176 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
    2010/12/03 21:38:02.0207 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2010/12/03 21:38:02.0269 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    2010/12/03 21:38:02.0347 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    2010/12/03 21:38:02.0425 ElbyCDIO (3a85ddb9da1b86624887e3acef10a944) C:\Windows\system32\Drivers\ElbyCDIO.sys
    2010/12/03 21:38:02.0472 ElbyDelay (e205c313417da6fa7afe85912a310a65) C:\Windows\system32\Drivers\ElbyDelay.sys
    2010/12/03 21:38:02.0519 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    2010/12/03 21:38:02.0644 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    2010/12/03 21:38:02.0722 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
    2010/12/03 21:38:02.0815 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    2010/12/03 21:38:02.0893 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    2010/12/03 21:38:02.0956 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    2010/12/03 21:38:03.0003 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    2010/12/03 21:38:03.0034 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    2010/12/03 21:38:03.0081 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    2010/12/03 21:38:03.0143 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    2010/12/03 21:38:03.0237 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    2010/12/03 21:38:03.0283 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    2010/12/03 21:38:03.0361 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2010/12/03 21:38:03.0424 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
    2010/12/03 21:38:03.0517 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2010/12/03 21:38:03.0564 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    2010/12/03 21:38:03.0595 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    2010/12/03 21:38:03.0658 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    2010/12/03 21:38:03.0720 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
    2010/12/03 21:38:03.0814 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    2010/12/03 21:38:03.0861 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    2010/12/03 21:38:03.0923 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    2010/12/03 21:38:03.0970 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    2010/12/03 21:38:04.0173 IDSVix86 (ee90168d5578359fe9a295b8611330c0) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101130.001\IDSvix86.sys
    2010/12/03 21:38:04.0266 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2010/12/03 21:38:04.0375 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    2010/12/03 21:38:04.0407 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    2010/12/03 21:38:04.0485 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2010/12/03 21:38:04.0594 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
    2010/12/03 21:38:04.0656 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    2010/12/03 21:38:04.0703 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    2010/12/03 21:38:04.0765 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    2010/12/03 21:38:04.0797 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    2010/12/03 21:38:04.0859 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2010/12/03 21:38:04.0906 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2010/12/03 21:38:04.0953 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2010/12/03 21:38:05.0031 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
    2010/12/03 21:38:05.0109 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    2010/12/03 21:38:05.0187 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    2010/12/03 21:38:05.0249 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
    2010/12/03 21:38:05.0296 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
    2010/12/03 21:38:05.0374 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
    2010/12/03 21:38:05.0405 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    2010/12/03 21:38:05.0467 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
    2010/12/03 21:38:05.0530 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
    2010/12/03 21:38:05.0592 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    2010/12/03 21:38:05.0655 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    2010/12/03 21:38:05.0701 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    2010/12/03 21:38:05.0764 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    2010/12/03 21:38:05.0795 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    2010/12/03 21:38:05.0811 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
    2010/12/03 21:38:05.0889 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    2010/12/03 21:38:05.0904 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2010/12/03 21:38:05.0998 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    2010/12/03 21:38:06.0029 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2010/12/03 21:38:06.0076 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2010/12/03 21:38:06.0123 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2010/12/03 21:38:06.0169 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
    2010/12/03 21:38:06.0263 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
    2010/12/03 21:38:06.0357 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    2010/12/03 21:38:06.0403 MSHUSBVideo (5119ffc2a6b51089cdb0efdc75808c97) C:\Windows\system32\Drivers\nx6000.sys
    2010/12/03 21:38:06.0450 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    2010/12/03 21:38:06.0497 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    2010/12/03 21:38:06.0575 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    2010/12/03 21:38:06.0606 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    2010/12/03 21:38:06.0684 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    2010/12/03 21:38:06.0715 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    2010/12/03 21:38:06.0762 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    2010/12/03 21:38:06.0809 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    2010/12/03 21:38:06.0887 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    2010/12/03 21:38:07.0074 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101203.032\NAVENG.SYS
    2010/12/03 21:38:07.0168 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101203.032\NAVEX15.SYS
    2010/12/03 21:38:07.0355 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    2010/12/03 21:38:07.0402 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    2010/12/03 21:38:07.0449 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    2010/12/03 21:38:07.0527 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2010/12/03 21:38:07.0589 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    2010/12/03 21:38:07.0636 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    2010/12/03 21:38:07.0698 netbt (119b59d7f9706aa96f2327be2da7911c) C:\Windows\system32\DRIVERS\netbt.sys
    2010/12/03 21:38:07.0698 Suspicious file (Forged): C:\Windows\system32\DRIVERS\netbt.sys. Real md5: 119b59d7f9706aa96f2327be2da7911c, Fake md5: 150e9961d5b47889d53ff9fd4f0320a3
    2010/12/03 21:38:07.0698 netbt - detected Rootkit.Win32.TDSS.tdl3 (0)
    2010/12/03 21:38:07.0761 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    2010/12/03 21:38:07.0823 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    2010/12/03 21:38:07.0870 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    2010/12/03 21:38:07.0963 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    2010/12/03 21:38:08.0026 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    2010/12/03 21:38:08.0073 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    2010/12/03 21:38:08.0338 nvlddmkm (671c58cc8dadfe2903207f299ce7a0e1) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2010/12/03 21:38:08.0603 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
    2010/12/03 21:38:08.0681 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    2010/12/03 21:38:08.0759 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    2010/12/03 21:38:08.0806 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    2010/12/03 21:38:08.0868 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    2010/12/03 21:38:08.0899 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
    2010/12/03 21:38:08.0993 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    2010/12/03 21:38:09.0040 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
    2010/12/03 21:38:09.0165 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2010/12/03 21:38:09.0243 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    2010/12/03 21:38:09.0305 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
    2010/12/03 21:38:09.0383 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    2010/12/03 21:38:09.0461 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
    2010/12/03 21:38:09.0664 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2010/12/03 21:38:09.0742 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    2010/12/03 21:38:09.0835 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    2010/12/03 21:38:09.0991 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2010/12/03 21:38:10.0038 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    2010/12/03 21:38:10.0085 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    2010/12/03 21:38:10.0179 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    2010/12/03 21:38:10.0225 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2010/12/03 21:38:10.0303 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
    2010/12/03 21:38:10.0335 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    2010/12/03 21:38:10.0381 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    2010/12/03 21:38:10.0506 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    2010/12/03 21:38:10.0537 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    2010/12/03 21:38:10.0631 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2010/12/03 21:38:10.0709 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    2010/12/03 21:38:10.0771 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    2010/12/03 21:38:10.0803 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    2010/12/03 21:38:10.0896 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
    2010/12/03 21:38:10.0943 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
    2010/12/03 21:38:10.0974 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
    2010/12/03 21:38:11.0037 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    2010/12/03 21:38:11.0099 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
    2010/12/03 21:38:11.0146 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
    2010/12/03 21:38:11.0208 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
    2010/12/03 21:38:11.0271 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    2010/12/03 21:38:11.0364 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    2010/12/03 21:38:11.0427 sptd (7f1b7c4d446cd3f926af45b8c48bd593) C:\Windows\system32\Drivers\sptd.sys
    2010/12/03 21:38:11.0427 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 7f1b7c4d446cd3f926af45b8c48bd593
    2010/12/03 21:38:11.0427 sptd - detected Locked file (1)
    2010/12/03 21:38:11.0505 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS
    2010/12/03 21:38:11.0536 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS
    2010/12/03 21:38:11.0583 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
    2010/12/03 21:38:11.0614 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
    2010/12/03 21:38:11.0645 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
    2010/12/03 21:38:11.0739 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    2010/12/03 21:38:11.0848 SWIPsec (ebd83e322b4eb50f6a1d8d7b42d3745e) C:\Windows\system32\Drivers\SWIPsec.sys
    2010/12/03 21:38:11.0879 SWVNIC (962b13026b10b82d2874bfda4ecc048d) C:\Windows\system32\DRIVERS\swvnic.sys
    2010/12/03 21:38:11.0941 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2010/12/03 21:38:12.0004 SymDS (56890bf9d9204b93042089d4b45ae671) C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS
    2010/12/03 21:38:12.0097 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS
    2010/12/03 21:38:12.0160 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\Windows\system32\Drivers\SYMEVENT.SYS
    2010/12/03 21:38:12.0253 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS
    2010/12/03 21:38:12.0285 SYMTDIv (bf610335eda8d9026e45b4ac73d0de58) C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS
    2010/12/03 21:38:12.0347 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2010/12/03 21:38:12.0394 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2010/12/03 21:38:12.0534 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
    2010/12/03 21:38:12.0581 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
    2010/12/03 21:38:12.0628 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    2010/12/03 21:38:12.0690 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    2010/12/03 21:38:12.0768 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    2010/12/03 21:38:12.0846 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    2010/12/03 21:38:12.0877 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    2010/12/03 21:38:13.0018 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2010/12/03 21:38:13.0080 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    2010/12/03 21:38:13.0158 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
    2010/12/03 21:38:13.0221 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
    2010/12/03 21:38:13.0299 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    2010/12/03 21:38:13.0392 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
    2010/12/03 21:38:13.0423 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
    2010/12/03 21:38:13.0470 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2010/12/03 21:38:13.0517 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2010/12/03 21:38:13.0548 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    2010/12/03 21:38:13.0642 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
    2010/12/03 21:38:13.0720 usbbus (9419faac6552a51542dbba02971c841c) C:\Windows\system32\DRIVERS\lgusbbus.sys
    2010/12/03 21:38:13.0767 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    2010/12/03 21:38:13.0845 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    2010/12/03 21:38:13.0923 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\Windows\system32\DRIVERS\lgusbdiag.sys
    2010/12/03 21:38:14.0047 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    2010/12/03 21:38:14.0079 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    2010/12/03 21:38:14.0157 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\Windows\system32\DRIVERS\lgusbmodem.sys
    2010/12/03 21:38:14.0172 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
    2010/12/03 21:38:14.0203 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    2010/12/03 21:38:14.0281 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    2010/12/03 21:38:14.0344 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2010/12/03 21:38:14.0406 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    2010/12/03 21:38:14.0453 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    2010/12/03 21:38:14.0547 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    2010/12/03 21:38:14.0593 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    2010/12/03 21:38:14.0671 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
    2010/12/03 21:38:14.0765 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
    2010/12/03 21:38:14.0827 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
    2010/12/03 21:38:14.0905 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    2010/12/03 21:38:14.0983 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    2010/12/03 21:38:15.0015 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    2010/12/03 21:38:15.0077 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
    2010/12/03 21:38:15.0186 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2010/12/03 21:38:15.0217 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/12/03 21:38:15.0249 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/12/03 21:38:15.0342 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    2010/12/03 21:38:15.0389 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    2010/12/03 21:38:15.0545 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
    2010/12/03 21:38:15.0670 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    2010/12/03 21:38:15.0779 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2010/12/03 21:38:15.0857 ================================================================================
    2010/12/03 21:38:15.0857 Scan finished
    2010/12/03 21:38:15.0857 ================================================================================
    2010/12/03 21:38:15.0857 Detected object count: 2
    2010/12/03 21:38:31.0005 netbt (119b59d7f9706aa96f2327be2da7911c) C:\Windows\system32\DRIVERS\netbt.sys
    2010/12/03 21:38:31.0020 Suspicious file (Forged): C:\Windows\system32\DRIVERS\netbt.sys. Real md5: 119b59d7f9706aa96f2327be2da7911c, Fake md5: 150e9961d5b47889d53ff9fd4f0320a3
    2010/12/03 21:38:31.0395 Backup copy found, using it..
    2010/12/03 21:38:31.0551 C:\Windows\system32\DRIVERS\netbt.sys - will be cured after reboot
    2010/12/03 21:38:31.0551 Rootkit.Win32.TDSS.tdl3(netbt) - User select action: Cure
    2010/12/03 21:38:31.0551 Locked file(sptd) - User select action: Skip
    2010/12/03 21:38:35.0841 Deinitialize success
  15. Broni

    Broni Malware Annihilator Posts: 45,317   +243

    Good job :)

    How is redirection?

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.pif
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  16. nikkhasnsi

    nikkhasnsi Newcomer, in training Topic Starter Posts: 52

    Redirect seems to work properly now.....still did the following steps


    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 32-bit
    Base Board Manufacturer: Dell Inc.
    BIOS Manufacturer: Dell Inc.
    System Manufacturer: Dell Inc.
    System Product Name: Vostro 200
    Logical Drives Mask: 0x0000007c

    Kernel Drivers (total 161):
    0x82245000 \SystemRoot\system32\ntkrnlpa.exe
    0x82212000 \SystemRoot\system32\hal.dll
    0x8040B000 \SystemRoot\system32\kdcom.dll
    0x80412000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x80482000 \SystemRoot\system32\PSHED.dll
    0x80493000 \SystemRoot\system32\BOOTVID.dll
    0x8049B000 \SystemRoot\system32\CLFS.SYS
    0x804DC000 \SystemRoot\system32\CI.dll
    0x80608000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x80684000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x80691000 \SystemRoot\System32\Drivers\spsy.sys
    0x8078E000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x80797000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x8AC02000 \SystemRoot\system32\drivers\acpi.sys
    0x8AC48000 \SystemRoot\system32\drivers\msisadrv.sys
    0x8AC50000 \SystemRoot\system32\drivers\pci.sys
    0x8AC77000 \SystemRoot\System32\drivers\partmgr.sys
    0x8AC86000 \SystemRoot\system32\drivers\volmgr.sys
    0x8AC95000 \SystemRoot\System32\drivers\volmgrx.sys
    0x8ACDF000 \SystemRoot\system32\drivers\pciide.sys
    0x8ACE6000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x8ACF4000 \SystemRoot\System32\drivers\mountmgr.sys
    0x8AD04000 \SystemRoot\system32\drivers\atapi.sys
    0x8AD0C000 \SystemRoot\system32\drivers\ataport.SYS
    0x8AD2A000 \SystemRoot\system32\drivers\fltmgr.sys
    0x8AD5C000 \SystemRoot\system32\drivers\N360\0403000.005\SYMDS.SYS
    0x8ADB2000 \SystemRoot\system32\drivers\fileinfo.sys
    0x8ADC2000 \SystemRoot\system32\drivers\N360\0403000.005\SYMEFA.SYS
    0x8AE0D000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x8AE7E000 \SystemRoot\system32\drivers\ndis.sys
    0x8AF89000 \SystemRoot\system32\drivers\msrpc.sys
    0x8AFB4000 \SystemRoot\system32\drivers\NETIO.SYS
    0x8B004000 \SystemRoot\System32\drivers\tcpip.sys
    0x8B0EE000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8B202000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x8B312000 \SystemRoot\system32\drivers\volsnap.sys
    0x8B34B000 \SystemRoot\System32\Drivers\spldr.sys
    0x8B353000 \SystemRoot\System32\Drivers\mup.sys
    0x8B362000 \SystemRoot\System32\drivers\ecache.sys
    0x8B389000 \SystemRoot\system32\drivers\disk.sys
    0x8B39A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x8B3BB000 \SystemRoot\system32\drivers\crcdisk.sys
    0x8B3E4000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x8B3EF000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x8B109000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x8B118000 \SystemRoot\system32\DRIVERS\atikmpag.sys
    0x9020D000 \SystemRoot\system32\DRIVERS\atikmdag.sys
    0x908A0000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x90941000 \SystemRoot\System32\drivers\watchdog.sys
    0x9094D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x8B155000 \SystemRoot\system32\DRIVERS\e1e6032.sys
    0x909DA000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x8B18F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x909E5000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x8B1CD000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x8B1DD000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x909F4000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x90200000 \SystemRoot\system32\DRIVERS\fdc.sys
    0x8B3F8000 \SystemRoot\system32\drivers\Afc.sys
    0x8B1EB000 \SystemRoot\System32\Drivers\cdrbsdrv.SYS
    0x9020B000 \SystemRoot\System32\Drivers\ElbyDelay.sys
    0x807BD000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8B1F4000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x8FC0E000 \SystemRoot\System32\Drivers\acsj7c5j.SYS
    0x8FC73000 \SystemRoot\system32\DRIVERS\dne2000.sys
    0x8FC92000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x8FCC1000 \SystemRoot\system32\DRIVERS\storport.sys
    0x8FD02000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8FD0D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8FD24000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8FD2F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x8FD52000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x8FD61000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x8FD75000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x8FD8A000 \SystemRoot\System32\Drivers\pcouffin.sys
    0x8FD96000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8FDA6000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x8FDB1000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x8FDBC000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x8FDBE000 \SystemRoot\system32\DRIVERS\ks.sys
    0x8FDE8000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x8FDF2000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x805BC000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x8AFEF000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x807D5000 \SystemRoot\system32\drivers\AtiHdmi.sys
    0x8FE05000 \SystemRoot\system32\drivers\portcls.sys
    0x8FE32000 \SystemRoot\system32\drivers\drmk.sys
    0x8FE57000 \SystemRoot\system32\drivers\HdAudio.sys
    0x8FE96000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x8FE9F000 \SystemRoot\System32\Drivers\Null.SYS
    0x8FEA6000 \SystemRoot\System32\Drivers\Beep.SYS
    0x8FEB6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x8FEBD000 \SystemRoot\System32\drivers\vga.sys
    0x8FEC9000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x8FEEA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x8FEF2000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x8FEFA000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x8FF05000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x8FF13000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x8FF1C000 \??\C:\Windows\system32\Drivers\SWIPsec.sys
    0x8FF34000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x8FF4A000 \SystemRoot\System32\Drivers\N360\0403000.005\SYMTDIV.SYS
    0x8FFA3000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
    0x8FFC8000 \SystemRoot\system32\DRIVERS\smb.sys
    0x9120A000 \SystemRoot\system32\drivers\afd.sys
    0x91252000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x91284000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x9129A000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x912A8000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x912BB000 \SystemRoot\system32\drivers\N360\0403000.005\Ironx86.SYS
    0x912DA000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x912E3000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x912F3000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x912F5000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x912FD000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x91314000 \SystemRoot\System32\Drivers\nx6000.sys
    0x9131E000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x9133F000 \SystemRoot\system32\drivers\usbaudio.sys
    0x91351000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x9135A000 \SystemRoot\system32\drivers\N360\0403000.005\SRTSPX.SYS
    0x91364000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x913A0000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x91E02000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101130.001\IDSvix86.sys
    0x91E5D000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
    0x91E62000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    0x91EC0000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    0x91EDD000 \SystemRoot\System32\Drivers\dfsc.sys
    0x91EF4000 \SystemRoot\system32\drivers\N360\0403000.005\ccHPx86.sys
    0x92402000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101123.003\BHDrvx86.sys
    0x924AE000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x924BB000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x924C6000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x9B450000 \SystemRoot\System32\win32k.sys
    0x924CE000 \SystemRoot\System32\drivers\Dxapi.sys
    0x924D8000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x9B670000 \SystemRoot\System32\TSDDD.dll
    0x9B690000 \SystemRoot\System32\cdd.dll
    0x924E7000 \SystemRoot\system32\drivers\luafv.sys
    0x92502000 \SystemRoot\system32\drivers\spsys.sys
    0x925B2000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x925C2000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x91F73000 \SystemRoot\system32\drivers\HTTP.sys
    0x925D5000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x91FE0000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x913AA000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x913BF000 \SystemRoot\system32\drivers\mrxdav.sys
    0x913E0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x81609000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x81642000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x8165A000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x81682000 \SystemRoot\System32\DRIVERS\srv.sys
    0x816D0000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x816F8000 \SystemRoot\system32\drivers\peauth.sys
    0x817D6000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x817E0000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xA8400000 \SystemRoot\System32\Drivers\N360\0403000.005\SRTSP.SYS
    0xA8457000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101203.032\NAVEX15.SYS
    0xA85A5000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101203.032\NAVENG.SYS
    0xA85B9000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0xB0409000 \SystemRoot\system32\DRIVERS\udfs.sys
    0x77980000 \Windows\System32\ntdll.dll

    Processes (total 73):
    0 System Idle Process
    4 System
    424 C:\Windows\System32\smss.exe
    556 csrss.exe
    620 C:\Windows\System32\wininit.exe
    628 csrss.exe
    664 C:\Windows\System32\services.exe
    696 C:\Windows\System32\lsass.exe
    704 C:\Windows\System32\lsm.exe
    776 C:\Windows\System32\winlogon.exe
    880 C:\Windows\System32\svchost.exe
    940 C:\Windows\System32\svchost.exe
    984 C:\Windows\System32\svchost.exe
    1056 C:\Windows\System32\atiesrxx.exe
    1100 C:\Windows\System32\svchost.exe
    1148 C:\Windows\System32\svchost.exe
    1180 C:\Windows\System32\svchost.exe
    1260 C:\Windows\System32\audiodg.exe
    1288 C:\Windows\System32\svchost.exe
    1308 C:\Windows\System32\SLsvc.exe
    1356 C:\Windows\System32\svchost.exe
    1452 C:\Windows\System32\atieclxx.exe
    1592 C:\Windows\System32\svchost.exe
    1780 C:\Windows\System32\spoolsv.exe
    1804 C:\Windows\System32\svchost.exe
    2016 C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
    448 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    460 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    544 C:\Windows\System32\bgsvcgen.exe
    680 C:\Program Files\Bonjour\mDNSResponder.exe
    1012 C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
    1608 C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    1352 C:\Program Files\Norton 360\Norton 360\Engine\4.3.0.5\ccsvchst.exe
    1516 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    2104 C:\Windows\System32\svchost.exe
    2144 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    2208 C:\Windows\System32\svchost.exe
    2240 C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
    2344 C:\Windows\System32\svchost.exe
    2372 C:\Windows\System32\SearchIndexer.exe
    2472 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    2480 C:\Windows\System32\taskeng.exe
    3128 C:\Program Files\Norton 360\Norton 360\Engine\4.3.0.5\ccsvchst.exe
    3156 C:\Windows\System32\dwm.exe
    3204 C:\Windows\System32\taskeng.exe
    3260 C:\Windows\explorer.exe
    3688 C:\Windows\System32\taskeng.exe
    4076 dllhost.exe
    2952 C:\Program Files\Windows Defender\MSASCui.exe
    2732 C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
    1328 C:\Program Files\iTunes\iTunesHelper.exe
    1132 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    2792 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    156 C:\Program Files\Windows Media Player\wmpnscfg.exe
    3476 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3200 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    1192 WmiPrvSE.exe
    2540 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    1296 C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    3176 C:\Program Files\iPod\bin\iPodService.exe
    3372 C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
    2888 C:\Windows\System32\taskmgr.exe
    4148 C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
    4184 C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
    4312 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    4664 C:\Program Files\Internet Explorer\iexplore.exe
    4704 C:\Program Files\Internet Explorer\iexplore.exe
    5016 C:\Windows\System32\SearchProtocolHost.exe
    5028 C:\Windows\System32\SearchFilterHost.exe
    5264 C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe
    5296 C:\Windows\System32\SearchProtocolHost.exe
    6036 C:\Users\admin\Desktop\MBRCheck.exe
    6072 C:\Windows\System32\wbem\WMIADAP.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`83700000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03700000 (NTFS)

    PhysicalDrive0 Model Number: ST3250310AS, Rev: 3.ADA

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


    Done!
  17. Broni

    Broni Malware Annihilator Posts: 45,317   +243

    I still need Combofix log.
  18. nikkhasnsi

    nikkhasnsi Newcomer, in training Topic Starter Posts: 52

    ComboFix 10-12-04.01 - admin 12/04/2010 22:07:20.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.1833 [GMT -8:00]
    Running from: c:\users\admin\Desktop\ComboFix.exe
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\admin - Copy\AppData\Roaming\inst.exe
    c:\users\admin\AppData\Roaming\inst.exe

    .
    ((((((((((((((((((((((((( Files Created from 2010-11-05 to 2010-12-05 )))))))))))))))))))))))))))))))
    .

    2010-12-05 06:11 . 2010-12-05 06:11 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-12-04 06:17 . 2010-12-04 06:17 -------- d-----w- c:\windows\system32\xlive
    2010-12-04 06:17 . 2010-12-04 06:17 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
    2010-12-04 06:17 . 2008-07-12 16:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
    2010-12-04 06:17 . 2008-07-12 16:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
    2010-12-04 06:17 . 2008-07-12 16:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
    2010-12-04 06:06 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{59ECADB4-AFD3-4021-9A9A-2A20AEFF2004}\mpengine.dll
    2010-12-04 05:59 . 2010-12-04 05:59 -------- d-----w- c:\program files\Volition Inc
    2010-12-03 23:51 . 2005-05-26 23:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
    2010-12-03 20:04 . 2010-12-03 20:04 -------- d-----w- c:\programdata\TheFallTrilogy
    2010-12-03 02:06 . 2010-12-03 02:09 -------- d-----w- c:\users\admin - Copy
    2010-12-03 01:45 . 2010-12-03 01:46 -------- d-----w- c:\users\admin\AppData\Local\Google
    2010-12-03 01:45 . 2010-12-03 01:45 -------- d-----w- c:\users\admin\AppData\Local\Deployment
    2010-12-03 01:45 . 2010-12-03 01:45 -------- d-----w- c:\users\admin\AppData\Local\Apps
    2010-12-02 05:44 . 2010-12-02 05:44 -------- d-----w- c:\users\admin\AppData\Roaming\skypePM
    2010-12-02 05:44 . 2010-12-02 05:44 -------- d-----w- c:\program files\Common Files\Skype
    2010-12-02 05:44 . 2010-12-02 05:44 -------- d-----r- c:\program files\Skype
    2010-12-02 05:44 . 2010-12-02 06:24 -------- d-----w- c:\users\admin\AppData\Roaming\Skype
    2010-12-02 05:43 . 2010-12-02 05:44 -------- d-----w- c:\programdata\Skype
    2010-12-02 05:40 . 2010-12-02 05:40 -------- d-----w- c:\users\admin\AppData\Local\Yahoo
    2010-12-02 05:38 . 2010-12-02 05:40 -------- d-----w- c:\users\admin\AppData\Roaming\Yahoo!
    2010-12-02 05:38 . 2010-12-02 05:38 -------- d-----w- c:\programdata\Yahoo! Companion
    2010-12-02 05:38 . 2010-12-02 05:38 -------- d-----w- c:\programdata\Yahoo!
    2010-12-02 05:37 . 2010-12-02 05:38 -------- d-----w- c:\program files\Yahoo!
    2010-12-02 03:04 . 2010-12-02 03:04 -------- d-----w- c:\users\admin\AppData\Roaming\ATI
    2010-12-02 03:04 . 2010-12-02 03:04 -------- d-----w- c:\users\admin\AppData\Local\ATI
    2010-12-02 03:04 . 2010-12-02 03:04 -------- d-----w- c:\programdata\ATI
    2010-12-02 02:58 . 2010-12-02 02:58 -------- d-----w- c:\program files\Common Files\ATI Technologies
    2010-12-02 02:58 . 2010-05-06 09:21 105488 ----a-w- c:\windows\system32\drivers\AtiHdmi.sys
    2010-12-02 02:58 . 2010-12-02 02:58 0 ----a-w- c:\windows\ativpsrm.bin
    2010-12-02 02:57 . 2006-11-02 12:21 319456 ----a-w- c:\windows\system32\Difxapi.dll
    2010-12-02 02:57 . 2010-10-27 10:14 52736 ----a-w- c:\windows\system32\coinst.dll
    2010-12-02 02:56 . 2010-12-02 02:59 -------- d-----w- c:\program files\ATI Technologies
    2010-12-02 02:56 . 2010-12-02 02:56 -------- d-----w- c:\program files\ATI
    2010-12-02 02:46 . 2007-09-17 16:07 753664 ----a-w- c:\windows\system32\nvcplui.exe
    2010-12-02 02:46 . 2007-09-17 16:07 413696 ----a-w- c:\windows\system32\nvcpl.cpl
    2010-12-02 02:46 . 2007-09-17 16:07 307200 ----a-w- c:\windows\system32\nvexpbar.dll
    2010-12-02 02:46 . 2007-09-17 16:07 1073152 ----a-w- c:\windows\system32\nvcpluir.dll
    2010-12-02 02:25 . 2010-12-02 02:25 -------- d-----w- c:\users\admin\AppData\Roaming\kikin
    2010-12-02 02:25 . 2010-12-02 02:25 -------- d-----w- c:\program files\kikin
    2010-12-02 02:25 . 2010-12-02 02:25 -------- d-----w- c:\users\admin\AppData\Local\OpenCandy
    2010-12-02 02:25 . 2010-12-02 02:25 -------- d-----w- c:\users\admin\AppData\Roaming\OpenCandy
    2010-12-02 02:25 . 2010-12-02 02:25 -------- d-----w- c:\program files\Phyxion.net
    2010-12-02 02:23 . 2010-12-02 02:23 -------- d-----w- c:\program files\oZone3D
    2010-12-01 16:53 . 2010-12-01 16:53 -------- d-----w- c:\program files\MSXML 4.0
    2010-12-01 16:31 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
    2010-12-01 03:22 . 2010-12-04 05:22 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2010-12-01 03:22 . 2010-12-01 03:22 -------- d-----w- c:\program files\Hitman Pro 3.5
    2010-12-01 03:21 . 2010-12-01 03:26 -------- d-----w- c:\programdata\Hitman Pro
    2010-11-30 02:08 . 2010-12-04 02:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-11-29 02:40 . 2010-11-29 02:40 -------- d-----w- c:\users\admin\AppData\Roaming\Malwarebytes
    2010-11-29 02:39 . 2010-11-29 02:39 -------- d-----w- c:\programdata\Malwarebytes
    2010-11-27 21:20 . 2010-11-27 21:20 -------- d-----w- c:\program files\Intel
    2010-11-27 21:20 . 2010-11-27 21:20 -------- d-----w- C:\Intel
    2010-11-27 20:58 . 2007-09-17 08:07 521128 ----a-w- c:\windows\system32\dpinst.exe
    2010-11-27 04:57 . 2010-11-29 02:13 -------- d-----w- c:\users\admin\AppData\Roaming\.ABC
    2010-11-27 04:56 . 2010-11-27 04:56 -------- d-----w- c:\program files\ABC
    2010-11-27 04:27 . 2010-11-27 04:27 -------- d-----w- c:\windows\The Fall Trilogy
    2010-11-27 04:27 . 2010-11-27 04:27 -------- d-----w- c:\program files\The Fall Trilogy
    2010-11-27 01:48 . 2010-11-27 01:48 -------- d-----w- c:\program files\Youdagames
    2010-11-27 01:40 . 2010-11-27 01:41 -------- d-----w- c:\program files\Roads of Rome
    2010-11-27 00:24 . 2010-11-27 00:26 -------- d-----w- c:\users\admin\AppData\Roaming\Realore_Whiterra Roads Of Rome
    2010-11-27 00:24 . 2010-12-03 20:01 -------- d-----w- c:\programdata\Youdagames
    2010-11-26 03:15 . 2010-11-26 03:15 -------- d-----w- c:\program files\Youda Marina
    2010-11-26 03:15 . 2010-11-26 03:15 -------- d-----w- c:\windows\Youda Marina
    2010-11-24 02:29 . 2010-11-24 02:29 -------- d-----w- c:\users\admin\AppData\Local\Mozilla
    2010-11-24 02:07 . 2003-11-11 02:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
    2010-11-24 02:07 . 2003-11-11 02:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
    2010-11-24 02:07 . 2003-11-11 02:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
    2010-11-24 02:07 . 2003-11-11 02:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
    2010-11-24 02:07 . 2003-11-11 02:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
    2010-11-24 02:07 . 2010-11-24 02:07 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
    2010-11-24 02:07 . 2010-11-24 02:07 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
    2010-11-24 02:06 . 2010-11-24 02:06 45056 ----a-r- c:\users\admin\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
    2010-11-24 02:06 . 2010-11-24 02:06 -------- d-----w- c:\windows\system32\vmm32
    2010-11-24 02:06 . 2010-11-24 02:06 -------- d-----w- c:\program files\Dell
    2010-11-18 02:17 . 2010-11-18 02:17 -------- d-----w- c:\users\admin\AppData\Local\Ahead
    2010-11-18 02:15 . 2010-11-18 02:15 -------- d-----w- c:\users\admin\AppData\Roaming\Nero
    2010-11-18 02:13 . 2010-11-18 02:13 -------- d-----w- c:\programdata\Nero
    2010-11-18 02:13 . 2010-11-18 02:13 -------- d-----w- c:\program files\Nero
    2010-11-18 02:12 . 2010-11-18 02:14 -------- d-----w- c:\program files\Common Files\Nero
    2010-11-15 04:24 . 2003-03-16 07:15 90112 ----a-w- c:\windows\unvise32.exe
    2010-11-15 04:23 . 2010-11-15 04:24 -------- d-----w- c:\program files\DivX
    2010-11-15 02:56 . 2010-09-08 23:36 10833920 ----a-w- c:\windows\system32\libmfxsw32.dll
    2010-11-15 02:56 . 2010-09-08 23:36 10915840 ----a-w- c:\windows\system32\libmfxhw32.dll
    2010-11-15 02:11 . 2010-11-15 02:11 -------- d-----w- c:\users\admin\AppData\Roaming\Pavtube
    2010-11-15 02:09 . 2010-11-15 02:11 -------- d-----w- c:\users\admin\AppData\Roaming\GetRightToGo
    2010-11-14 23:17 . 2010-11-15 03:01 -------- d-----w- c:\users\admin\AppData\Roaming\AVS4YOU
    2010-11-14 23:17 . 2010-11-14 23:17 -------- d-----w- c:\programdata\AVS4YOU
    2010-11-14 23:14 . 2010-11-15 02:57 -------- d-----w- c:\program files\Common Files\AVSMedia
    2010-11-14 23:14 . 2007-02-28 02:36 974848 ----a-w- c:\windows\system32\mfc70.dll
    2010-11-14 23:14 . 2007-02-28 02:36 487424 ----a-w- c:\windows\system32\msvcp70.dll
    2010-11-14 23:14 . 2007-02-28 02:36 344064 ----a-w- c:\windows\system32\msvcr70.dll
    2010-11-14 23:14 . 2010-11-30 04:14 -------- d-----w- c:\program files\AVS4YOU
    2010-11-14 23:14 . 2007-02-28 02:36 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
    2010-11-14 23:14 . 2007-02-28 02:36 24576 ----a-w- c:\windows\system32\msxml3a.dll
    2010-11-14 23:13 . 2010-11-14 23:13 -------- d-----w- c:\program files\AVS Video Converter
    2010-11-14 22:49 . 2010-12-05 00:23 -------- d-----w- c:\users\admin\AppData\Local\CrashDumps
    2010-11-14 21:41 . 2010-11-14 21:41 -------- d-----w- c:\programdata\ArcSoft
    2010-11-14 21:28 . 2010-11-14 21:28 -------- d-----w- c:\users\admin\AppData\Roaming\Moyea
    2010-11-14 21:28 . 2010-11-14 21:28 -------- d-----w- c:\users\admin\AppData\Roaming\leawo
    2010-11-14 21:28 . 2010-11-14 21:28 -------- d-----w- c:\programdata\Leawo
    2010-11-14 21:27 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll
    2010-11-14 20:53 . 2010-11-14 20:53 -------- d-----w- c:\users\admin\AppData\Roaming\Panasonic
    2010-11-14 20:53 . 2010-11-14 20:53 -------- d-----w- c:\users\admin\AppData\Local\ArcSoft
    2010-11-14 20:51 . 2005-02-23 22:58 11776 ----a-w- c:\windows\system32\drivers\afc.sys
    2010-11-14 20:51 . 2010-11-14 20:52 -------- d-----w- c:\program files\Common Files\ArcSoft
    2010-11-14 20:51 . 2010-11-14 20:51 -------- d-----w- c:\windows\system32\MediaImpression Slideshow
    2010-11-14 20:50 . 2010-11-14 20:50 -------- d-----w- c:\program files\ArcSoft
    2010-11-14 20:48 . 2006-02-21 03:17 33408 ----a-w- c:\windows\system32\drivers\cdrbsdrv.sys
    2010-11-14 20:48 . 2007-06-15 20:57 59488 ----a-w- c:\windows\system32\GenSvcInst.exe
    2010-11-14 20:48 . 2007-06-15 20:57 145504 ----a-w- c:\windows\system32\bgsvcgen.exe
    2010-11-14 20:47 . 2008-09-26 05:07 45056 ----a-w- c:\windows\system32\PhDi2.sys
    2010-11-14 20:47 . 2010-11-14 20:47 -------- d-----w- c:\program files\Panasonic
    2010-11-14 20:39 . 2010-11-14 20:39 -------- d-----w- c:\program files\BitPim
    2010-11-14 00:18 . 2010-11-14 00:18 -------- d-----w- c:\programdata\Elaborate Bytes
    2010-11-13 00:34 . 2010-11-13 00:44 -------- d-----w- c:\program files\CloneDVD2
    2010-11-12 23:16 . 2010-11-12 23:17 -------- d-----w- c:\users\admin\AppData\Roaming\Vso
    2010-11-12 23:16 . 2010-11-12 23:16 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
    2010-11-12 23:16 . 2010-11-12 23:16 47360 ----a-w- c:\users\admin\AppData\Roaming\pcouffin.sys
    2010-11-12 23:16 . 2010-11-12 23:30 -------- d-----w- c:\program files\DVDFab 8
    2010-11-12 22:52 . 2010-11-14 00:17 -------- d-----w- c:\program files\SlySoft
    2010-11-12 22:39 . 2008-02-22 11:30 334792 ----a-w- c:\windows\system32\_AxShlEx.dll
    2010-11-12 22:35 . 2010-11-12 22:35 -------- d-----w- c:\program files\Alcohol Soft
    2010-11-11 16:04 . 2010-11-11 16:04 716272 ----a-w- c:\windows\system32\drivers\sptd.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-04 23:54 . 2010-02-10 17:14 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
    2010-12-04 05:39 . 2010-10-30 02:40 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
    2010-11-02 06:02 . 2010-10-30 20:21 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-10-30 22:18 . 2010-10-30 22:18 73728 ----a-r- c:\users\admin\AppData\Roaming\Microsoft\Installer\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\ARPICON.exe
    2010-10-27 11:59 . 2010-10-27 11:59 6573568 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2010-10-27 11:08 . 2010-10-27 11:08 16281600 ----a-w- c:\windows\system32\atioglxx.dll
    2010-10-27 10:55 . 2010-10-27 10:55 143360 ----a-w- c:\windows\system32\atiapfxx.exe
    2010-10-27 10:55 . 2010-10-27 10:55 547328 ----a-w- c:\windows\system32\aticfx32.dll
    2010-10-27 10:52 . 2010-10-27 10:52 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2010-10-27 10:51 . 2010-10-27 10:51 393216 ----a-w- c:\windows\system32\atieclxx.exe
    2010-10-27 10:51 . 2010-10-27 10:51 176128 ----a-w- c:\windows\system32\atiesrxx.exe
    2010-10-27 10:50 . 2010-10-27 10:50 159744 ----a-w- c:\windows\system32\atitmmxx.dll
    2010-10-27 10:50 . 2010-10-27 10:50 356352 ----a-w- c:\windows\system32\atipdlxx.dll
    2010-10-27 10:49 . 2010-10-27 10:49 278528 ----a-w- c:\windows\system32\Oemdspif.dll
    2010-10-27 10:49 . 2010-10-27 10:49 15872 ----a-w- c:\windows\system32\atimuixx.dll
    2010-10-27 10:49 . 2010-10-27 10:49 43520 ----a-w- c:\windows\system32\ati2edxx.dll
    2010-10-27 10:46 . 2010-10-27 10:46 4020736 ----a-w- c:\windows\system32\atidxx32.dll
    2010-10-27 10:35 . 2010-10-27 10:35 46080 ----a-w- c:\windows\system32\aticalrt.dll
    2010-10-27 10:35 . 2010-10-27 10:35 44032 ----a-w- c:\windows\system32\aticalcl.dll
    2010-10-27 10:33 . 2010-10-27 10:33 5441536 ----a-w- c:\windows\system32\aticaldd.dll
    2010-10-27 10:28 . 2010-10-27 10:28 4094464 ----a-w- c:\windows\system32\atiumdag.dll
    2010-10-27 10:14 . 2010-10-27 10:14 249856 ----a-w- c:\windows\system32\atiadlxx.dll
    2010-10-27 10:14 . 2010-10-27 10:14 12800 ----a-w- c:\windows\system32\atiglpxx.dll
    2010-10-27 10:14 . 2010-10-27 10:14 27136 ----a-w- c:\windows\system32\atigktxx.dll
    2010-10-27 10:14 . 2010-10-27 10:14 229888 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2010-10-27 10:13 . 2010-10-27 10:13 30720 ----a-w- c:\windows\system32\atiuxpag.dll
    2010-10-27 10:13 . 2010-10-27 10:13 28672 ----a-w- c:\windows\system32\atiu9pag.dll
    2010-10-27 10:13 . 2010-10-27 10:13 23040 ----a-w- c:\windows\system32\atitmpxx.dll
    2010-10-27 10:12 . 2010-10-27 10:12 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2010-10-27 09:50 . 2010-10-27 09:50 3460096 ----a-w- c:\windows\system32\atiumdva.dll
    2010-10-27 09:37 . 2010-10-27 09:37 52736 ----a-w- c:\windows\system32\atimpc32.dll
    2010-10-27 09:37 . 2010-10-27 09:37 52736 ----a-w- c:\windows\system32\amdpcom32.dll
    2010-10-22 11:43 . 2010-10-22 11:43 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2010-10-22 11:43 . 2010-10-22 11:43 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2010-10-19 18:41 . 2010-10-30 00:19 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-10-05 21:47 . 2010-09-30 00:21 129024 ----a-w- c:\program files\Common Files\Uninstall.exe
    2010-09-16 12:09 . 2010-09-16 12:09 27432 ------w- c:\windows\system32\drivers\ElbyCDIO.sys
    2010-09-15 21:19 . 2010-09-15 21:19 89256 ------w- c:\windows\system32\ElbyCDIO.dll
    2010-09-13 13:56 . 2010-10-29 23:10 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2010-09-08 18:17 . 2010-09-08 18:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 18:17 . 2010-09-08 18:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-09-08 06:01 . 2010-10-29 23:37 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-08 05:57 . 2010-10-29 23:37 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-08 05:57 . 2010-10-29 23:37 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-09-08 05:56 . 2010-10-29 23:37 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-09-08 05:56 . 2010-10-29 23:37 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-09-08 05:04 . 2010-10-29 23:37 385024 ----a-w- c:\windows\system32\html.iec
    2010-09-08 04:26 . 2010-10-29 23:37 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-09-08 04:25 . 2010-10-29 23:37 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-09-06 16:20 . 2010-10-30 01:03 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2010-09-06 16:19 . 2010-10-30 01:03 17920 ----a-w- c:\windows\system32\netevent.dll
    2010-09-06 13:45 . 2010-10-30 01:03 304128 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-09-06 13:45 . 2010-10-30 01:03 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-09-06 13:45 . 2010-10-30 01:03 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
    2010-11-12 16:51 917744 ----a-w- c:\program files\kikin\ie_kikin.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2010-11-12 4608]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-14 1688872]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
    "Google Update"="c:\users\admin\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-12-03 136176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
    "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
    "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-17 86016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8497696]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-17 81920]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-07 98304]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\DRIVERS\swvnic.sys [2009-03-05 21016]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-11 716272]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\SYMDS.SYS [2010-02-04 328752]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\SYMEFA.SYS [2010-04-22 173104]
    S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [2010-11-23 691248]
    S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\ccHPx86.sys [2010-02-26 501888]
    S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101130.001\IDSvix86.sys [2010-10-19 353840]
    S1 SWIPsec;SonicWALL IPsec Driver;c:\windows\system32\Drivers\SWIPsec.sys [2009-03-06 87064]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\Ironx86.SYS [2010-04-29 116784]
    S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS [2010-05-06 339504]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-27 176128]
    S2 N360;Norton 360;c:\program files\Norton 360\Norton 360\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]
    S2 SWGVCSvc;SonicWALL Global VPN Client Service;c:\program files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [2009-03-06 227352]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-27 6573568]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-27 229888]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-11-02 102448]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 30576]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1359485384-3737201983-1324802995-1000Core.job
    - c:\users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-03 01:45]

    2010-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1359485384-3737201983-1324802995-1000UA.job
    - c:\users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-03 01:45]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
    DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
    FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\fdi9ug62.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\users\admin\AppData\Roaming\Mozilla\plugins\npicaN.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    - - - - ORPHANS REMOVED - - - -

    SafeBoot-klmdb.sys



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-04 22:12
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton 360\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2010-12-04 22:14:35
    ComboFix-quarantined-files.txt 2010-12-05 06:14

    Pre-Run: 170,058,649,600 bytes free
    Post-Run: 170,096,394,240 bytes free

    - - End Of File - - 0A60143F6710B9AA0210210EBC6E36E7
  19. Broni

    Broni Malware Annihilator Posts: 45,317   +243

    Combofix log looks fine.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  20. nikkhasnsi

    nikkhasnsi Newcomer, in training Topic Starter Posts: 52

    OTL.txt

    OTL logfile created on: 12/5/2010 9:45:32 AM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\admin\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18975)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
    7.00 Gb Paging File | 6.00 Gb Available in Paging File | 82.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 222.78 Gb Total Space | 145.85 Gb Free Space | 65.47% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 4.76 Gb Free Space | 47.64% Space Free | Partition Type: NTFS
    Drive G: | 7.73 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: HOME | User Name: admin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/12/05 09:43:27 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
    PRC - [2010/11/30 15:02:35 | 000,991,800 | ---- | M] (Google Inc.) -- C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
    PRC - [2010/10/27 02:51:56 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
    PRC - [2010/10/27 02:51:28 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
    PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/05/20 14:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    PRC - [2010/02/25 16:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Norton 360\Engine\4.3.0.5\ccsvchst.exe
    PRC - [2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/04/07 08:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
    PRC - [2009/03/05 22:57:56 | 000,227,352 | ---- | M] (SonicWALL, Inc.) -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
    PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/04/17 14:14:48 | 000,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    PRC - [2008/04/17 14:14:00 | 000,098,616 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    PRC - [2007/12/13 19:10:56 | 001,688,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    PRC - [2007/10/10 19:51:56 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    PRC - [2007/08/23 14:05:00 | 000,045,056 | ---- | M] () -- C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
    PRC - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe
    PRC - [2007/05/28 08:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    PRC - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
    PRC - [2005/10/02 18:56:04 | 000,038,400 | ---- | M] () -- C:\Program Files\ABC\abc.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/12/05 09:43:27 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
    MOD - [2010/11/29 18:00:39 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll
    MOD - [2010/11/29 18:00:39 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll
    MOD - [2010/09/20 11:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Norton 360\Engine\4.3.0.5\asoehook.dll
    MOD - [2010/08/31 07:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/10/27 02:51:28 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
    SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/05/20 14:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
    SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/25 16:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Norton 360\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
    SRV - [2009/09/24 17:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2009/03/05 22:57:56 | 000,227,352 | ---- | M] (SonicWALL, Inc.) [Auto | Running] -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe -- (SWGVCSvc)
    SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/04/17 14:14:48 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2008/01/20 18:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/08/23 14:05:00 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\MagicTune Premium\MagicTuneEngine.exe -- (MagicTuneEngine)
    SRV - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)
    SRV - [2007/05/28 08:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
    SRV - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\admin\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2010/11/22 18:20:07 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101123.003\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2010/11/11 08:04:43 | 000,716,272 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2010/11/01 22:04:34 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101204.002\NAVEX15.SYS -- (NAVEX15)
    DRV - [2010/11/01 22:04:34 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101204.002\NAVENG.SYS -- (NAVENG)
    DRV - [2010/11/01 22:04:33 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2010/11/01 22:04:33 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2010/11/01 22:02:25 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2010/10/27 03:59:16 | 006,573,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
    DRV - [2010/10/27 02:14:04 | 000,229,888 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
    DRV - [2010/10/19 12:36:22 | 000,353,840 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101130.001\IDSvix86.sys -- (IDSVix86)
    DRV - [2010/09/16 04:09:44 | 000,027,432 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV - [2010/05/20 14:27:24 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
    DRV - [2010/05/06 01:21:36 | 000,105,488 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV - [2010/05/05 20:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS -- (SYMTDIv)
    DRV - [2010/04/28 21:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)
    DRV - [2010/04/21 19:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)
    DRV - [2010/04/21 18:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)
    DRV - [2010/04/21 18:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV - [2010/02/25 16:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)
    DRV - [2010/02/03 17:40:47 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)
    DRV - [2009/04/10 20:42:56 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2009/03/05 22:58:12 | 000,087,064 | ---- | M] (SonicWALL, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SWIPsec.sys -- (SWIPsec)
    DRV - [2009/03/04 17:03:32 | 000,021,016 | ---- | M] (SonicWALL, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWVNIC.sys -- (SWVNIC)
    DRV - [2008/11/16 17:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
    DRV - [2008/11/11 12:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
    DRV - [2008/11/11 12:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
    DRV - [2008/11/11 12:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
    DRV - [2008/01/20 18:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
    DRV - [2008/01/20 18:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2008/01/20 18:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2008/01/20 18:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2008/01/20 18:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2008/01/20 18:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2008/01/20 18:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2008/01/20 18:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
    DRV - [2008/01/20 18:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2008/01/20 18:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2008/01/20 18:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2008/01/20 18:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2008/01/20 18:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2008/01/20 18:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2008/01/20 18:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2008/01/20 18:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2008/01/20 18:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2008/01/20 18:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2008/01/20 18:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2008/01/20 18:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2008/01/20 18:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2008/01/20 18:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2008/01/20 18:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2008/01/20 18:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2007/09/17 08:07:00 | 007,624,192 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2007/02/15 16:56:49 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyDelay.sys -- (ElbyDelay)
    DRV - [2006/11/02 01:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 01:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 01:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 01:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 01:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 01:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 01:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 01:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 01:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 01:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 00:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 00:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 00:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 00:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 00:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 00:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/01 23:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
    DRV - [2006/02/20 19:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
    DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
    FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
    FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"
    FF - prefs.js..network.proxy.type: 0


    FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\ [2010/11/04 08:42:51 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\ [2010/11/01 22:02:35 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/23 18:29:43 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/23 18:29:41 | 000,000,000 | ---D | M]

    [2010/11/23 18:30:01 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Mozilla\Extensions
    [2010/12/01 21:38:37 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\fdi9ug62.default\extensions
    [2010/11/26 16:09:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\fdi9ug62.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/12/01 21:38:38 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\fdi9ug62.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2010/12/01 18:25:47 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\fdi9ug62.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
    [2010/12/01 21:44:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/12/01 21:44:24 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

    O1 HOSTS File: ([2010/12/04 22:12:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Norton 360\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll (kikin)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
    O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe ()
    O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
    O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll (kikin)
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)
    O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2009/08/21 05:52:11 | 000,000,027 | R--- | M] () - G:\Autorun.inf -- [ UDF ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\System32\divx.dll (DivXNetworks, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/12/05 09:43:29 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
    [2010/12/04 23:49:46 | 000,000,000 | ---D | C] -- C:\Windows\TEMP
    [2010/12/04 22:22:59 | 000,000,000 | ---D | C] -- C:\Movies
    [2010/12/04 22:14:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2010/12/04 22:06:11 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2010/12/04 22:06:11 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2010/12/04 22:06:11 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2010/12/04 22:05:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2010/12/04 22:05:56 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2010/12/04 22:05:40 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/12/04 22:05:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2010/12/04 16:28:07 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\My Games
    [2010/12/04 12:08:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
    [2010/12/03 22:17:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive
    [2010/12/03 22:17:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
    [2010/12/03 21:59:15 | 000,000,000 | ---D | C] -- C:\Program Files\Volition Inc
    [2010/12/03 17:05:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
    [2010/12/03 12:04:09 | 000,000,000 | ---D | C] -- C:\ProgramData\TheFallTrilogy
    [2010/12/02 17:45:38 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Google
    [2010/12/02 17:45:12 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Deployment
    [2010/12/02 17:45:12 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Apps
    [2010/12/01 21:44:57 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\skypePM
    [2010/12/01 21:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2010/12/01 21:44:01 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
    [2010/12/01 21:44:00 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Skype
    [2010/12/01 21:43:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
    [2010/12/01 21:40:06 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Yahoo
    [2010/12/01 21:38:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
    [2010/12/01 21:38:22 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Yahoo!
    [2010/12/01 21:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
    [2010/12/01 21:37:21 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
    [2010/12/01 19:04:21 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\ATI
    [2010/12/01 19:04:21 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\ATI
    [2010/12/01 19:04:21 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
    [2010/12/01 18:58:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
    [2010/12/01 18:57:33 | 000,052,736 | ---- | C] (AMD) -- C:\Windows\System32\coinst.dll
    [2010/12/01 18:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
    [2010/12/01 18:56:46 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
    [2010/12/01 18:25:46 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\kikin
    [2010/12/01 18:25:46 | 000,000,000 | ---D | C] -- C:\Program Files\kikin
    [2010/12/01 18:25:37 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\OpenCandy
    [2010/12/01 18:25:34 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\OpenCandy
    [2010/12/01 18:25:32 | 000,000,000 | ---D | C] -- C:\Program Files\Phyxion.net
    [2010/12/01 18:23:13 | 000,000,000 | ---D | C] -- C:\Program Files\oZone3D
    [2010/12/01 08:53:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
    [2010/11/30 19:22:30 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
    [2010/11/30 19:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
    [2010/11/29 18:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/11/29 18:07:33 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\WinRAR
    [2010/11/29 18:07:06 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
    [2010/11/28 18:40:01 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes
    [2010/11/28 18:39:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/11/27 13:20:55 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
    [2010/11/27 13:20:40 | 000,000,000 | ---D | C] -- C:\Intel
    [2010/11/26 20:57:43 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\.ABC
    [2010/11/26 20:56:48 | 000,000,000 | ---D | C] -- C:\Program Files\ABC
    [2010/11/26 20:27:59 | 000,000,000 | ---D | C] -- C:\Windows\The Fall Trilogy
    [2010/11/26 20:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\The Fall Trilogy
    [2010/11/26 17:48:10 | 000,000,000 | ---D | C] -- C:\Program Files\Youdagames
    [2010/11/26 17:40:48 | 000,000,000 | ---D | C] -- C:\Program Files\Roads of Rome
    [2010/11/26 16:24:37 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Realore_Whiterra Roads Of Rome
    [2010/11/26 16:24:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Youdagames
    [2010/11/25 19:15:00 | 000,000,000 | ---D | C] -- C:\Windows\Youda Marina
    [2010/11/25 19:15:00 | 000,000,000 | ---D | C] -- C:\Program Files\Youda Marina
    [2010/11/23 18:29:48 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Mozilla
    [2010/11/23 18:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2010/11/23 18:06:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\vmm32
    [2010/11/23 18:06:13 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
    [2010/11/17 18:17:17 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Ahead
    [2010/11/17 18:15:53 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Nero
    [2010/11/17 18:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
    [2010/11/17 18:13:00 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
    [2010/11/17 18:12:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
    [2010/11/14 20:24:00 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
    [2010/11/14 20:23:28 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
    [2010/11/14 19:03:32 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\AVS4YOU
    [2010/11/14 18:11:47 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\Pavtube
    [2010/11/14 18:11:47 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Pavtube
    [2010/11/14 18:09:52 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\GetRightToGo
    [2010/11/14 18:05:14 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\Emicsoft Studio
    [2010/11/14 15:17:09 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\AVS4YOU
    [2010/11/14 15:17:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
    [2010/11/14 15:14:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
    [2010/11/14 15:14:32 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
    [2010/11/14 15:13:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVS Video Converter
    [2010/11/14 14:49:12 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\CrashDumps
    [2010/11/14 13:41:45 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
    [2010/11/14 13:28:09 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Moyea
    [2010/11/14 13:28:07 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\Leawo
    [2010/11/14 13:28:07 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\leawo
    [2010/11/14 13:28:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Leawo
    [2010/11/14 13:02:26 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2010/11/14 13:02:20 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
    [2010/11/14 12:53:42 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Panasonic
    [2010/11/14 12:53:35 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\ArcSoft
    [2010/11/14 12:51:42 | 000,011,776 | ---- | C] (Arcsoft, Inc.) -- C:\Windows\System32\drivers\afc.sys
    [2010/11/14 12:51:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
    [2010/11/14 12:51:31 | 000,126,976 | ---- | C] (ArcSoft Inc.) -- C:\Windows\System32\MediaImpression Slideshow.scr
    [2010/11/14 12:51:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\MediaImpression Slideshow
    [2010/11/14 12:50:58 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
    [2010/11/14 12:48:05 | 000,033,408 | ---- | C] (B.H.A Corporation) -- C:\Windows\System32\drivers\cdrbsdrv.sys
    [2010/11/14 12:48:04 | 000,145,504 | ---- | C] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe
    [2010/11/14 12:48:04 | 000,059,488 | ---- | C] (B.H.A Corporation) -- C:\Windows\System32\GenSvcInst.exe
    [2010/11/14 12:47:22 | 000,045,056 | ---- | C] (Matsushita Electric Industrial Co., Ltd.) -- C:\Windows\System32\PhDi2.sys
    [2010/11/14 12:47:17 | 000,000,000 | ---D | C] -- C:\Program Files\Panasonic
    [2010/11/14 12:39:21 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\bitpim
    [2010/11/14 12:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\BitPim
    [2010/11/13 16:18:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Elaborate Bytes
    [2010/11/12 16:34:07 | 000,000,000 | ---D | C] -- C:\Program Files\CloneDVD2
    [2010/11/12 15:28:38 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\DVDFab
    [2010/11/12 15:16:44 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\admin\AppData\Roaming\pcouffin.sys
    [2010/11/12 15:16:44 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Vso
    [2010/11/12 15:16:44 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\PcSetup
    [2010/11/12 15:16:35 | 000,000,000 | ---D | C] -- C:\Program Files\DVDFab 8
    [2010/11/12 14:52:51 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft
    [2010/11/12 14:39:07 | 000,334,792 | ---- | C] (Alcohol Soft Development Team) -- C:\Windows\System32\_AxShlEx.dll
    [2010/11/12 14:35:25 | 000,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft
    [2010/11/11 08:01:05 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\AnyDVDHD
    [2010/11/11 07:45:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft
    [2010/11/11 07:40:15 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Adobe
    [2010/11/11 07:39:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
    [2010/11/11 07:39:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
    [2010/11/11 07:39:14 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
    [2010/11/10 17:43:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
    [2010/11/07 14:35:24 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Microsoft Games
    [2010/11/06 10:11:19 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Apple Computer
    [2010/11/06 10:11:18 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Apple Computer
    [2010/11/06 10:09:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/11/06 10:09:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010/11/06 10:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/11/06 09:56:42 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2010/11/06 09:56:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
    [2010/11/06 09:56:29 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Apple
    [2010/11/06 09:56:26 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2010/11/06 09:53:57 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2010/11/06 09:53:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
    [2010/11/06 09:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
    [2010/11/05 12:51:41 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Epson
    [2010/11/05 10:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
    [2010/11/05 10:15:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
    [2010/11/05 10:11:24 | 000,000,000 | ---D | C] -- C:\Program Files\Epson Software
    [2010/11/05 10:10:37 | 000,000,000 | ---D | C] -- C:\Program Files\epson
    [2010/11/05 10:04:14 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
    [2010/09/29 16:21:30 | 000,129,024 | ---- | C] (Fp6t7DQi84YsPx2m1S0) -- C:\Program Files\Common Files\Uninstall.exe
  21. nikkhasnsi

    nikkhasnsi Newcomer, in training Topic Starter Posts: 52

    OTl.txt (cont)

    ========== Files - Modified Within 30 Days ==========

    [2010/12/05 09:46:15 | 001,827,150 | ---- | M] () -- C:\Windows\System32\drivers\N360\0403000.005\Cat.DB
    [2010/12/05 09:43:31 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
    [2010/12/05 09:43:27 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
    [2010/12/05 09:43:23 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/12/05 09:43:23 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/12/05 09:37:08 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/12/05 09:37:07 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/12/05 09:37:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/12/05 09:37:01 | 3485,667,328 | -HS- | M] () -- C:\hiberfil.sys
    [2010/12/05 00:50:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1359485384-3737201983-1324802995-1000UA.job
    [2010/12/04 23:36:43 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
    [2010/12/04 23:36:42 | 000,040,448 | ---- | M] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/12/04 22:12:39 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2010/12/04 21:56:07 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1359485384-3737201983-1324802995-1000Core.job
    [2010/12/04 15:54:07 | 000,013,415 | ---- | M] () -- C:\Users\admin\Desktop\x3daudio1_7.zip
    [2010/12/04 13:38:21 | 000,017,963 | ---- | M] () -- C:\Users\admin\Desktop\5570.gif
    [2010/12/03 18:07:18 | 000,000,993 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Alcohol 120%.lnk
    [2010/12/02 18:00:11 | 371,780,828 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2010/12/02 17:46:33 | 000,002,006 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2010/12/02 17:41:12 | 053,123,856 | ---- | M] () -- C:\Users\admin\Desktop\avira_antivir_personal_en.exe
    [2010/12/01 21:44:58 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
    [2010/12/01 21:44:02 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2010/12/01 21:38:04 | 000,000,968 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
    [2010/12/01 18:58:16 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
    [2010/12/01 18:57:53 | 000,001,356 | ---- | M] () -- C:\Users\admin\AppData\Local\d3d9caps.dat
    [2010/12/01 18:14:08 | 000,000,280 | ---- | M] () -- C:\Windows\System32\.crusader
    [2010/11/27 13:00:13 | 016,776,864 | ---- | M] () -- C:\Users\admin\Desktop\R167384.EXE
    [2010/11/27 12:59:39 | 003,892,272 | ---- | M] () -- C:\Users\admin\Desktop\CW1337A0.exe
    [2010/11/27 12:59:28 | 002,192,630 | ---- | M] () -- C:\Users\admin\Desktop\R154069.exe
    [2010/11/26 20:26:35 | 000,000,083 | -HS- | M] () -- C:\ProgramData\.zreglib
    [2010/11/26 16:24:19 | 000,000,552 | ---- | M] () -- C:\Users\admin\AppData\Local\d3d8caps.dat
    [2010/11/23 18:29:44 | 000,001,750 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/11/23 18:29:44 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2010/11/17 18:16:59 | 000,002,536 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
    [2010/11/17 18:16:59 | 000,002,438 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk
    [2010/11/17 18:15:19 | 000,001,024 | ---- | M] () -- C:\Users\admin\.rnd
    [2010/11/15 17:51:47 | 000,232,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010/11/14 13:41:53 | 000,000,026 | ---- | M] () -- C:\UpdaterforApp.ini
    [2010/11/14 13:09:12 | 000,000,940 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2010/11/12 15:16:44 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\admin\AppData\Roaming\pcouffin.sys
    [2010/11/12 15:16:44 | 000,007,887 | ---- | M] () -- C:\Users\admin\AppData\Roaming\pcouffin.cat
    [2010/11/12 15:16:44 | 000,001,144 | ---- | M] () -- C:\Users\admin\AppData\Roaming\pcouffin.inf
    [2010/11/12 15:16:42 | 000,000,766 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab 8.lnk
    [2010/11/11 08:04:43 | 000,716,272 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys
    [2010/11/11 07:39:25 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
    [2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\Windows\MBR.exe
    [2010/11/05 10:10:42 | 000,000,767 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
    [2010/11/05 09:49:23 | 000,002,316 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk

    ========== Files Created - No Company Name ==========

    [2010/12/04 22:34:46 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2010/12/04 22:06:11 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2010/12/04 22:06:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2010/12/04 22:06:11 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2010/12/04 22:06:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2010/12/04 22:06:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2010/12/04 15:54:13 | 000,013,415 | ---- | C] () -- C:\Users\admin\Desktop\x3daudio1_7.zip
    [2010/12/04 13:38:21 | 000,017,963 | ---- | C] () -- C:\Users\admin\Desktop\5570.gif
    [2010/12/03 18:07:18 | 000,000,993 | ---- | C] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Alcohol 120%.lnk
    [2010/12/02 17:46:32 | 000,002,006 | ---- | C] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2010/12/02 17:45:43 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1359485384-3737201983-1324802995-1000UA.job
    [2010/12/02 17:45:41 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1359485384-3737201983-1324802995-1000Core.job
    [2010/12/02 17:41:10 | 053,123,856 | ---- | C] () -- C:\Users\admin\Desktop\avira_antivir_personal_en.exe
    [2010/12/01 21:44:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/12/01 21:44:02 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
    [2010/12/01 21:38:03 | 000,000,968 | ---- | C] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
    [2010/12/01 19:01:18 | 3485,667,328 | -HS- | C] () -- C:\hiberfil.sys
    [2010/12/01 18:58:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2010/12/01 18:14:08 | 000,000,280 | ---- | C] () -- C:\Windows\System32\.crusader
    [2010/11/30 19:22:31 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
    [2010/11/27 13:00:13 | 016,776,864 | ---- | C] () -- C:\Users\admin\Desktop\R167384.EXE
    [2010/11/27 12:59:34 | 003,892,272 | ---- | C] () -- C:\Users\admin\Desktop\CW1337A0.exe
    [2010/11/27 12:59:22 | 002,192,630 | ---- | C] () -- C:\Users\admin\Desktop\R154069.exe
    [2010/11/26 16:24:19 | 000,000,552 | ---- | C] () -- C:\Users\admin\AppData\Local\d3d8caps.dat
    [2010/11/23 18:37:05 | 000,009,596 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
    [2010/11/23 18:29:44 | 000,001,750 | ---- | C] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/11/23 18:29:43 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2010/11/23 18:17:33 | 371,780,828 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2010/11/20 19:06:43 | 000,001,356 | ---- | C] () -- C:\Users\admin\AppData\Local\d3d9caps.dat
    [2010/11/17 18:16:59 | 000,002,536 | ---- | C] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
    [2010/11/17 18:16:59 | 000,002,438 | ---- | C] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk
    [2010/11/17 18:15:17 | 000,001,024 | ---- | C] () -- C:\Users\admin\.rnd
    [2010/11/14 13:41:53 | 000,000,026 | ---- | C] () -- C:\UpdaterforApp.ini
    [2010/11/14 13:27:22 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2010/11/14 13:09:12 | 000,000,940 | ---- | C] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2010/11/14 12:49:50 | 000,006,442 | ---- | C] () -- C:\Windows\System32\EPPICLocal_IT.cfg
    [2010/11/14 12:49:50 | 000,006,335 | ---- | C] () -- C:\Windows\System32\EPPICLocal_GE.cfg
    [2010/11/14 12:49:50 | 000,006,122 | ---- | C] () -- C:\Windows\System32\EPPICLocal_DU.cfg
    [2010/11/14 12:49:50 | 000,005,817 | ---- | C] () -- C:\Windows\System32\EPPICLocal_KO.cfg
    [2010/11/14 12:49:50 | 000,005,436 | ---- | C] () -- C:\Windows\System32\EPPICLocal_SC.cfg
    [2010/11/14 12:49:50 | 000,002,889 | ---- | C] () -- C:\Windows\System32\EPPICLocal_RU.cfg
    [2010/11/14 12:49:50 | 000,002,426 | ---- | C] () -- C:\Windows\System32\EPPICLocal_TC.cfg
    [2010/11/14 12:49:50 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
    [2010/11/14 12:49:50 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
    [2010/11/14 12:49:50 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
    [2010/11/12 15:17:18 | 000,000,034 | ---- | C] () -- C:\Users\admin\AppData\Roaming\pcouffin.log
    [2010/11/12 15:16:44 | 000,007,887 | ---- | C] () -- C:\Users\admin\AppData\Roaming\pcouffin.cat
    [2010/11/12 15:16:44 | 000,001,144 | ---- | C] () -- C:\Users\admin\AppData\Roaming\pcouffin.inf
    [2010/11/12 15:16:42 | 000,000,766 | ---- | C] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab 8.lnk
    [2010/11/12 15:00:12 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib
    [2010/11/11 08:04:43 | 000,716,272 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
    [2010/11/11 07:39:24 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
    [2010/11/10 17:41:32 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
    [2010/11/10 17:41:32 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
    [2010/11/10 17:41:32 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
    [2010/11/05 10:11:20 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
    [2010/11/05 10:11:20 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
    [2010/11/05 10:11:20 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
    [2010/11/05 10:11:20 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
    [2010/11/05 10:11:20 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
    [2010/11/05 10:11:20 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
    [2010/11/05 10:11:20 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
    [2010/11/05 10:11:20 | 000,013,732 | ---- | C] () -- C:\Windows\System32\EPPICLocal_EN.cfg
    [2010/11/05 10:11:20 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
    [2010/11/05 10:11:20 | 000,006,347 | ---- | C] () -- C:\Windows\System32\EPPICLocal_PT.cfg
    [2010/11/05 10:11:20 | 000,006,347 | ---- | C] () -- C:\Windows\System32\EPPICLocal_BP.cfg
    [2010/11/05 10:11:20 | 000,006,195 | ---- | C] () -- C:\Windows\System32\EPPICLocal_FR.cfg
    [2010/11/05 10:11:20 | 000,006,195 | ---- | C] () -- C:\Windows\System32\EPPICLocal_CF.cfg
    [2010/11/05 10:11:20 | 000,006,103 | ---- | C] () -- C:\Windows\System32\EPPICLocal_ES.cfg
    [2010/11/05 10:11:20 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
    [2010/11/05 10:11:20 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
    [2010/11/05 10:11:20 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
    [2010/11/05 10:11:20 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
    [2010/11/05 10:11:20 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
    [2010/11/05 10:11:20 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
    [2010/11/05 10:11:20 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
    [2010/11/05 10:11:20 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
    [2010/11/05 10:10:42 | 000,000,767 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
    [2010/10/29 18:40:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2010/10/29 15:50:56 | 000,040,448 | ---- | C] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/10/27 02:13:04 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
    [2009/08/07 19:51:34 | 000,178,430 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
    [2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

    ========== LOP Check ==========

    [2010/11/28 18:13:36 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\.ABC
    [2010/11/05 13:25:33 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Epson
    [2010/11/14 18:11:24 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\GetRightToGo
    [2010/12/01 18:25:56 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\kikin
    [2010/11/14 13:28:09 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\leawo
    [2010/11/14 13:28:09 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Moyea
    [2010/12/01 18:25:34 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\OpenCandy
    [2010/11/14 12:53:43 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Panasonic
    [2010/11/14 18:11:47 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Pavtube
    [2010/11/12 15:17:18 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Vso
    [2010/12/03 12:01:27 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\YoudaGames
    [2010/12/05 01:07:46 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/10 22:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2010/10/29 13:44:51 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2010/12/04 22:14:36 | 000,024,287 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 13:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2008/03/12 00:28:03 | 000,004,795 | RH-- | M] () -- C:\dell.sdr
    [2010/12/05 09:37:01 | 3485,667,328 | -HS- | M] () -- C:\hiberfil.sys
    [2010/06/06 14:00:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/06/06 14:00:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2010/12/05 09:37:00 | 3801,366,528 | -HS- | M] () -- C:\pagefile.sys
    [2010/11/14 13:41:53 | 000,000,026 | ---- | M] () -- C:\UpdaterforApp.ini

    < %systemroot%\Fonts\*.com >
    [2006/11/02 04:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 04:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 04:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2010/10/29 18:53:33 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 13:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/11/02 04:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/20 18:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/01/20 19:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/01/20 19:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/01/20 19:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 02:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 02:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/11/14 13:41:27 | 000,000,928 | -HS- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/12/02 17:41:12 | 053,123,856 | ---- | M] () -- C:\Users\admin\Desktop\avira_antivir_personal_en.exe
    [2010/11/27 12:59:39 | 003,892,272 | ---- | M] () -- C:\Users\admin\Desktop\CW1337A0.exe
    [2010/12/05 09:43:27 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
    [2010/11/27 12:59:28 | 002,192,630 | ---- | M] () -- C:\Users\admin\Desktop\R154069.exe
    [2010/11/27 13:00:13 | 016,776,864 | ---- | M] () -- C:\Users\admin\Desktop\R167384.EXE

    < %PROGRAMFILES%\Common Files\*.* >
    [2010/10/05 13:47:54 | 000,129,024 | ---- | M] (Fp6t7DQi84YsPx2m1S0) -- C:\Program Files\Common Files\Uninstall.exe

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2010/11/23 18:39:53 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
    [2010/11/23 18:39:23 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
    [2010/11/23 18:39:23 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
    [2010/11/23 18:39:23 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
    [2010/11/23 18:39:23 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
    [2010/11/23 18:39:23 | 001,056,768 | ---- | M] (NVIDIA Corporation) -- C:\Windows\security\database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/11/14 13:41:30 | 000,000,402 | -HS- | M] () -- C:\Users\admin\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/11/26 20:26:35 | 000,000,083 | -HS- | M] () -- C:\ProgramData\.zreglib

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_PVX2VCGFMVF9FFN4TK1RVLNGCMLLJG7JYKLPYUKVM9VMVFVVR4TP
    @Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_PVX2V6GFMVF9KFNYTKBRVLNGCMPVJDKJ9F11HELPS9UTTAWNNJ2VL1J55TYFXM4CFLLP5T68H06VCEVXGVMVK5VRJKT
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E9DC8DCB
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:FFE0B1EF

    < End of report >
  22. nikkhasnsi

    nikkhasnsi Newcomer, in training Topic Starter Posts: 52

    Extra.txt

    OTL Extras logfile created on: 12/5/2010 9:45:32 AM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\admin\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18975)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
    7.00 Gb Paging File | 6.00 Gb Available in Paging File | 82.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 222.78 Gb Total Space | 145.85 Gb Free Space | 65.47% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 4.76 Gb Free Space | 47.64% Space Free | Partition Type: NTFS
    Drive G: | 7.73 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: HOME | User Name: admin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{03531DFA-6ADC-44BC-93A9-18B41DBA2DF7}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{08C5657B-A983-4FCD-85EC-1443A8122E63}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
    "{176A7037-0511-44D9-8D7E-42C8A4AD1437}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
    "{1AA8469B-B1EA-47EF-8BB9-E67D0B090F1B}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{271634F4-3370-46A0-9874-5E6B283B0EAF}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
    "{36BBC98F-F398-4E0F-809D-616C8B89BF8C}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
    "{3B7CC63C-19FF-4DEC-B8DF-A20807F40CA5}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
    "{404A8008-686D-4EE3-BFC2-514B56032B9D}" = protocol=17 | dir=in | app=c:\program files\sonicwall\sonicwall global vpn client\swgvc.exe |
    "{477B6B93-7D06-4690-B0FA-194F5CA7E3C1}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
    "{539E7823-D429-402C-B6D5-A764A2897ED4}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
    "{66BDB4C5-DB58-46E7-94F7-F8A6F3CF9746}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{684D6D40-8A4B-403A-8B8C-B9A6758F885E}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{839F989F-85CC-4A3B-9218-0295C58A08A4}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
    "{9368A231-41A8-4D68-9012-D1EA6C535446}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
    "{A1FA78F7-8139-46A0-853A-5832DB53995A}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
    "{ACCAFAEB-0229-4AEE-9FC5-842308F9DA1F}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
    "{CA24283A-639B-46D3-A083-03036086F17A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{CE2BAE7F-8FE8-45EE-A157-929D416E0B75}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{D8F68515-6F41-4E7D-B180-33784A8A58FD}" = protocol=6 | dir=in | app=c:\program files\sonicwall\sonicwall global vpn client\swgvc.exe |
    "{D9B63DF6-D05E-4B1A-AD11-6DA3194E7171}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
    "{E99D8923-EF00-46EF-9FF0-37DC89198A88}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
    "{F0009A31-34D5-4237-9BB5-B3EE46B9828A}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00FE2654-4377-8F53-55F4-83B70EE44C73}" = CCC Help Dutch
    "{01DD9D3D-FA8A-E148-008D-5CDF1BE8911F}" = CCC Help Korean
    "{02F5BD83-B529-37E3-B5DF-32ABC7EC63C4}" = ccc-core-static
    "{072224C5-0C98-0902-9A71-89D4A8F3E810}" = CCC Help Thai
    "{1229D58B-9185-4F85-71B2-4B34EBF8AD17}" = CCC Help Italian
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = oZone3D.Net FurMark v1.8.2
    "{27C6CB2E-415B-6020-91FC-BA5CE3B912AC}" = CCC Help Russian
    "{29656550-8463-258C-55BA-5C4F7950DBDE}" = CCC Help Portuguese
    "{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
    "{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
    "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
    "{40624553-811E-400E-B69B-38D8926A66BD}" = SonicWALL Global VPN Client
    "{41B21B1F-950E-13FC-57C7-2AC44B196223}" = Catalyst Control Center Graphics Previews Vista
    "{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
    "{48D5DBBA-7B60-B832-59DB-BE252C2E5A23}" = CCC Help Finnish
    "{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
    "{490F45FA-738D-5D4A-6B9D-DC1373ACF794}" = CCC Help Polish
    "{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
    "{53AFCE35-1653-91F4-8991-900731F32111}" = CCC Help Norwegian
    "{568EF3B9-C672-E82A-BCD4-A88072578521}" = CCC Help Swedish
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper version 2.5.0
    "{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
    "{654733F2-22EC-776F-9C2D-CF3C4F578768}" = CCC Help Danish
    "{67ABC7E8-A241-F90D-0B04-5BB03428AF96}" = CCC Help Greek
    "{6AA30800-F713-BB43-EDA2-1C380FE7FD63}" = Catalyst Control Center Localization All
    "{6F235FE4-8EC6-3FAB-1739-A434BFE76E27}" = CCC Help Chinese Standard
    "{7042FC7D-ED2E-4C93-B3AA-63D117D31033}" = Nero 8
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7DCB635C-D999-9496-A6D1-AAABD23A04FD}" = ATI AVIVO Codecs
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{85090727-99E2-F1DC-1589-83D5AC986F3E}" = CCC Help Spanish
    "{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
    "{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
    "{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO HD Edition
    "{9EEA437C-F436-755C-6B39-1840A33F45CF}" = Catalyst Control Center InstallProxy
    "{A05EF3DC-AAFA-6903-433D-0F383F5F4EC3}" = CCC Help German
    "{A317EF8E-66FB-94B6-C4FA-96A0AED1AB2F}" = CCC Help Chinese Traditional
    "{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
    "{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
    "{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1
    "{B2AF5585-FACF-7760-5C68-F2DC6BBACE47}" = CCC Help Czech
    "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
    "{BCA434F2-A541-F63E-890C-F5D14E5B33D0}" = CCC Help English
    "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C4406DB6-A28D-8047-7704-94A8DE7F6A68}" = CCC Help Hungarian
    "{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
    "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D5134D14-A38D-A217-4310-5C8B6DFA08D0}" = HydraVision
    "{D6044256-A309-43B5-9833-D3FAFE2AD24D}" = MagicTune Premium
    "{D79E2563-3FDD-0A62-187A-5BE5F920F317}" = CCC Help Turkish
    "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
    "{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin plugin 2.8
    "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
    "{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
    "{F538505D-D29C-6259-682C-E607D659B4B4}" = Catalyst Control Center Graphics Previews Common
    "{F768C380-A17C-B2DE-77CC-AB35434BE818}" = ccc-utility
    "{F820F894-EC5F-D52A-F862-5B472EAFE69A}" = CCC Help French
    "{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.7
    "{FBD77AF9-B6DA-7383-14D8-FDC7CEBD2ADC}" = ATI Catalyst Install Manager
    "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
    "{FFB4E67D-DEF9-30BC-39F6-E9C1B05539F9}" = CCC Help Japanese
    "{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
    "ABC" = ABC (remove only)
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "AVS Screen Capture_is1" = AVS Screen Capture version 1.1.2
    "AVS Update Manager_is1" = AVS Update Manager 1.0
    "AVS Video Editor_is1" = AVS Video Editor 5
    "AVS Video Recorder_is1" = AVS Video Recorder 2.4
    "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
    "AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
    "CloneDVD2" = CloneDVD2
    "DivX Codec" = DivX Codec
    "DVDFab 8_is1" = DVDFab 8.0.0.5 (25/08/2010)
    "EPSON Scanner" = EPSON Scan
    "EPSON WorkForce 610 Series" = EPSON WorkForce 610 Series Printer Uninstall
    "HitmanPro35" = Hitman Pro 3.5
    "InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
    "N360" = Norton 360
    "NVIDIA Drivers" = NVIDIA Drivers
    "The Fall Trilogy1.0" = The Fall Trilogy
    "WinRAR archiver" = WinRAR archiver
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update
    "Youda Marina1.01" = Youda Marina
    "Youda Survivor 1.00" = Youda Survivor 1.00

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/4/2010 2:17:20 AM | Computer Name = HOME | Source = System Restore | ID = 8193
    Description =

    Error - 12/4/2010 2:17:51 AM | Computer Name = HOME | Source = System Restore | ID = 8193
    Description =

    Error - 12/4/2010 1:53:19 PM | Computer Name = HOME | Source = WinMgmt | ID = 10
    Description =

    Error - 12/4/2010 4:05:03 PM | Computer Name = HOME | Source = System Restore | ID = 8193
    Description =

    Error - 12/4/2010 4:14:38 PM | Computer Name = HOME | Source = WinMgmt | ID = 10
    Description =

    Error - 12/4/2010 7:54:33 PM | Computer Name = HOME | Source = Application Error | ID = 1000
    Description = Faulting application metro2033.exe, version 1.0.0.1, time stamp 0x4b912b1f,
    faulting module X3DAudio1_7.dll, version 6.0.6002.18005, time stamp 0x49e03821,
    exception code 0xc0000135, fault offset 0x00009eed, process id 0x16f4, application
    start time 0x01cb940e4e448e80.

    Error - 12/4/2010 7:54:45 PM | Computer Name = HOME | Source = Application Error | ID = 1000
    Description = Faulting application metro2033.exe, version 1.0.0.1, time stamp 0x4b912b1f,
    faulting module metro2033.exe, version 1.0.0.1, time stamp 0x4b912b1f, exception
    code 0xc0000005, fault offset 0x004b164f, process id 0x1364, application start time
    0x01cb940e9d88daa0.

    Error - 12/4/2010 8:22:48 PM | Computer Name = HOME | Source = Application Error | ID = 1000
    Description = Faulting application metro2033.exe, version 1.0.0.1, time stamp 0x4b912b1f,
    faulting module metro2033.exe, version 1.0.0.1, time stamp 0x4b912b1f, exception
    code 0xc0000005, fault offset 0x003e4f0f, process id 0x176c, application start time
    0x01cb9412884cb590.

    Error - 12/5/2010 3:05:46 AM | Computer Name = HOME | Source = Application Error | ID = 1000
    Description = Faulting application abc.exe, version 0.0.0.0, time stamp 0x431f03f4,
    faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
    0xc0000005, fault offset 0x5be9d84d, process id 0x1024, application start time 0x01cb944a8e9fbfe0.

    Error - 12/5/2010 1:38:43 PM | Computer Name = HOME | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 11/6/2010 2:06:32 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7022
    Description =

    Error - 11/6/2010 2:08:40 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7031
    Description =

    Error - 11/7/2010 1:25:36 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7022
    Description =

    Error - 11/11/2010 11:37:33 AM | Computer Name = HOME | Source = WinDefend | ID = 3006
    Description = %%827 Real-Time Protection agent has encountered an error when taking
    action on spyware or other potentially unwanted software. For more information please
    see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Alureon.V&threatid=152591

    Scan
    ID: {69AE1CF8-F88B-4487-9AF4-1D5FC3623094} User: HOME\admin Name: TrojanDropper:Win32/Alureon.V

    ID:
    152591 Severity ID: 5 Category ID: 37 Path: Alert Type: %%805 Action: %%811 Error Code:
    0x80508025 Error description: To see how to finish removing spyware and other potentially
    unwanted software, see this support article on the Microsoft Security website.

    Error - 11/11/2010 11:40:12 AM | Computer Name = HOME | Source = DCOM | ID = 10005
    Description =

    Error - 11/11/2010 11:40:12 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7009
    Description =

    Error - 11/11/2010 11:40:12 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7000
    Description =

    Error - 11/11/2010 12:02:49 PM | Computer Name = HOME | Source = WinDefend | ID = 3006
    Description = %%827 Real-Time Protection agent has encountered an error when taking
    action on spyware or other potentially unwanted software. For more information please
    see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Alureon.V&threatid=152591

    Scan
    ID: {753E4E4C-2747-4B13-9037-77696AAF97FA} User: HOME\admin Name: TrojanDropper:Win32/Alureon.V

    ID:
    152591 Severity ID: 5 Category ID: 37 Path: Alert Type: %%805 Action: %%811 Error Code:
    0x80508025 Error description: To see how to finish removing spyware and other potentially
    unwanted software, see this support article on the Microsoft Security website.

    Error - 11/12/2010 6:59:52 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7022
    Description =

    Error - 11/12/2010 7:13:09 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7022
    Description =


    < End of report >
  23. nikkhasnsi

    nikkhasnsi Newcomer, in training Topic Starter Posts: 52


    Hitman Pro no longer gives the message and displays that no malware was found.
  24. Broni

    Broni Malware Annihilator Posts: 45,317   +243

    Good :)

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =====================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      @Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_PVX2VCGFMVF9FFN4TK1RVLNGCMLLJG7JYKLPYUKVM9VMV FVVR4TP
      @Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_PVX2V6GFMVF9KFNYTKBRVLNGCMPVJDKJ9F11HELPS9UTT AWNNJ2VL1J55TYFXM4CFLLP5T68H06VCEVXGVMVK5VRJKT
      @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E9DC8DCB
      @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:FFE0B1EF
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ====================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  25. nikkhasnsi

    nikkhasnsi Newcomer, in training Topic Starter Posts: 52

    JavaRa log

    JavaRa 1.16 Removal Log.

    Report follows after line.

    ------------------------------------

    The JavaRa removal process was started on Sun Dec 05 16:27:59 2010

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

    ------------------------------------

    Finished reporting.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.