Solved Suspected malware: google links do not open...please help

[nikkhasnsi]

Hello,

I have seen this topic many time on this forum. My google link do not open correctly and open different sites.

I ran Hitman Pro 3.5. It indicates "Possible variant of of the TDL3 (alias Alureon) rootkit detected"

Cna someone please help me?

Thanks

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[nikkhasnsi]

Welcome aboard
[*][color=red][b]I close my topics if you have not replied in 5 days[/b].[/color] If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
[/list][/QUOTE]

Thanks, I will perfor the steps and let you know. I may require more than 5 days as I can only do these in the evening (after I get home form work) or weekends.

Thanks

 

[Broni]

No problem.
I'm not talking about 5 days overall, but 5 days without a word from you.

 

[nikkhasnsi]

Was able to do 2 steps, well actually 1.

Step 1: I already have Norton
Step 2: Ran TFC. It removed some items from my temp folder, but after reboot it gave some system errors and could not find my setting. I did another reboot and thing were back to normal.

Do all steps have to be done the same day?

 

[nikkhasnsi]

Google Chrome seems to work fine ie the links are working fine. Did the same in IE and the links get redirected.

How come the malware affects IE but not Chrome?

BTW: Not plugging Chrome, tried it for the first time myself.

 

[nikkhasnsi]

Avira Scan results

Avira AntiVir Personal
Report file date: Thursday, December 02, 2010 18:13

Scanning for 3115420 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Normally booted
Username : SYSTEM
Computer name : HOME

Version information:
BUILD.DAT : 10.0.0.592 31823 Bytes 8/9/2010 11:00:00
AVSCAN.EXE : 10.0.3.1 434344 Bytes 8/3/2010 00:09:56
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 21:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 8/3/2010 00:10:00
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 08:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 18:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 04:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 02:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 01:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 20:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 00:10:03
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 00:10:04
VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 00:10:06
VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 01:46:13
VBASE009.VDF : 7.10.13.80 2265600 Bytes 11/2/2010 01:46:15
VBASE010.VDF : 7.10.13.81 2048 Bytes 11/2/2010 01:46:16
VBASE011.VDF : 7.10.13.82 2048 Bytes 11/2/2010 01:46:17
VBASE012.VDF : 7.10.13.83 2048 Bytes 11/2/2010 01:46:17
VBASE013.VDF : 7.10.13.116 147968 Bytes 11/4/2010 01:46:18
VBASE014.VDF : 7.10.13.147 146944 Bytes 11/7/2010 01:46:19
VBASE015.VDF : 7.10.13.180 123904 Bytes 11/9/2010 01:46:20
VBASE016.VDF : 7.10.13.211 122368 Bytes 11/11/2010 01:46:21
VBASE017.VDF : 7.10.13.243 147456 Bytes 11/15/2010 01:46:21
VBASE018.VDF : 7.10.14.15 142848 Bytes 11/17/2010 01:46:22
VBASE019.VDF : 7.10.14.41 134144 Bytes 11/19/2010 01:46:22
VBASE020.VDF : 7.10.14.63 128000 Bytes 11/22/2010 01:46:23
VBASE021.VDF : 7.10.14.87 143872 Bytes 11/24/2010 01:46:24
VBASE022.VDF : 7.10.14.116 140800 Bytes 11/26/2010 01:46:25
VBASE023.VDF : 7.10.14.147 150528 Bytes 11/30/2010 01:46:26
VBASE024.VDF : 7.10.14.148 2048 Bytes 11/30/2010 01:46:26
VBASE025.VDF : 7.10.14.149 2048 Bytes 11/30/2010 01:46:26
VBASE026.VDF : 7.10.14.150 2048 Bytes 11/30/2010 01:46:27
VBASE027.VDF : 7.10.14.151 2048 Bytes 11/30/2010 01:46:27
VBASE028.VDF : 7.10.14.152 2048 Bytes 11/30/2010 01:46:27
VBASE029.VDF : 7.10.14.153 2048 Bytes 11/30/2010 01:46:27
VBASE030.VDF : 7.10.14.154 2048 Bytes 11/30/2010 01:46:27
VBASE031.VDF : 7.10.14.171 115712 Bytes 12/2/2010 01:46:29
Engineversion : 8.2.4.118
AEVDF.DLL : 8.1.2.1 106868 Bytes 8/3/2010 00:09:54
AESCRIPT.DLL : 8.1.3.48 1286524 Bytes 12/3/2010 01:46:42
AESCN.DLL : 8.1.7.2 127349 Bytes 12/3/2010 01:46:40
AESBX.DLL : 8.1.3.2 254324 Bytes 12/3/2010 01:46:44
AERDL.DLL : 8.1.9.2 635252 Bytes 12/3/2010 01:46:38
AEPACK.DLL : 8.2.4.1 512375 Bytes 12/3/2010 01:46:36
AEOFFICE.DLL : 8.1.1.10 201084 Bytes 12/3/2010 01:46:34
AEHEUR.DLL : 8.1.2.50 3101046 Bytes 12/3/2010 01:46:34
AEHELP.DLL : 8.1.16.0 246136 Bytes 12/3/2010 01:46:31
AEGEN.DLL : 8.1.5.0 397685 Bytes 12/3/2010 01:46:31
AEEMU.DLL : 8.1.3.0 393589 Bytes 12/3/2010 01:46:30
AECORE.DLL : 8.1.19.0 196984 Bytes 12/3/2010 01:46:30
AEBB.DLL : 8.1.1.0 53618 Bytes 8/3/2010 00:09:48
AVWINLL.DLL : 10.0.0.0 19304 Bytes 8/3/2010 00:09:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 8/3/2010 00:09:55
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 23:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 8/3/2010 00:09:55
AVSCPLR.DLL : 10.0.3.1 83816 Bytes 8/3/2010 00:09:56
AVARKT.DLL : 10.0.0.14 227176 Bytes 8/3/2010 00:09:54
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 8/3/2010 00:09:55
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 23:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 8/3/2010 00:09:56
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 23:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 22:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 8/3/2010 00:10:08

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, H:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Thursday, December 02, 2010 18:13

Starting search for hidden objects.
While loading the module (AVARKT.DLL) the following error occured:
The file does not exist!
AVARKT.DLL

The scan of running processes will be started
Scan process 'chrome.exe' - '74' Module(s) have been scanned
Scan process 'avscan.exe' - '74' Module(s) have been scanned
Scan process 'avscan.exe' - '35' Module(s) have been scanned
Scan process 'avcenter.exe' - '74' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '41' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '57' Module(s) have been scanned
Scan process 'Explorer.EXE' - '161' Module(s) have been scanned
Scan process 'iPodService.exe' - '40' Module(s) have been scanned
Scan process 'CCC.exe' - '199' Module(s) have been scanned
Scan process 'NMIndexingService.exe' - '45' Module(s) have been scanned
Scan process 'taskmgr.exe' - '42' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '67' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '40' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '55' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '38' Module(s) have been scanned
Scan process 'MOM.exe' - '62' Module(s) have been scanned
Scan process 'avgnt.exe' - '58' Module(s) have been scanned
Scan process 'DllHost.exe' - '28' Module(s) have been scanned
Scan process 'ACDaemon.exe' - '29' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '85' Module(s) have been scanned
Scan process 'EEventManager.exe' - '80' Module(s) have been scanned
Scan process 'ccSvcHst.exe' - '92' Module(s) have been scanned
Scan process 'YahooAUService.exe' - '71' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '68' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'SWGVCSvc.exe' - '42' Module(s) have been scanned
Scan process 'svchost.exe' - '50' Module(s) have been scanned
Scan process 'StarWindServiceAE.exe' - '41' Module(s) have been scanned
Scan process 'svchost.exe' - '46' Module(s) have been scanned
Scan process 'NBService.exe' - '41' Module(s) have been scanned
Scan process 'ccSvcHst.exe' - '151' Module(s) have been scanned
Scan process 'MSCamS32.exe' - '81' Module(s) have been scanned
Scan process 'avshadow.exe' - '36' Module(s) have been scanned
Scan process 'MagicTuneEngine.exe' - '41' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '37' Module(s) have been scanned
Scan process 'bgsvcgen.exe' - '25' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '38' Module(s) have been scanned
Scan process 'avguard.exe' - '69' Module(s) have been scanned
Scan process 'ACService.exe' - '31' Module(s) have been scanned
Scan process 'eEBSVC.exe' - '33' Module(s) have been scanned
Scan process 'taskeng.exe' - '54' Module(s) have been scanned
Scan process 'Dwm.exe' - '44' Module(s) have been scanned
Scan process 'taskeng.exe' - '83' Module(s) have been scanned
Scan process 'svchost.exe' - '66' Module(s) have been scanned
Scan process 'sched.exe' - '59' Module(s) have been scanned
Scan process 'spoolsv.exe' - '95' Module(s) have been scanned
Scan process 'svchost.exe' - '92' Module(s) have been scanned
Scan process 'svchost.exe' - '91' Module(s) have been scanned
Scan process 'atieclxx.exe' - '40' Module(s) have been scanned
Scan process 'SLsvc.exe' - '29' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'AUDIODG.EXE' - '47' Module(s) have been scanned
Scan process 'svchost.exe' - '149' Module(s) have been scanned
Scan process 'svchost.exe' - '82' Module(s) have been scanned
Scan process 'svchost.exe' - '69' Module(s) have been scanned
Scan process 'atiesrxx.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'svchost.exe' - '46' Module(s) have been scanned
Scan process 'winlogon.exe' - '38' Module(s) have been scanned
Scan process 'lsm.exe' - '34' Module(s) have been scanned
Scan process 'lsass.exe' - '65' Module(s) have been scanned
Scan process 'services.exe' - '41' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'wininit.exe' - '34' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'H:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1008' files ).


Starting the file scan:

Begin scan in 'C:\' <OS>
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\QBackup\{FD757D3C-928E-4DF9-A315-4EC0A54B8134}\{BE2681B3-CE5A-4BB5-99F9-847BE310561F}.qbd
[0] Archive type: HIDDEN
[DETECTION] Is the TR/Dropper.Gen Trojan
--> FIL\\\?\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\QBackup\{FD757D3C-928E-4DF9-A315-4EC0A54B8134}\{BE2681B3-CE5A-4BB5-99F9-847BE310561F}.qbd
[DETECTION] Is the TR/Dropper.Gen Trojan
Begin scan in 'D:\' <RECOVERY>
Begin scan in 'H:\'
Search path H:\ could not be opened!
System error [3]: The system cannot find the path specified.

Beginning disinfection:
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\QBackup\{FD757D3C-928E-4DF9-A315-4EC0A54B8134}\{BE2681B3-CE5A-4BB5-99F9-847BE310561F}.qbd
[DETECTION] Is the TR/Dropper.Gen Trojan
[WARNING] The file could not be copied to quarantine!
[WARNING] An exception has been identified!
[WARNING] The file could not be selected for deletion after the restart. Possible cause: Access is denied.

The repair notes were written to the file 'C:\avrescue\rescue.avp'.

============================================================
The file 'C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\QBackup\{FD757D3C-928E-4DF9-A315-4EC0A54B8134}\{BE2681B3-CE5A-4BB5-99F9-847BE310561F}.qbd'
contained a virus or unwanted program 'TR/Dropper.Gen' [trojan]
Action(s) taken:
An error has occurred and the file was not deleted. ErrorID: 26004.
The source file could not be found.
Attempting to perform action using the ARK library.
The file could not be copied to quarantine!
An exception has been identified!
The file could not be selected for deletion after the restart. Possible cause: Access is denied.
===========================================================================
The file 'C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\QBackup\{FD757D3C-928E-4DF9-A315-4EC0A54B8134}\{BE2681B3-CE5A-4BB5-99F9-847BE310561F}.qbd'
contained a virus or unwanted program 'TR/Dropper.Gen' [trojan]
Action(s) taken:
An error has occurred and the file was not deleted. ErrorID: 26003.
The file could not be deleted!
Attempting to perform action using the ARK library.
The file was moved to the quarantine directory under the name '517bdc7b.qua'.

 

[Broni]

Do all steps have to be done the same day?

No.
Please continue...

 

[nikkhasnsi]

Malwarebytes' Anti-Malware 1.50 Result

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5214

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

12/3/2010 6:19:24 PM
mbam-log-2010-12-03 (18-19-24).txt

Scan type: Quick scan
Objects scanned: 143639
Time elapsed: 2 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[nikkhasnsi]

GMER Log

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-03 18:06:45
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdePort0 ST3250310AS rev.3.ADA
Running: GMER.exe; Driver: C:\Users\admin\AppData\Local\Temp\fxldipow.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sectors 488280994 (+254): rootkit-like behavior;

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP2T0L0-3 8748BAEA
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3 84D421F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8748BAEA
Device \Driver\atapi \Device\Ide\IdePort0 84D421F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8748BAEA
Device \Driver\atapi \Device\Ide\IdePort1 84D421F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8748BAEA
Device \Driver\atapi \Device\Ide\IdePort2 84D421F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8748BAEA
Device \Driver\atapi \Device\Ide\IdePort3 84D421F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-2 8748BAEA
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 84D421F8
Device \Driver\agyoh4d0 \Device\Scsi\agyoh4d01Port5Path0Target0Lun0 8690A1F8
Device \Driver\agyoh4d0 \Device\Scsi\agyoh4d01 8690A1F8
Device \FileSystem\Ntfs \Ntfs 84D431F8
Device \FileSystem\fastfat \Fat 889911F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Ip SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskST3250310AS_____________________________3.ADA___#5&16f139c2&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----

 

[nikkhasnsi]

DDS Log

DDS (Ver_10-11-27.01) - NTFSx86
Run by admin at 18:09:34.43 on Fri 12/03/2010
Internet Explorer: 8.0.6001.18975
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.1968 [GMT -8:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\bgsvcgen.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Norton 360\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Norton 360\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\DllHost.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\admin\Desktop\DDS by sUBs.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\norton 360\engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\norton 360\engine\4.3.0.5\IPSBHO.DLL
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: kikin Plugin: {e601996f-e400-41ca-804b-cd6373a7eee2} - c:\program files\kikin\ie_kikin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\norton 360\engine\4.3.0.5\coIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uRun: [EPSON WorkForce 610 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifja.exe /fu "c:\windows\temp\E_SF150.tmp" /EF "HKCU"
uRun: [WorkForce 610(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifja.exe /fu "c:\windows\temp\E_SA565.tmp" /EF "HKCU"
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Google Update] "c:\users\admin\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\fdi9ug62.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\users\admin\appdata\roaming\mozilla\plugins\npicaN.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-11-4 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-11-4 173104]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\bashdefs\20101123.003\BHDrvx86.sys [2010-11-22 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-11-4 501888]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\ipsdefs\20101130.001\IDSvix86.sys [2010-10-19 353840]
R1 SWIPsec;SonicWALL IPsec Driver;c:\windows\system32\drivers\SWIPsec.sys [2010-10-30 87064]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-11-4 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0403000.005\symtdiv.sys [2010-11-4 339504]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-27 176128]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-2 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-2 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-2 60936]
R2 N360;Norton 360;c:\program files\norton 360\norton 360\engine\4.3.0.5\ccsvchst.exe [2010-11-4 126392]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R2 SWGVCSvc;SonicWALL Global VPN Client Service;c:\program files\sonicwall\sonicwall global vpn client\SWGVCSvc.exe [2009-3-5 227352]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-10-27 6573568]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-10-27 229888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-11-12 102448]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-5-20 30576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\drivers\SWVNIC.sys [2009-3-4 21016]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-12-04 01:05:01 -------- d-----w- c:\windows\system32\directx
2010-12-03 23:51:57 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-12-03 20:04:09 -------- d-----w- c:\progra~2\TheFallTrilogy
2010-12-03 19:45:44 -------- d-----w- c:\program files\METRO 2033
2010-12-03 01:50:43 -------- d-----w- c:\users\admin\appdata\roaming\Avira
2010-12-03 01:45:38 -------- d-----w- c:\users\admin\appdata\local\Google
2010-12-03 01:45:12 -------- d-----w- c:\users\admin\appdata\local\Deployment
2010-12-03 01:45:12 -------- d-----w- c:\users\admin\appdata\local\Apps
2010-12-03 01:44:35 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-03 01:44:31 -------- d-----w- c:\program files\Avira
2010-12-03 01:44:31 -------- d-----w- c:\progra~2\Avira
2010-12-02 05:44:01 -------- d-----r- c:\program files\Skype
2010-12-02 05:40:06 -------- d-----w- c:\users\admin\appdata\local\Yahoo
2010-12-02 05:37:21 -------- d-----w- c:\program files\Yahoo!
2010-12-02 03:04:21 -------- d-----w- c:\users\admin\appdata\local\ATI
2010-12-02 02:58:38 -------- d-----w- c:\program files\common files\ATI Technologies
2010-12-02 02:58:25 105488 ----a-w- c:\windows\system32\drivers\AtiHdmi.sys
2010-12-02 02:58:16 0 ----a-w- c:\windows\ativpsrm.bin
2010-12-02 02:57:34 319456 ----a-w- c:\windows\system32\Difxapi.dll
2010-12-02 02:57:33 52736 ----a-w- c:\windows\system32\coinst.dll
2010-12-02 02:56:47 -------- d-----w- c:\program files\ATI Technologies
2010-12-02 02:56:46 -------- d-----w- c:\program files\ATI
2010-12-02 02:46:50 753664 ----a-w- c:\windows\system32\nvcplui.exe
2010-12-02 02:46:50 413696 ----a-w- c:\windows\system32\nvcpl.cpl
2010-12-02 02:46:50 307200 ----a-w- c:\windows\system32\nvexpbar.dll
2010-12-02 02:46:50 1073152 ----a-w- c:\windows\system32\nvcpluir.dll
2010-12-02 02:25:46 -------- d-----w- c:\users\admin\appdata\roaming\kikin
2010-12-02 02:25:46 -------- d-----w- c:\program files\kikin
2010-12-02 02:25:37 -------- d-----w- c:\users\admin\appdata\local\OpenCandy
2010-12-02 02:25:34 -------- d-----w- c:\users\admin\appdata\roaming\OpenCandy
2010-12-02 02:25:32 -------- d-----w- c:\program files\Phyxion.net
2010-12-02 02:23:13 -------- d-----w- c:\program files\oZone3D
2010-12-01 16:53:33 -------- d-----w- c:\program files\MSXML 4.0
2010-12-01 16:31:47 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-12-01 16:31:34 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{d9e27a02-2591-454f-8a61-2c3d55cd2011}\mpengine.dll
2010-12-01 03:22:31 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-12-01 03:22:30 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-12-01 03:21:56 -------- d-----w- c:\progra~2\Hitman Pro
2010-11-30 02:08:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-30 02:08:24 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-30 02:08:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-29 02:40:01 -------- d-----w- c:\users\admin\appdata\roaming\Malwarebytes
2010-11-29 02:39:41 -------- d-----w- c:\progra~2\Malwarebytes
2010-11-27 21:20:40 -------- d-----w- C:\Intel
2010-11-27 20:58:14 521128 ----a-w- c:\windows\system32\dpinst.exe
2010-11-27 04:57:43 -------- d-----w- c:\users\admin\appdata\roaming\.ABC
2010-11-27 04:56:48 -------- d-----w- c:\program files\ABC
2010-11-27 04:27:59 -------- d-----w- c:\windows\The Fall Trilogy
2010-11-27 04:27:59 -------- d-----w- c:\program files\The Fall Trilogy
2010-11-27 01:48:10 -------- d-----w- c:\program files\Youdagames
2010-11-27 01:40:48 -------- d-----w- c:\program files\Roads of Rome
2010-11-27 00:24:37 -------- d-----w- c:\users\admin\appdata\roaming\Realore_Whiterra Roads Of Rome
2010-11-27 00:24:07 -------- d-----w- c:\progra~2\Youdagames
2010-11-26 03:15:00 -------- d-----w- c:\windows\Youda Marina
2010-11-26 03:15:00 -------- d-----w- c:\program files\Youda Marina
2010-11-24 02:07:39 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2010-11-24 02:07:39 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2010-11-24 02:07:39 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2010-11-24 02:07:39 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2010-11-24 02:07:38 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2010-11-24 02:07:33 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2010-11-24 02:07:33 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2010-11-24 02:06:18 45056 ----a-r- c:\users\admin\appdata\roaming\microsoft\installer\{42929f0f-ce14-47af-9fc7-ff297a603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2010-11-24 02:06:13 -------- d-----w- c:\windows\system32\vmm32
2010-11-24 02:06:13 -------- d-----w- c:\program files\Dell
2010-11-18 02:17:17 -------- d-----w- c:\users\admin\appdata\local\Ahead
2010-11-18 02:13:00 -------- d-----w- c:\program files\Nero
2010-11-18 02:13:00 -------- d-----w- c:\progra~2\Nero
2010-11-15 04:24:00 90112 ----a-w- c:\windows\unvise32.exe
2010-11-15 04:23:28 -------- d-----w- c:\program files\DivX
2010-11-15 02:56:31 10833920 ----a-w- c:\windows\system32\libmfxsw32.dll
2010-11-15 02:56:30 10915840 ----a-w- c:\windows\system32\libmfxhw32.dll
2010-11-15 02:11:47 -------- d-----w- c:\users\admin\appdata\roaming\Pavtube
2010-11-15 02:09:52 -------- d-----w- c:\users\admin\appdata\roaming\GetRightToGo
2010-11-14 23:17:09 -------- d-----w- c:\users\admin\appdata\roaming\AVS4YOU
2010-11-14 23:17:06 -------- d-----w- c:\progra~2\AVS4YOU
2010-11-14 23:14:34 -------- d-----w- c:\program files\common files\AVSMedia
2010-11-14 23:14:33 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-11-14 23:14:33 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-11-14 23:14:33 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-11-14 23:14:32 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-11-14 23:14:32 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-11-14 23:14:32 -------- d-----w- c:\program files\AVS4YOU
2010-11-14 23:13:44 -------- d-----w- c:\program files\AVS Video Converter
2010-11-14 22:49:12 -------- d-----w- c:\users\admin\appdata\local\CrashDumps
2010-11-14 21:41:45 -------- d-----w- c:\progra~2\ArcSoft
2010-11-14 21:28:09 -------- d-----w- c:\users\admin\appdata\roaming\Moyea
2010-11-14 21:28:07 -------- d-----w- c:\users\admin\appdata\roaming\leawo
2010-11-14 21:28:07 -------- d-----w- c:\progra~2\Leawo
2010-11-14 21:27:22 165376 ----a-w- c:\windows\system32\unrar.dll
2010-11-14 20:53:35 -------- d-----w- c:\users\admin\appdata\local\ArcSoft
2010-11-14 20:51:42 11776 ----a-w- c:\windows\system32\drivers\afc.sys
2010-11-14 20:51:31 126976 ----a-w- c:\windows\system32\MediaImpression Slideshow.scr
2010-11-14 20:51:04 -------- d-----w- c:\windows\system32\MediaImpression Slideshow
2010-11-14 20:48:05 33408 ----a-w- c:\windows\system32\drivers\cdrbsdrv.sys
2010-11-14 20:48:04 59488 ----a-w- c:\windows\system32\GenSvcInst.exe
2010-11-14 20:48:04 145504 ----a-w- c:\windows\system32\bgsvcgen.exe
2010-11-14 20:47:22 45056 ----a-w- c:\windows\system32\PhDi2.sys
2010-11-14 20:39:09 -------- d-----w- c:\program files\BitPim
2010-11-14 00:18:05 -------- d-----w- c:\progra~2\Elaborate Bytes
2010-11-13 00:34:07 -------- d-----w- c:\program files\CloneDVD2
2010-11-12 23:16:44 87608 ----a-w- c:\users\admin\appdata\roaming\inst.exe
2010-11-12 23:16:44 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-11-12 23:16:44 47360 ----a-w- c:\users\admin\appdata\roaming\pcouffin.sys
2010-11-12 23:16:35 -------- d-----w- c:\program files\DVDFab 8
2010-11-12 22:52:51 -------- d-----w- c:\program files\SlySoft
2010-11-12 22:39:07 334792 ----a-w- c:\windows\system32\_AxShlEx.dll
2010-11-12 22:35:25 -------- d-----w- c:\program files\Alcohol Soft
2010-11-11 16:04:43 716272 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-11-11 15:40:15 -------- d-----w- c:\users\admin\appdata\local\Adobe
2010-11-11 01:09:00 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2010-11-07 22:35:24 -------- d-----w- c:\users\admin\appdata\local\Microsoft Games
2010-11-06 18:11:19 -------- d-----w- c:\users\admin\appdata\local\Apple Computer
2010-11-06 18:09:25 -------- d-----w- c:\program files\iPod
2010-11-06 18:09:24 -------- d-----w- c:\program files\iTunes
2010-11-06 18:09:24 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-11-06 17:58:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-11-06 17:58:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-11-06 17:58:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-11-06 17:58:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-11-06 17:58:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-11-06 17:58:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-11-06 17:58:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-11-06 17:56:29 -------- d-----w- c:\users\admin\appdata\local\Apple
2010-11-06 17:53:57 -------- d-----w- c:\program files\Bonjour
2010-11-05 20:49:37 77824 ----a-w- c:\windows\system32\EBAPI.dll
2010-11-05 20:49:37 65536 ----a-w- c:\windows\system32\EEBUtil.dll
2010-11-05 20:49:37 55808 ----a-w- c:\windows\system32\EEBSDKIF.dll
2010-11-05 20:49:37 135168 ----a-w- c:\windows\system32\EEBAPI.dll
2010-11-05 20:49:37 110592 ----a-w- c:\windows\system32\EEBDSCVR.dll
2010-11-05 18:16:11 474892 ----a-w- c:\windows\system32\ensppmon.dll
2010-11-05 18:16:11 474892 ----a-w- c:\windows\system32\enppmon.dll
2010-11-05 18:16:11 457611 ----a-w- c:\windows\system32\ensppui.dll
2010-11-05 18:16:11 457611 ----a-w- c:\windows\system32\enppui.dll
2010-11-05 18:16:11 249344 ----a-w- c:\windows\system32\enspres.dll
2010-11-05 18:16:11 249344 ----a-w- c:\windows\system32\enpres.dll
2010-11-05 18:16:10 -------- d-----w- c:\program files\EpsonNet
2010-11-05 18:15:03 -------- d-----w- c:\program files\common files\EPSON
2010-11-05 18:13:38 282624 ----a-w- c:\program files\common files\installshield\updateservice\agent.exe
2010-11-05 18:10:41 342016 ----a-w- c:\windows\system32\eswiaud.dll
2010-11-05 18:10:41 15872 ----a-w- c:\windows\system32\escdev.dll
2010-11-05 18:10:41 128392 ----a-w- c:\windows\system32\esdevapp.exe
2010-11-05 18:10:37 -------- d-----w- c:\program files\epson
2010-11-05 18:04:22 93696 ----a-w- c:\windows\system32\E_FLBFJA.DLL
2010-11-05 18:04:22 79360 ----a-w- c:\windows\system32\E_FD4BFJA.DLL
2010-11-05 18:04:14 -------- d-----w- c:\progra~2\EPSON
2010-11-04 16:43:05 501888 ----a-w- c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys
2010-11-04 16:43:05 43696 ----a-w- c:\windows\system32\drivers\n360\0403000.005\srtspx.sys
2010-11-04 16:43:05 339504 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symtdiv.sys
2010-11-04 16:43:05 328752 ----a-r- c:\windows\system32\drivers\n360\0403000.005\symds.sys
2010-11-04 16:43:05 325680 ----a-w- c:\windows\system32\drivers\n360\0403000.005\srtsp.sys
2010-11-04 16:43:05 173104 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symefa.sys
2010-11-04 16:43:05 116784 ----a-w- c:\windows\system32\drivers\n360\0403000.005\ironx86.sys
2010-11-04 16:42:53 -------- d-----w- c:\windows\system32\drivers\n360\0403000.005

==================== Find3M ====================

2010-10-27 11:08:18 16281600 ----a-w- c:\windows\system32\atioglxx.dll
2010-10-27 10:55:32 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-10-27 10:55:24 547328 ----a-w- c:\windows\system32\aticfx32.dll
2010-10-27 10:52:18 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-10-27 10:51:56 393216 ----a-w- c:\windows\system32\atieclxx.exe
2010-10-27 10:51:28 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2010-10-27 10:50:22 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-10-27 10:50:10 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-10-27 10:49:58 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2010-10-27 10:49:52 15872 ----a-w- c:\windows\system32\atimuixx.dll
2010-10-27 10:49:46 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-10-27 10:46:58 4020736 ----a-w- c:\windows\system32\atidxx32.dll
2010-10-27 10:35:28 46080 ----a-w- c:\windows\system32\aticalrt.dll
2010-10-27 10:35:18 44032 ----a-w- c:\windows\system32\aticalcl.dll
2010-10-27 10:33:52 5441536 ----a-w- c:\windows\system32\aticaldd.dll
2010-10-27 10:28:22 4094464 ----a-w- c:\windows\system32\atiumdag.dll
2010-10-27 10:14:50 249856 ----a-w- c:\windows\system32\atiadlxx.dll
2010-10-27 10:14:42 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-10-27 10:14:32 27136 ----a-w- c:\windows\system32\atigktxx.dll
2010-10-27 10:13:36 30720 ----a-w- c:\windows\system32\atiuxpag.dll
2010-10-27 10:13:24 28672 ----a-w- c:\windows\system32\atiu9pag.dll
2010-10-27 10:13:04 23040 ----a-w- c:\windows\system32\atitmpxx.dll
2010-10-27 09:50:10 3460096 ----a-w- c:\windows\system32\atiumdva.dll
2010-10-27 09:37:14 52736 ----a-w- c:\windows\system32\atimpc32.dll
2010-10-27 09:37:14 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2010-10-22 11:43:18 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-10-22 11:43:18 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-10-19 18:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-05 21:47:54 129024 ----a-w- c:\program files\common files\Uninstall.exe
2010-09-15 21:19:55 89256 ------w- c:\windows\system32\ElbyCDIO.dll
2010-09-13 13:56:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 18:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 18:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:20:29 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19:06 17920 ----a-w- c:\windows\system32\netevent.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: ST3250310AS rev.3.ADA -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8748BEC5]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x8556b872; SUB DWORD [EBP-0x4], 0x8556b12e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 ntkrnlpa!IofCallDriver[0x82256962] -> \Device\Harddisk0\DR0[0x861B3400]
3 CLASSPNP[0x8B3A18B3] -> ntkrnlpa!IofCallDriver[0x82256962] -> [0x85B2DA08]
5 acpi[0x8AC136BC] -> ntkrnlpa!IofCallDriver[0x82256962] -> [0x85B5EB98]
[0x869608E8] -> IRP_MJ_CREATE -> 0x8748BEC5
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskST3250310AS_____________________________3.ADA___#5&16f139c2&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8748BAEA
\Driver\atapi -> 0x84d421f8
user & kernel MBR OK
sectors 488281248 (+255): user != kernel
Warning: possible TDL3 rootkit infection !

============= FINISH: 18:10:53.92 ===============

 

[nikkhasnsi]

Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-27.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 10/29/2010 10:59:42 AM
System Uptime: 12/3/2010 4:43:04 PM (2 hours ago)

Motherboard: Dell Inc. | | 0CU409
Processor: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz | Socket 775 | 2200/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 223 GiB total, 169.191 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 4.764 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: SonicWALL Virtual NIC
Device ID: ROOT\SWVNIC\0000
Manufacturer: SonicWALL
Name: SonicWALL Virtual NIC
PNP Device ID: ROOT\SWVNIC\0000
Service: SWVNIC

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

ABC (remove only)
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.1
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
ATI AVIVO Codecs
ATI Catalyst Install Manager
Avira AntiVir Personal - Free Antivirus
AVS Screen Capture version 1.1.2
AVS Update Manager 1.0
AVS Video Converter 6
AVS Video Editor 5
AVS Video Recorder 2.4
AVS4YOU Software Navigator 1.3
BitPim 1.0.7
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Citrix XenApp Web Plugin
CloneDVD2
Dell Resource CD
DivX Codec
Driver Sweeper version 2.5.0
DVDFab 8.0.0.5 (25/08/2010)
Epson Event Manager
EPSON Scan
EPSON WorkForce 610 Series Printer Uninstall
EpsonNet Print
EpsonNet Setup
Google Chrome
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HydraVision
iTunes
kikin plugin 2.8
LG USB Modem driver
MagicTune Premium
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Corporation
Microsoft LifeCam
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ Run Time Lib Setup
Mozilla Firefox (3.6.12)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8
neroxml
Norton 360
NVIDIA Drivers
NVIDIA PhysX
oZone3D.Net FurMark v1.8.2
PHOTOfunSTUDIO HD Edition
QuickTime
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Skype Toolbars
Skype™ 5.0
SonicWALL Global VPN Client
The Fall Trilogy
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VCRedistSetup
WinRAR archiver
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Youda Marina
Youda Survivor 1.00

==== Event Viewer Messages From Past Week ========

12/3/2010 4:45:23 PM, Error: Service Control Manager [7022] - The MSCamSvc service hung on starting.
12/2/2010 6:06:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
12/2/2010 6:00:21 PM, Error: EventLog [6008] - The previous system shutdown at 5:59:11 PM on 12/2/2010 was unexpected.
12/2/2010 5:45:24 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
12/2/2010 10:14:29 PM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).
12/1/2010 7:16:17 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
12/1/2010 7:14:25 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
12/1/2010 7:14:25 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.
12/1/2010 7:12:51 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Update service, but this action failed with the following error: An instance of the service is already running.
12/1/2010 6:45:17 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070103: Samsung - Display - SyncMaster 2494LW(Digital).
12/1/2010 6:37:57 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
12/1/2010 6:37:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/1/2010 6:37:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/1/2010 6:37:24 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 ccHP DfsC eeCtrl ElbyCDIO IDSVix86 NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr SRTSPX SWIPsec SymIRON SYMTDIv tdx Wanarpv6
12/1/2010 6:37:24 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/1/2010 6:37:24 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
12/1/2010 6:37:24 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
12/1/2010 6:37:24 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/1/2010 6:37:24 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
12/1/2010 6:37:24 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/1/2010 6:37:24 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/1/2010 6:37:24 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
12/1/2010 6:37:24 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/1/2010 6:37:24 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/1/2010 6:37:24 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/1/2010 6:37:24 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/1/2010 6:37:24 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
12/1/2010 6:37:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
12/1/2010 6:37:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
12/1/2010 6:37:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
12/1/2010 6:37:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/1/2010 6:37:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/1/2010 6:32:39 PM, Error: EventLog [6008] - The previous system shutdown at 6:28:20 PM on 12/1/2010 was unexpected.
12/1/2010 5:42:01 PM, Error: EventLog [6008] - The previous system shutdown at 8:56:53 AM on 12/1/2010 was unexpected.

==== End Of File ===========================

 

[Broni]

You're running two AV programs, Avira and Norton.
One of them has to go.
If Norton, use this tool to remove it: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN

=====================================================================

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[nikkhasnsi]

Heh...i thought the more the better for Anti virus..i guess not..i kept norton



2010/12/03 21:37:42.0978 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01
2010/12/03 21:37:42.0978 ================================================================================
2010/12/03 21:37:42.0978 SystemInfo:
2010/12/03 21:37:42.0978
2010/12/03 21:37:42.0978 OS Version: 6.0.6002 ServicePack: 2.0
2010/12/03 21:37:42.0978 Product type: Workstation
2010/12/03 21:37:42.0979 ComputerName: HOME
2010/12/03 21:37:42.0979 UserName: admin
2010/12/03 21:37:42.0979 Windows directory: C:\Windows
2010/12/03 21:37:42.0979 System windows directory: C:\Windows
2010/12/03 21:37:42.0979 Processor architecture: Intel x86
2010/12/03 21:37:42.0979 Number of processors: 2
2010/12/03 21:37:42.0979 Page size: 0x1000
2010/12/03 21:37:42.0979 Boot type: Normal boot
2010/12/03 21:37:42.0979 ================================================================================
2010/12/03 21:37:46.0597 Initialize success
2010/12/03 21:37:47.0143 ================================================================================
2010/12/03 21:37:47.0143 Scan started
2010/12/03 21:37:47.0143 Mode: Manual;
2010/12/03 21:37:47.0143 ================================================================================
2010/12/03 21:37:48.0110 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/12/03 21:37:48.0173 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/12/03 21:37:48.0235 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/12/03 21:37:48.0282 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/12/03 21:37:48.0344 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/12/03 21:37:48.0422 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\Windows\system32\drivers\Afc.sys
2010/12/03 21:37:48.0516 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/12/03 21:37:48.0563 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/12/03 21:37:48.0656 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/12/03 21:37:48.0703 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/12/03 21:37:48.0781 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/12/03 21:37:48.0843 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/12/03 21:37:48.0890 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/12/03 21:37:48.0984 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2010/12/03 21:37:49.0218 amdkmdag (a91e07a35c0f31da7905f4a79d1ad924) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/12/03 21:37:49.0358 amdkmdap (baac8ebb76c4cc16a342670263b0ef4d) C:\Windows\system32\DRIVERS\atikmpag.sys
2010/12/03 21:37:49.0467 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/12/03 21:37:49.0530 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/12/03 21:37:49.0592 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/03 21:37:49.0655 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/12/03 21:37:49.0717 AtiHdmiService (e6530b7887652ad6ca32401483ae6766) C:\Windows\system32\drivers\AtiHdmi.sys
2010/12/03 21:37:49.0811 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/12/03 21:37:50.0029 BHDrvx86 (83a2fec59a0a0fc73bf6598e901b2fbd) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101123.003\BHDrvx86.sys
2010/12/03 21:37:50.0138 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/12/03 21:37:50.0201 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/03 21:37:50.0247 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/12/03 21:37:50.0294 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/12/03 21:37:50.0419 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/12/03 21:37:50.0466 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/12/03 21:37:50.0497 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/12/03 21:37:50.0544 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/12/03 21:37:50.0591 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/12/03 21:37:50.0700 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys
2010/12/03 21:37:50.0778 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/03 21:37:50.0825 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\Windows\system32\drivers\cdrbsdrv.sys
2010/12/03 21:37:50.0887 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/03 21:37:50.0949 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2010/12/03 21:37:50.0996 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/12/03 21:37:51.0059 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/12/03 21:37:51.0090 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2010/12/03 21:37:51.0121 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/12/03 21:37:51.0152 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/12/03 21:37:51.0230 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/12/03 21:37:51.0355 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/12/03 21:37:51.0402 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys
2010/12/03 21:37:51.0495 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/12/03 21:37:51.0573 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/03 21:37:51.0651 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
2010/12/03 21:37:51.0729 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/12/03 21:37:51.0807 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/12/03 21:37:51.0885 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/12/03 21:37:51.0995 ElbyCDIO (3a85ddb9da1b86624887e3acef10a944) C:\Windows\system32\Drivers\ElbyCDIO.sys
2010/12/03 21:37:52.0026 Scan interrupted by user!
2010/12/03 21:37:52.0026 Scan interrupted by user!
2010/12/03 21:37:52.0026 ================================================================================
2010/12/03 21:37:52.0026 Scan finished
2010/12/03 21:37:52.0026 ================================================================================
2010/12/03 21:37:59.0545 ================================================================================
2010/12/03 21:37:59.0545 Scan started
2010/12/03 21:37:59.0545 Mode: Manual;
2010/12/03 21:37:59.0545 ================================================================================
2010/12/03 21:37:59.0846 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/12/03 21:37:59.0884 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/12/03 21:37:59.0932 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/12/03 21:37:59.0967 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/12/03 21:38:00.0003 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/12/03 21:38:00.0056 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\Windows\system32\drivers\Afc.sys
2010/12/03 21:38:00.0096 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/12/03 21:38:00.0136 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/12/03 21:38:00.0167 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/12/03 21:38:00.0207 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/12/03 21:38:00.0239 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/12/03 21:38:00.0272 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/12/03 21:38:00.0294 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/12/03 21:38:00.0345 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2010/12/03 21:38:00.0529 amdkmdag (a91e07a35c0f31da7905f4a79d1ad924) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/12/03 21:38:00.0624 amdkmdap (baac8ebb76c4cc16a342670263b0ef4d) C:\Windows\system32\DRIVERS\atikmpag.sys
2010/12/03 21:38:00.0689 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/12/03 21:38:00.0716 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/12/03 21:38:00.0787 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/03 21:38:00.0850 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/12/03 21:38:00.0881 AtiHdmiService (e6530b7887652ad6ca32401483ae6766) C:\Windows\system32\drivers\AtiHdmi.sys
2010/12/03 21:38:00.0975 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/12/03 21:38:01.0146 BHDrvx86 (83a2fec59a0a0fc73bf6598e901b2fbd) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101123.003\BHDrvx86.sys
2010/12/03 21:38:01.0271 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/12/03 21:38:01.0287 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/03 21:38:01.0302 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/12/03 21:38:01.0318 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/12/03 21:38:01.0349 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/12/03 21:38:01.0380 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/12/03 21:38:01.0411 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/12/03 21:38:01.0427 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/12/03 21:38:01.0458 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/12/03 21:38:01.0521 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys
2010/12/03 21:38:01.0583 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/03 21:38:01.0630 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\Windows\system32\drivers\cdrbsdrv.sys
2010/12/03 21:38:01.0677 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/03 21:38:01.0723 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2010/12/03 21:38:01.0770 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/12/03 21:38:01.0801 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/12/03 21:38:01.0817 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2010/12/03 21:38:01.0848 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/12/03 21:38:01.0895 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/12/03 21:38:01.0957 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/12/03 21:38:02.0004 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/12/03 21:38:02.0035 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys
2010/12/03 21:38:02.0082 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/12/03 21:38:02.0145 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/03 21:38:02.0176 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
2010/12/03 21:38:02.0207 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/12/03 21:38:02.0269 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/12/03 21:38:02.0347 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/12/03 21:38:02.0425 ElbyCDIO (3a85ddb9da1b86624887e3acef10a944) C:\Windows\system32\Drivers\ElbyCDIO.sys
2010/12/03 21:38:02.0472 ElbyDelay (e205c313417da6fa7afe85912a310a65) C:\Windows\system32\Drivers\ElbyDelay.sys
2010/12/03 21:38:02.0519 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/12/03 21:38:02.0644 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/12/03 21:38:02.0722 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2010/12/03 21:38:02.0815 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/12/03 21:38:02.0893 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/12/03 21:38:02.0956 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/03 21:38:03.0003 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/12/03 21:38:03.0034 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/12/03 21:38:03.0081 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/03 21:38:03.0143 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/12/03 21:38:03.0237 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/03 21:38:03.0283 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/12/03 21:38:03.0361 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/12/03 21:38:03.0424 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2010/12/03 21:38:03.0517 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/03 21:38:03.0564 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/12/03 21:38:03.0595 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/12/03 21:38:03.0658 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/03 21:38:03.0720 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/12/03 21:38:03.0814 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/12/03 21:38:03.0861 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/12/03 21:38:03.0923 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/03 21:38:03.0970 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/12/03 21:38:04.0173 IDSVix86 (ee90168d5578359fe9a295b8611330c0) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101130.001\IDSvix86.sys
2010/12/03 21:38:04.0266 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/12/03 21:38:04.0375 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/12/03 21:38:04.0407 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/03 21:38:04.0485 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/03 21:38:04.0594 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/12/03 21:38:04.0656 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/12/03 21:38:04.0703 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/12/03 21:38:04.0765 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/12/03 21:38:04.0797 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/03 21:38:04.0859 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/12/03 21:38:04.0906 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/12/03 21:38:04.0953 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/03 21:38:05.0031 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/03 21:38:05.0109 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/03 21:38:05.0187 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/03 21:38:05.0249 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/12/03 21:38:05.0296 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/12/03 21:38:05.0374 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/12/03 21:38:05.0405 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/12/03 21:38:05.0467 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/12/03 21:38:05.0530 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/12/03 21:38:05.0592 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/12/03 21:38:05.0655 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/03 21:38:05.0701 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/03 21:38:05.0764 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/03 21:38:05.0795 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/12/03 21:38:05.0811 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/12/03 21:38:05.0889 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/03 21:38:05.0904 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/12/03 21:38:05.0998 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/12/03 21:38:06.0029 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/03 21:38:06.0076 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/03 21:38:06.0123 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/03 21:38:06.0169 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2010/12/03 21:38:06.0263 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/12/03 21:38:06.0357 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/12/03 21:38:06.0403 MSHUSBVideo (5119ffc2a6b51089cdb0efdc75808c97) C:\Windows\system32\Drivers\nx6000.sys
2010/12/03 21:38:06.0450 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/12/03 21:38:06.0497 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/03 21:38:06.0575 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/03 21:38:06.0606 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/12/03 21:38:06.0684 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/12/03 21:38:06.0715 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/03 21:38:06.0762 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/12/03 21:38:06.0809 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/12/03 21:38:06.0887 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/03 21:38:07.0074 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101203.032\NAVENG.SYS
2010/12/03 21:38:07.0168 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101203.032\NAVEX15.SYS
2010/12/03 21:38:07.0355 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/12/03 21:38:07.0402 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/03 21:38:07.0449 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/03 21:38:07.0527 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/03 21:38:07.0589 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/12/03 21:38:07.0636 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/03 21:38:07.0698 netbt (119b59d7f9706aa96f2327be2da7911c) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/03 21:38:07.0698 Suspicious file (Forged): C:\Windows\system32\DRIVERS\netbt.sys. Real md5: 119b59d7f9706aa96f2327be2da7911c, Fake md5: 150e9961d5b47889d53ff9fd4f0320a3
2010/12/03 21:38:07.0698 netbt - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/12/03 21:38:07.0761 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/12/03 21:38:07.0823 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/12/03 21:38:07.0870 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/03 21:38:07.0963 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/12/03 21:38:08.0026 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/12/03 21:38:08.0073 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/12/03 21:38:08.0338 nvlddmkm (671c58cc8dadfe2903207f299ce7a0e1) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/12/03 21:38:08.0603 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/03 21:38:08.0681 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/12/03 21:38:08.0759 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/12/03 21:38:08.0806 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/12/03 21:38:08.0868 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/12/03 21:38:08.0899 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2010/12/03 21:38:08.0993 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/12/03 21:38:09.0040 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2010/12/03 21:38:09.0165 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/12/03 21:38:09.0243 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/03 21:38:09.0305 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/12/03 21:38:09.0383 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/03 21:38:09.0461 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/12/03 21:38:09.0664 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/12/03 21:38:09.0742 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/03 21:38:09.0835 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/03 21:38:09.0991 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/03 21:38:10.0038 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/03 21:38:10.0085 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/03 21:38:10.0179 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/03 21:38:10.0225 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/03 21:38:10.0303 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2010/12/03 21:38:10.0335 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/03 21:38:10.0381 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/12/03 21:38:10.0506 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/03 21:38:10.0537 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/12/03 21:38:10.0631 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/03 21:38:10.0709 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/12/03 21:38:10.0771 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/12/03 21:38:10.0803 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/12/03 21:38:10.0896 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2010/12/03 21:38:10.0943 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/12/03 21:38:10.0974 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2010/12/03 21:38:11.0037 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/12/03 21:38:11.0099 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/12/03 21:38:11.0146 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/12/03 21:38:11.0208 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/12/03 21:38:11.0271 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/12/03 21:38:11.0364 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/12/03 21:38:11.0427 sptd (7f1b7c4d446cd3f926af45b8c48bd593) C:\Windows\system32\Drivers\sptd.sys
2010/12/03 21:38:11.0427 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 7f1b7c4d446cd3f926af45b8c48bd593
2010/12/03 21:38:11.0427 sptd - detected Locked file (1)
2010/12/03 21:38:11.0505 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS
2010/12/03 21:38:11.0536 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS
2010/12/03 21:38:11.0583 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2010/12/03 21:38:11.0614 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/03 21:38:11.0645 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/03 21:38:11.0739 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/03 21:38:11.0848 SWIPsec (ebd83e322b4eb50f6a1d8d7b42d3745e) C:\Windows\system32\Drivers\SWIPsec.sys
2010/12/03 21:38:11.0879 SWVNIC (962b13026b10b82d2874bfda4ecc048d) C:\Windows\system32\DRIVERS\swvnic.sys
2010/12/03 21:38:11.0941 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/12/03 21:38:12.0004 SymDS (56890bf9d9204b93042089d4b45ae671) C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS
2010/12/03 21:38:12.0097 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS
2010/12/03 21:38:12.0160 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\Windows\system32\Drivers\SYMEVENT.SYS
2010/12/03 21:38:12.0253 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS
2010/12/03 21:38:12.0285 SYMTDIv (bf610335eda8d9026e45b4ac73d0de58) C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS
2010/12/03 21:38:12.0347 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/12/03 21:38:12.0394 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/12/03 21:38:12.0534 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/12/03 21:38:12.0581 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/03 21:38:12.0628 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/03 21:38:12.0690 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/12/03 21:38:12.0768 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/12/03 21:38:12.0846 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/03 21:38:12.0877 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/03 21:38:13.0018 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/03 21:38:13.0080 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/12/03 21:38:13.0158 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/03 21:38:13.0221 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/12/03 21:38:13.0299 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/03 21:38:13.0392 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/12/03 21:38:13.0423 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/12/03 21:38:13.0470 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/12/03 21:38:13.0517 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/12/03 21:38:13.0548 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/03 21:38:13.0642 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2010/12/03 21:38:13.0720 usbbus (9419faac6552a51542dbba02971c841c) C:\Windows\system32\DRIVERS\lgusbbus.sys
2010/12/03 21:38:13.0767 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/03 21:38:13.0845 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/12/03 21:38:13.0923 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\Windows\system32\DRIVERS\lgusbdiag.sys
2010/12/03 21:38:14.0047 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/03 21:38:14.0079 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/03 21:38:14.0157 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\Windows\system32\DRIVERS\lgusbmodem.sys
2010/12/03 21:38:14.0172 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2010/12/03 21:38:14.0203 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/03 21:38:14.0281 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/12/03 21:38:14.0344 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/03 21:38:14.0406 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/03 21:38:14.0453 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2010/12/03 21:38:14.0547 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/03 21:38:14.0593 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/12/03 21:38:14.0671 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/12/03 21:38:14.0765 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/12/03 21:38:14.0827 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/12/03 21:38:14.0905 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/12/03 21:38:14.0983 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/12/03 21:38:15.0015 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/12/03 21:38:15.0077 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/12/03 21:38:15.0186 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/12/03 21:38:15.0217 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/03 21:38:15.0249 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/03 21:38:15.0342 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/12/03 21:38:15.0389 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/03 21:38:15.0545 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2010/12/03 21:38:15.0670 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/03 21:38:15.0779 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/03 21:38:15.0857 ================================================================================
2010/12/03 21:38:15.0857 Scan finished
2010/12/03 21:38:15.0857 ================================================================================
2010/12/03 21:38:15.0857 Detected object count: 2
2010/12/03 21:38:31.0005 netbt (119b59d7f9706aa96f2327be2da7911c) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/03 21:38:31.0020 Suspicious file (Forged): C:\Windows\system32\DRIVERS\netbt.sys. Real md5: 119b59d7f9706aa96f2327be2da7911c, Fake md5: 150e9961d5b47889d53ff9fd4f0320a3
2010/12/03 21:38:31.0395 Backup copy found, using it..
2010/12/03 21:38:31.0551 C:\Windows\system32\DRIVERS\netbt.sys - will be cured after reboot
2010/12/03 21:38:31.0551 Rootkit.Win32.TDSS.tdl3(netbt) - User select action: Cure
2010/12/03 21:38:31.0551 Locked file(sptd) - User select action: Skip
2010/12/03 21:38:35.0841 Deinitialize success

 

[Broni]

Good job

How is redirection?

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[nikkhasnsi]

Redirect seems to work properly now.....still did the following steps


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Vostro 200
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 161):
0x82245000 \SystemRoot\system32\ntkrnlpa.exe
0x82212000 \SystemRoot\system32\hal.dll
0x8040B000 \SystemRoot\system32\kdcom.dll
0x80412000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80482000 \SystemRoot\system32\PSHED.dll
0x80493000 \SystemRoot\system32\BOOTVID.dll
0x8049B000 \SystemRoot\system32\CLFS.SYS
0x804DC000 \SystemRoot\system32\CI.dll
0x80608000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80684000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80691000 \SystemRoot\System32\Drivers\spsy.sys
0x8078E000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x80797000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8AC02000 \SystemRoot\system32\drivers\acpi.sys
0x8AC48000 \SystemRoot\system32\drivers\msisadrv.sys
0x8AC50000 \SystemRoot\system32\drivers\pci.sys
0x8AC77000 \SystemRoot\System32\drivers\partmgr.sys
0x8AC86000 \SystemRoot\system32\drivers\volmgr.sys
0x8AC95000 \SystemRoot\System32\drivers\volmgrx.sys
0x8ACDF000 \SystemRoot\system32\drivers\pciide.sys
0x8ACE6000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8ACF4000 \SystemRoot\System32\drivers\mountmgr.sys
0x8AD04000 \SystemRoot\system32\drivers\atapi.sys
0x8AD0C000 \SystemRoot\system32\drivers\ataport.SYS
0x8AD2A000 \SystemRoot\system32\drivers\fltmgr.sys
0x8AD5C000 \SystemRoot\system32\drivers\N360\0403000.005\SYMDS.SYS
0x8ADB2000 \SystemRoot\system32\drivers\fileinfo.sys
0x8ADC2000 \SystemRoot\system32\drivers\N360\0403000.005\SYMEFA.SYS
0x8AE0D000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8AE7E000 \SystemRoot\system32\drivers\ndis.sys
0x8AF89000 \SystemRoot\system32\drivers\msrpc.sys
0x8AFB4000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B004000 \SystemRoot\System32\drivers\tcpip.sys
0x8B0EE000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B202000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B312000 \SystemRoot\system32\drivers\volsnap.sys
0x8B34B000 \SystemRoot\System32\Drivers\spldr.sys
0x8B353000 \SystemRoot\System32\Drivers\mup.sys
0x8B362000 \SystemRoot\System32\drivers\ecache.sys
0x8B389000 \SystemRoot\system32\drivers\disk.sys
0x8B39A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8B3BB000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B3E4000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B3EF000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B109000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8B118000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x9020D000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x908A0000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x90941000 \SystemRoot\System32\drivers\watchdog.sys
0x9094D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8B155000 \SystemRoot\system32\DRIVERS\e1e6032.sys
0x909DA000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8B18F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x909E5000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8B1CD000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8B1DD000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x909F4000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x90200000 \SystemRoot\system32\DRIVERS\fdc.sys
0x8B3F8000 \SystemRoot\system32\drivers\Afc.sys
0x8B1EB000 \SystemRoot\System32\Drivers\cdrbsdrv.SYS
0x9020B000 \SystemRoot\System32\Drivers\ElbyDelay.sys
0x807BD000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B1F4000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8FC0E000 \SystemRoot\System32\Drivers\acsj7c5j.SYS
0x8FC73000 \SystemRoot\system32\DRIVERS\dne2000.sys
0x8FC92000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8FCC1000 \SystemRoot\system32\DRIVERS\storport.sys
0x8FD02000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8FD0D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8FD24000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8FD2F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8FD52000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8FD61000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8FD75000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8FD8A000 \SystemRoot\System32\Drivers\pcouffin.sys
0x8FD96000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8FDA6000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8FDB1000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8FDBC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8FDBE000 \SystemRoot\system32\DRIVERS\ks.sys
0x8FDE8000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8FDF2000 \SystemRoot\system32\DRIVERS\umbus.sys
0x805BC000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8AFEF000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x807D5000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x8FE05000 \SystemRoot\system32\drivers\portcls.sys
0x8FE32000 \SystemRoot\system32\drivers\drmk.sys
0x8FE57000 \SystemRoot\system32\drivers\HdAudio.sys
0x8FE96000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8FE9F000 \SystemRoot\System32\Drivers\Null.SYS
0x8FEA6000 \SystemRoot\System32\Drivers\Beep.SYS
0x8FEB6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8FEBD000 \SystemRoot\System32\drivers\vga.sys
0x8FEC9000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8FEEA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8FEF2000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8FEFA000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8FF05000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8FF13000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8FF1C000 \??\C:\Windows\system32\Drivers\SWIPsec.sys
0x8FF34000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8FF4A000 \SystemRoot\System32\Drivers\N360\0403000.005\SYMTDIV.SYS
0x8FFA3000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x8FFC8000 \SystemRoot\system32\DRIVERS\smb.sys
0x9120A000 \SystemRoot\system32\drivers\afd.sys
0x91252000 \SystemRoot\System32\DRIVERS\netbt.sys
0x91284000 \SystemRoot\system32\DRIVERS\pacer.sys
0x9129A000 \SystemRoot\system32\DRIVERS\netbios.sys
0x912A8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x912BB000 \SystemRoot\system32\drivers\N360\0403000.005\Ironx86.SYS
0x912DA000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x912E3000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x912F3000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x912F5000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x912FD000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x91314000 \SystemRoot\System32\Drivers\nx6000.sys
0x9131E000 \SystemRoot\System32\Drivers\usbvideo.sys
0x9133F000 \SystemRoot\system32\drivers\usbaudio.sys
0x91351000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x9135A000 \SystemRoot\system32\drivers\N360\0403000.005\SRTSPX.SYS
0x91364000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x913A0000 \SystemRoot\system32\drivers\nsiproxy.sys
0x91E02000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101130.001\IDSvix86.sys
0x91E5D000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x91E62000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x91EC0000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x91EDD000 \SystemRoot\System32\Drivers\dfsc.sys
0x91EF4000 \SystemRoot\system32\drivers\N360\0403000.005\ccHPx86.sys
0x92402000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101123.003\BHDrvx86.sys
0x924AE000 \SystemRoot\System32\Drivers\crashdmp.sys
0x924BB000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x924C6000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x9B450000 \SystemRoot\System32\win32k.sys
0x924CE000 \SystemRoot\System32\drivers\Dxapi.sys
0x924D8000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9B670000 \SystemRoot\System32\TSDDD.dll
0x9B690000 \SystemRoot\System32\cdd.dll
0x924E7000 \SystemRoot\system32\drivers\luafv.sys
0x92502000 \SystemRoot\system32\drivers\spsys.sys
0x925B2000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x925C2000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x91F73000 \SystemRoot\system32\drivers\HTTP.sys
0x925D5000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x91FE0000 \SystemRoot\system32\DRIVERS\bowser.sys
0x913AA000 \SystemRoot\System32\drivers\mpsdrv.sys
0x913BF000 \SystemRoot\system32\drivers\mrxdav.sys
0x913E0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x81609000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x81642000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x8165A000 \SystemRoot\System32\DRIVERS\srv2.sys
0x81682000 \SystemRoot\System32\DRIVERS\srv.sys
0x816D0000 \SystemRoot\System32\Drivers\fastfat.SYS
0x816F8000 \SystemRoot\system32\drivers\peauth.sys
0x817D6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x817E0000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA8400000 \SystemRoot\System32\Drivers\N360\0403000.005\SRTSP.SYS
0xA8457000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101203.032\NAVEX15.SYS
0xA85A5000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101203.032\NAVENG.SYS
0xA85B9000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xB0409000 \SystemRoot\system32\DRIVERS\udfs.sys
0x77980000 \Windows\System32\ntdll.dll

Processes (total 73):
0 System Idle Process
4 System
424 C:\Windows\System32\smss.exe
556 csrss.exe
620 C:\Windows\System32\wininit.exe
628 csrss.exe
664 C:\Windows\System32\services.exe
696 C:\Windows\System32\lsass.exe
704 C:\Windows\System32\lsm.exe
776 C:\Windows\System32\winlogon.exe
880 C:\Windows\System32\svchost.exe
940 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
1056 C:\Windows\System32\atiesrxx.exe
1100 C:\Windows\System32\svchost.exe
1148 C:\Windows\System32\svchost.exe
1180 C:\Windows\System32\svchost.exe
1260 C:\Windows\System32\audiodg.exe
1288 C:\Windows\System32\svchost.exe
1308 C:\Windows\System32\SLsvc.exe
1356 C:\Windows\System32\svchost.exe
1452 C:\Windows\System32\atieclxx.exe
1592 C:\Windows\System32\svchost.exe
1780 C:\Windows\System32\spoolsv.exe
1804 C:\Windows\System32\svchost.exe
2016 C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
448 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
460 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
544 C:\Windows\System32\bgsvcgen.exe
680 C:\Program Files\Bonjour\mDNSResponder.exe
1012 C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
1608 C:\Program Files\Microsoft LifeCam\MSCamS32.exe
1352 C:\Program Files\Norton 360\Norton 360\Engine\4.3.0.5\ccsvchst.exe
1516 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
2104 C:\Windows\System32\svchost.exe
2144 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
2208 C:\Windows\System32\svchost.exe
2240 C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
2344 C:\Windows\System32\svchost.exe
2372 C:\Windows\System32\SearchIndexer.exe
2472 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
2480 C:\Windows\System32\taskeng.exe
3128 C:\Program Files\Norton 360\Norton 360\Engine\4.3.0.5\ccsvchst.exe
3156 C:\Windows\System32\dwm.exe
3204 C:\Windows\System32\taskeng.exe
3260 C:\Windows\explorer.exe
3688 C:\Windows\System32\taskeng.exe
4076 dllhost.exe
2952 C:\Program Files\Windows Defender\MSASCui.exe
2732 C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
1328 C:\Program Files\iTunes\iTunesHelper.exe
1132 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
2792 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
156 C:\Program Files\Windows Media Player\wmpnscfg.exe
3476 C:\Program Files\Windows Media Player\wmpnetwk.exe
3200 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
1192 WmiPrvSE.exe
2540 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
1296 C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
3176 C:\Program Files\iPod\bin\iPodService.exe
3372 C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
2888 C:\Windows\System32\taskmgr.exe
4148 C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
4184 C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
4312 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
4664 C:\Program Files\Internet Explorer\iexplore.exe
4704 C:\Program Files\Internet Explorer\iexplore.exe
5016 C:\Windows\System32\SearchProtocolHost.exe
5028 C:\Windows\System32\SearchFilterHost.exe
5264 C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe
5296 C:\Windows\System32\SearchProtocolHost.exe
6036 C:\Users\admin\Desktop\MBRCheck.exe
6072 C:\Windows\System32\wbem\WMIADAP.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`83700000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03700000 (NTFS)

PhysicalDrive0 Model Number: ST3250310AS, Rev: 3.ADA

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

 

[Broni]

I still need Combofix log.

 

[nikkhasnsi]

ComboFix 10-12-04.01 - admin 12/04/2010 22:07:20.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.1833 [GMT -8:00]
Running from: c:\users\admin\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\admin - Copy\AppData\Roaming\inst.exe
c:\users\admin\AppData\Roaming\inst.exe

.
((((((((((((((((((((((((( Files Created from 2010-11-05 to 2010-12-05 )))))))))))))))))))))))))))))))
.

2010-12-05 06:11 . 2010-12-05 06:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-04 06:17 . 2010-12-04 06:17 -------- d-----w- c:\windows\system32\xlive
2010-12-04 06:17 . 2010-12-04 06:17 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-12-04 06:17 . 2008-07-12 16:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-12-04 06:17 . 2008-07-12 16:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-12-04 06:17 . 2008-07-12 16:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-12-04 06:06 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{59ECADB4-AFD3-4021-9A9A-2A20AEFF2004}\mpengine.dll
2010-12-04 05:59 . 2010-12-04 05:59 -------- d-----w- c:\program files\Volition Inc
2010-12-03 23:51 . 2005-05-26 23:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-12-03 20:04 . 2010-12-03 20:04 -------- d-----w- c:\programdata\TheFallTrilogy
2010-12-03 02:06 . 2010-12-03 02:09 -------- d-----w- c:\users\admin - Copy
2010-12-03 01:45 . 2010-12-03 01:46 -------- d-----w- c:\users\admin\AppData\Local\Google
2010-12-03 01:45 . 2010-12-03 01:45 -------- d-----w- c:\users\admin\AppData\Local\Deployment
2010-12-03 01:45 . 2010-12-03 01:45 -------- d-----w- c:\users\admin\AppData\Local\Apps
2010-12-02 05:44 . 2010-12-02 05:44 -------- d-----w- c:\users\admin\AppData\Roaming\skypePM
2010-12-02 05:44 . 2010-12-02 05:44 -------- d-----w- c:\program files\Common Files\Skype
2010-12-02 05:44 . 2010-12-02 05:44 -------- d-----r- c:\program files\Skype
2010-12-02 05:44 . 2010-12-02 06:24 -------- d-----w- c:\users\admin\AppData\Roaming\Skype
2010-12-02 05:43 . 2010-12-02 05:44 -------- d-----w- c:\programdata\Skype
2010-12-02 05:40 . 2010-12-02 05:40 -------- d-----w- c:\users\admin\AppData\Local\Yahoo
2010-12-02 05:38 . 2010-12-02 05:40 -------- d-----w- c:\users\admin\AppData\Roaming\Yahoo!
2010-12-02 05:38 . 2010-12-02 05:38 -------- d-----w- c:\programdata\Yahoo! Companion
2010-12-02 05:38 . 2010-12-02 05:38 -------- d-----w- c:\programdata\Yahoo!
2010-12-02 05:37 . 2010-12-02 05:38 -------- d-----w- c:\program files\Yahoo!
2010-12-02 03:04 . 2010-12-02 03:04 -------- d-----w- c:\users\admin\AppData\Roaming\ATI
2010-12-02 03:04 . 2010-12-02 03:04 -------- d-----w- c:\users\admin\AppData\Local\ATI
2010-12-02 03:04 . 2010-12-02 03:04 -------- d-----w- c:\programdata\ATI
2010-12-02 02:58 . 2010-12-02 02:58 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-12-02 02:58 . 2010-05-06 09:21 105488 ----a-w- c:\windows\system32\drivers\AtiHdmi.sys
2010-12-02 02:58 . 2010-12-02 02:58 0 ----a-w- c:\windows\ativpsrm.bin
2010-12-02 02:57 . 2006-11-02 12:21 319456 ----a-w- c:\windows\system32\Difxapi.dll
2010-12-02 02:57 . 2010-10-27 10:14 52736 ----a-w- c:\windows\system32\coinst.dll
2010-12-02 02:56 . 2010-12-02 02:59 -------- d-----w- c:\program files\ATI Technologies
2010-12-02 02:56 . 2010-12-02 02:56 -------- d-----w- c:\program files\ATI
2010-12-02 02:46 . 2007-09-17 16:07 753664 ----a-w- c:\windows\system32\nvcplui.exe
2010-12-02 02:46 . 2007-09-17 16:07 413696 ----a-w- c:\windows\system32\nvcpl.cpl
2010-12-02 02:46 . 2007-09-17 16:07 307200 ----a-w- c:\windows\system32\nvexpbar.dll
2010-12-02 02:46 . 2007-09-17 16:07 1073152 ----a-w- c:\windows\system32\nvcpluir.dll
2010-12-02 02:25 . 2010-12-02 02:25 -------- d-----w- c:\users\admin\AppData\Roaming\kikin
2010-12-02 02:25 . 2010-12-02 02:25 -------- d-----w- c:\program files\kikin
2010-12-02 02:25 . 2010-12-02 02:25 -------- d-----w- c:\users\admin\AppData\Local\OpenCandy
2010-12-02 02:25 . 2010-12-02 02:25 -------- d-----w- c:\users\admin\AppData\Roaming\OpenCandy
2010-12-02 02:25 . 2010-12-02 02:25 -------- d-----w- c:\program files\Phyxion.net
2010-12-02 02:23 . 2010-12-02 02:23 -------- d-----w- c:\program files\oZone3D
2010-12-01 16:53 . 2010-12-01 16:53 -------- d-----w- c:\program files\MSXML 4.0
2010-12-01 16:31 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-12-01 03:22 . 2010-12-04 05:22 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-12-01 03:22 . 2010-12-01 03:22 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-12-01 03:21 . 2010-12-01 03:26 -------- d-----w- c:\programdata\Hitman Pro
2010-11-30 02:08 . 2010-12-04 02:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-29 02:40 . 2010-11-29 02:40 -------- d-----w- c:\users\admin\AppData\Roaming\Malwarebytes
2010-11-29 02:39 . 2010-11-29 02:39 -------- d-----w- c:\programdata\Malwarebytes
2010-11-27 21:20 . 2010-11-27 21:20 -------- d-----w- c:\program files\Intel
2010-11-27 21:20 . 2010-11-27 21:20 -------- d-----w- C:\Intel
2010-11-27 20:58 . 2007-09-17 08:07 521128 ----a-w- c:\windows\system32\dpinst.exe
2010-11-27 04:57 . 2010-11-29 02:13 -------- d-----w- c:\users\admin\AppData\Roaming\.ABC
2010-11-27 04:56 . 2010-11-27 04:56 -------- d-----w- c:\program files\ABC
2010-11-27 04:27 . 2010-11-27 04:27 -------- d-----w- c:\windows\The Fall Trilogy
2010-11-27 04:27 . 2010-11-27 04:27 -------- d-----w- c:\program files\The Fall Trilogy
2010-11-27 01:48 . 2010-11-27 01:48 -------- d-----w- c:\program files\Youdagames
2010-11-27 01:40 . 2010-11-27 01:41 -------- d-----w- c:\program files\Roads of Rome
2010-11-27 00:24 . 2010-11-27 00:26 -------- d-----w- c:\users\admin\AppData\Roaming\Realore_Whiterra Roads Of Rome
2010-11-27 00:24 . 2010-12-03 20:01 -------- d-----w- c:\programdata\Youdagames
2010-11-26 03:15 . 2010-11-26 03:15 -------- d-----w- c:\program files\Youda Marina
2010-11-26 03:15 . 2010-11-26 03:15 -------- d-----w- c:\windows\Youda Marina
2010-11-24 02:29 . 2010-11-24 02:29 -------- d-----w- c:\users\admin\AppData\Local\Mozilla
2010-11-24 02:07 . 2003-11-11 02:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2010-11-24 02:07 . 2003-11-11 02:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2010-11-24 02:07 . 2003-11-11 02:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2010-11-24 02:07 . 2003-11-11 02:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2010-11-24 02:07 . 2003-11-11 02:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2010-11-24 02:07 . 2010-11-24 02:07 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2010-11-24 02:07 . 2010-11-24 02:07 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2010-11-24 02:06 . 2010-11-24 02:06 45056 ----a-r- c:\users\admin\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2010-11-24 02:06 . 2010-11-24 02:06 -------- d-----w- c:\windows\system32\vmm32
2010-11-24 02:06 . 2010-11-24 02:06 -------- d-----w- c:\program files\Dell
2010-11-18 02:17 . 2010-11-18 02:17 -------- d-----w- c:\users\admin\AppData\Local\Ahead
2010-11-18 02:15 . 2010-11-18 02:15 -------- d-----w- c:\users\admin\AppData\Roaming\Nero
2010-11-18 02:13 . 2010-11-18 02:13 -------- d-----w- c:\programdata\Nero
2010-11-18 02:13 . 2010-11-18 02:13 -------- d-----w- c:\program files\Nero
2010-11-18 02:12 . 2010-11-18 02:14 -------- d-----w- c:\program files\Common Files\Nero
2010-11-15 04:24 . 2003-03-16 07:15 90112 ----a-w- c:\windows\unvise32.exe
2010-11-15 04:23 . 2010-11-15 04:24 -------- d-----w- c:\program files\DivX
2010-11-15 02:56 . 2010-09-08 23:36 10833920 ----a-w- c:\windows\system32\libmfxsw32.dll
2010-11-15 02:56 . 2010-09-08 23:36 10915840 ----a-w- c:\windows\system32\libmfxhw32.dll
2010-11-15 02:11 . 2010-11-15 02:11 -------- d-----w- c:\users\admin\AppData\Roaming\Pavtube
2010-11-15 02:09 . 2010-11-15 02:11 -------- d-----w- c:\users\admin\AppData\Roaming\GetRightToGo
2010-11-14 23:17 . 2010-11-15 03:01 -------- d-----w- c:\users\admin\AppData\Roaming\AVS4YOU
2010-11-14 23:17 . 2010-11-14 23:17 -------- d-----w- c:\programdata\AVS4YOU
2010-11-14 23:14 . 2010-11-15 02:57 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-11-14 23:14 . 2007-02-28 02:36 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-11-14 23:14 . 2007-02-28 02:36 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-11-14 23:14 . 2007-02-28 02:36 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-11-14 23:14 . 2010-11-30 04:14 -------- d-----w- c:\program files\AVS4YOU
2010-11-14 23:14 . 2007-02-28 02:36 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-11-14 23:14 . 2007-02-28 02:36 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-11-14 23:13 . 2010-11-14 23:13 -------- d-----w- c:\program files\AVS Video Converter
2010-11-14 22:49 . 2010-12-05 00:23 -------- d-----w- c:\users\admin\AppData\Local\CrashDumps
2010-11-14 21:41 . 2010-11-14 21:41 -------- d-----w- c:\programdata\ArcSoft
2010-11-14 21:28 . 2010-11-14 21:28 -------- d-----w- c:\users\admin\AppData\Roaming\Moyea
2010-11-14 21:28 . 2010-11-14 21:28 -------- d-----w- c:\users\admin\AppData\Roaming\leawo
2010-11-14 21:28 . 2010-11-14 21:28 -------- d-----w- c:\programdata\Leawo
2010-11-14 21:27 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll
2010-11-14 20:53 . 2010-11-14 20:53 -------- d-----w- c:\users\admin\AppData\Roaming\Panasonic
2010-11-14 20:53 . 2010-11-14 20:53 -------- d-----w- c:\users\admin\AppData\Local\ArcSoft
2010-11-14 20:51 . 2005-02-23 22:58 11776 ----a-w- c:\windows\system32\drivers\afc.sys
2010-11-14 20:51 . 2010-11-14 20:52 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-11-14 20:51 . 2010-11-14 20:51 -------- d-----w- c:\windows\system32\MediaImpression Slideshow
2010-11-14 20:50 . 2010-11-14 20:50 -------- d-----w- c:\program files\ArcSoft
2010-11-14 20:48 . 2006-02-21 03:17 33408 ----a-w- c:\windows\system32\drivers\cdrbsdrv.sys
2010-11-14 20:48 . 2007-06-15 20:57 59488 ----a-w- c:\windows\system32\GenSvcInst.exe
2010-11-14 20:48 . 2007-06-15 20:57 145504 ----a-w- c:\windows\system32\bgsvcgen.exe
2010-11-14 20:47 . 2008-09-26 05:07 45056 ----a-w- c:\windows\system32\PhDi2.sys
2010-11-14 20:47 . 2010-11-14 20:47 -------- d-----w- c:\program files\Panasonic
2010-11-14 20:39 . 2010-11-14 20:39 -------- d-----w- c:\program files\BitPim
2010-11-14 00:18 . 2010-11-14 00:18 -------- d-----w- c:\programdata\Elaborate Bytes
2010-11-13 00:34 . 2010-11-13 00:44 -------- d-----w- c:\program files\CloneDVD2
2010-11-12 23:16 . 2010-11-12 23:17 -------- d-----w- c:\users\admin\AppData\Roaming\Vso
2010-11-12 23:16 . 2010-11-12 23:16 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-11-12 23:16 . 2010-11-12 23:16 47360 ----a-w- c:\users\admin\AppData\Roaming\pcouffin.sys
2010-11-12 23:16 . 2010-11-12 23:30 -------- d-----w- c:\program files\DVDFab 8
2010-11-12 22:52 . 2010-11-14 00:17 -------- d-----w- c:\program files\SlySoft
2010-11-12 22:39 . 2008-02-22 11:30 334792 ----a-w- c:\windows\system32\_AxShlEx.dll
2010-11-12 22:35 . 2010-11-12 22:35 -------- d-----w- c:\program files\Alcohol Soft
2010-11-11 16:04 . 2010-11-11 16:04 716272 ----a-w- c:\windows\system32\drivers\sptd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-04 23:54 . 2010-02-10 17:14 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-12-04 05:39 . 2010-10-30 02:40 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2010-11-02 06:02 . 2010-10-30 20:21 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-10-30 22:18 . 2010-10-30 22:18 73728 ----a-r- c:\users\admin\AppData\Roaming\Microsoft\Installer\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\ARPICON.exe
2010-10-27 11:59 . 2010-10-27 11:59 6573568 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-10-27 11:08 . 2010-10-27 11:08 16281600 ----a-w- c:\windows\system32\atioglxx.dll
2010-10-27 10:55 . 2010-10-27 10:55 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-10-27 10:55 . 2010-10-27 10:55 547328 ----a-w- c:\windows\system32\aticfx32.dll
2010-10-27 10:52 . 2010-10-27 10:52 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-10-27 10:51 . 2010-10-27 10:51 393216 ----a-w- c:\windows\system32\atieclxx.exe
2010-10-27 10:51 . 2010-10-27 10:51 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2010-10-27 10:50 . 2010-10-27 10:50 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-10-27 10:50 . 2010-10-27 10:50 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-10-27 10:49 . 2010-10-27 10:49 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2010-10-27 10:49 . 2010-10-27 10:49 15872 ----a-w- c:\windows\system32\atimuixx.dll
2010-10-27 10:49 . 2010-10-27 10:49 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-10-27 10:46 . 2010-10-27 10:46 4020736 ----a-w- c:\windows\system32\atidxx32.dll
2010-10-27 10:35 . 2010-10-27 10:35 46080 ----a-w- c:\windows\system32\aticalrt.dll
2010-10-27 10:35 . 2010-10-27 10:35 44032 ----a-w- c:\windows\system32\aticalcl.dll
2010-10-27 10:33 . 2010-10-27 10:33 5441536 ----a-w- c:\windows\system32\aticaldd.dll
2010-10-27 10:28 . 2010-10-27 10:28 4094464 ----a-w- c:\windows\system32\atiumdag.dll
2010-10-27 10:14 . 2010-10-27 10:14 249856 ----a-w- c:\windows\system32\atiadlxx.dll
2010-10-27 10:14 . 2010-10-27 10:14 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-10-27 10:14 . 2010-10-27 10:14 27136 ----a-w- c:\windows\system32\atigktxx.dll
2010-10-27 10:14 . 2010-10-27 10:14 229888 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-10-27 10:13 . 2010-10-27 10:13 30720 ----a-w- c:\windows\system32\atiuxpag.dll
2010-10-27 10:13 . 2010-10-27 10:13 28672 ----a-w- c:\windows\system32\atiu9pag.dll
2010-10-27 10:13 . 2010-10-27 10:13 23040 ----a-w- c:\windows\system32\atitmpxx.dll
2010-10-27 10:12 . 2010-10-27 10:12 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-10-27 09:50 . 2010-10-27 09:50 3460096 ----a-w- c:\windows\system32\atiumdva.dll
2010-10-27 09:37 . 2010-10-27 09:37 52736 ----a-w- c:\windows\system32\atimpc32.dll
2010-10-27 09:37 . 2010-10-27 09:37 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2010-10-22 11:43 . 2010-10-22 11:43 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-10-22 11:43 . 2010-10-22 11:43 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-10-19 18:41 . 2010-10-30 00:19 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-05 21:47 . 2010-09-30 00:21 129024 ----a-w- c:\program files\Common Files\Uninstall.exe
2010-09-16 12:09 . 2010-09-16 12:09 27432 ------w- c:\windows\system32\drivers\ElbyCDIO.sys
2010-09-15 21:19 . 2010-09-15 21:19 89256 ------w- c:\windows\system32\ElbyCDIO.dll
2010-09-13 13:56 . 2010-10-29 23:10 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 18:17 . 2010-09-08 18:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 18:17 . 2010-09-08 18:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 06:01 . 2010-10-29 23:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57 . 2010-10-29 23:37 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57 . 2010-10-29 23:37 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56 . 2010-10-29 23:37 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56 . 2010-10-29 23:37 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04 . 2010-10-29 23:37 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26 . 2010-10-29 23:37 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25 . 2010-10-29 23:37 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:20 . 2010-10-30 01:03 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19 . 2010-10-30 01:03 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-06 13:45 . 2010-10-30 01:03 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-09-06 13:45 . 2010-10-30 01:03 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-06 13:45 . 2010-10-30 01:03 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-11-12 16:51 917744 ----a-w- c:\program files\kikin\ie_kikin.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2010-11-12 4608]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-14 1688872]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"Google Update"="c:\users\admin\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-12-03 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-17 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-17 81920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-07 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\DRIVERS\swvnic.sys [2009-03-05 21016]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-11 716272]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\SYMDS.SYS [2010-02-04 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\SYMEFA.SYS [2010-04-22 173104]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [2010-11-23 691248]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\ccHPx86.sys [2010-02-26 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101130.001\IDSvix86.sys [2010-10-19 353840]
S1 SWIPsec;SonicWALL IPsec Driver;c:\windows\system32\Drivers\SWIPsec.sys [2009-03-06 87064]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS [2010-05-06 339504]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-27 176128]
S2 N360;Norton 360;c:\program files\Norton 360\Norton 360\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]
S2 SWGVCSvc;SonicWALL Global VPN Client Service;c:\program files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [2009-03-06 227352]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-27 6573568]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-27 229888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-11-02 102448]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 30576]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1359485384-3737201983-1324802995-1000Core.job
- c:\users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-03 01:45]

2010-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1359485384-3737201983-1324802995-1000UA.job
- c:\users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-03 01:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\fdi9ug62.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\users\admin\AppData\Roaming\Mozilla\plugins\npicaN.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-04 22:12
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-12-04 22:14:35
ComboFix-quarantined-files.txt 2010-12-05 06:14

Pre-Run: 170,058,649,600 bytes free
Post-Run: 170,096,394,240 bytes free

- - End Of File - - 0A60143F6710B9AA0210210EBC6E36E7

 

[Broni]

Combofix log looks fine.

How is computer doing?

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[nikkhasnsi]

OTL.txt

OTL logfile created on: 12/5/2010 9:45:32 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\admin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 145.85 Gb Free Space | 65.47% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.76 Gb Free Space | 47.64% Space Free | Partition Type: NTFS
Drive G: | 7.73 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: HOME | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/05 09:43:27 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
PRC - [2010/11/30 15:02:35 | 000,991,800 | ---- | M] (Google Inc.) -- C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/10/27 02:51:56 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/10/27 02:51:28 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/20 14:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2010/02/25 16:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Norton 360\Engine\4.3.0.5\ccsvchst.exe
PRC - [2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/07 08:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/03/05 22:57:56 | 000,227,352 | ---- | M] (SonicWALL, Inc.) -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/17 14:14:48 | 000,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/04/17 14:14:00 | 000,098,616 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2007/12/13 19:10:56 | 001,688,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007/10/10 19:51:56 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2007/08/23 14:05:00 | 000,045,056 | ---- | M] () -- C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
PRC - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe
PRC - [2007/05/28 08:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2005/10/02 18:56:04 | 000,038,400 | ---- | M] () -- C:\Program Files\ABC\abc.exe


========== Modules (SafeList) ==========

MOD - [2010/12/05 09:43:27 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
MOD - [2010/11/29 18:00:39 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll
MOD - [2010/11/29 18:00:39 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll
MOD - [2010/09/20 11:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Norton 360\Engine\4.3.0.5\asoehook.dll
MOD - [2010/08/31 07:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/27 02:51:28 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/20 14:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/25 16:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Norton 360\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2009/09/24 17:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/03/05 22:57:56 | 000,227,352 | ---- | M] (SonicWALL, Inc.) [Auto | Running] -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe -- (SWGVCSvc)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/17 14:14:48 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/01/20 18:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/23 14:05:00 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\MagicTune Premium\MagicTuneEngine.exe -- (MagicTuneEngine)
SRV - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2007/05/28 08:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\admin\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/11/22 18:20:07 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101123.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/11/11 08:04:43 | 000,716,272 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/11/01 22:04:34 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101204.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/11/01 22:04:34 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101204.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/11/01 22:04:33 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/11/01 22:04:33 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/11/01 22:02:25 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/10/27 03:59:16 | 006,573,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/10/27 02:14:04 | 000,229,888 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/10/19 12:36:22 | 000,353,840 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101130.001\IDSvix86.sys -- (IDSVix86)
DRV - [2010/09/16 04:09:44 | 000,027,432 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2010/05/20 14:27:24 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/05/06 01:21:36 | 000,105,488 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010/05/05 20:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/04/28 21:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 19:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 18:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 18:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 16:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)
DRV - [2010/02/03 17:40:47 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/04/10 20:42:56 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/03/05 22:58:12 | 000,087,064 | ---- | M] (SonicWALL, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SWIPsec.sys -- (SWIPsec)
DRV - [2009/03/04 17:03:32 | 000,021,016 | ---- | M] (SonicWALL, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWVNIC.sys -- (SWVNIC)
DRV - [2008/11/16 17:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008/11/11 12:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 12:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 12:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/01/20 18:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 18:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 18:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 18:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 18:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 18:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 18:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 18:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008/01/20 18:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 18:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 18:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 18:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 18:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 18:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 18:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 18:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 18:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 18:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 18:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 18:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 18:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 18:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 18:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 18:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/09/17 08:07:00 | 007,624,192 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/02/15 16:56:49 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2006/11/02 01:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 01:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 01:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 01:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 01:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 01:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 01:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 01:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 01:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 01:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 00:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 00:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 00:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 00:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 00:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 00:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/01 23:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/02/20 19:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\ [2010/11/04 08:42:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\ [2010/11/01 22:02:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/23 18:29:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/23 18:29:41 | 000,000,000 | ---D | M]

[2010/11/23 18:30:01 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Mozilla\Extensions
[2010/12/01 21:38:37 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\fdi9ug62.default\extensions
[2010/11/26 16:09:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\fdi9ug62.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/01 21:38:38 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\fdi9ug62.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/12/01 18:25:47 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\fdi9ug62.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2010/12/01 21:44:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/01 21:44:24 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

O1 HOSTS File: ([2010/12/04 22:12:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Norton 360\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe ()
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/08/21 05:52:11 | 000,000,027 | R--- | M] () - G:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\divx.dll (DivXNetworks, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/12/05 09:43:29 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2010/12/04 23:49:46 | 000,000,000 | ---D | C] -- C:\Windows\TEMP
[2010/12/04 22:22:59 | 000,000,000 | ---D | C] -- C:\Movies
[2010/12/04 22:14:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/12/04 22:06:11 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/12/04 22:06:11 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/12/04 22:06:11 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/12/04 22:05:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/04 22:05:56 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/12/04 22:05:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/04 22:05:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/12/04 16:28:07 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\My Games
[2010/12/04 12:08:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/12/03 22:17:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive
[2010/12/03 22:17:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2010/12/03 21:59:15 | 000,000,000 | ---D | C] -- C:\Program Files\Volition Inc
[2010/12/03 17:05:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2010/12/03 12:04:09 | 000,000,000 | ---D | C] -- C:\ProgramData\TheFallTrilogy
[2010/12/02 17:45:38 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Google
[2010/12/02 17:45:12 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Deployment
[2010/12/02 17:45:12 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Apps
[2010/12/01 21:44:57 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\skypePM
[2010/12/01 21:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/12/01 21:44:01 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/12/01 21:44:00 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Skype
[2010/12/01 21:43:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/12/01 21:40:06 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Yahoo
[2010/12/01 21:38:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010/12/01 21:38:22 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Yahoo!
[2010/12/01 21:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2010/12/01 21:37:21 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/12/01 19:04:21 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\ATI
[2010/12/01 19:04:21 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\ATI
[2010/12/01 19:04:21 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010/12/01 18:58:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2010/12/01 18:57:33 | 000,052,736 | ---- | C] (AMD) -- C:\Windows\System32\coinst.dll
[2010/12/01 18:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/12/01 18:56:46 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/12/01 18:25:46 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\kikin
[2010/12/01 18:25:46 | 000,000,000 | ---D | C] -- C:\Program Files\kikin
[2010/12/01 18:25:37 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\OpenCandy
[2010/12/01 18:25:34 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\OpenCandy
[2010/12/01 18:25:32 | 000,000,000 | ---D | C] -- C:\Program Files\Phyxion.net
[2010/12/01 18:23:13 | 000,000,000 | ---D | C] -- C:\Program Files\oZone3D
[2010/12/01 08:53:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/11/30 19:22:30 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/11/30 19:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/11/29 18:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/29 18:07:33 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\WinRAR
[2010/11/29 18:07:06 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/11/28 18:40:01 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes
[2010/11/28 18:39:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/27 13:20:55 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/11/27 13:20:40 | 000,000,000 | ---D | C] -- C:\Intel
[2010/11/26 20:57:43 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\.ABC
[2010/11/26 20:56:48 | 000,000,000 | ---D | C] -- C:\Program Files\ABC
[2010/11/26 20:27:59 | 000,000,000 | ---D | C] -- C:\Windows\The Fall Trilogy
[2010/11/26 20:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\The Fall Trilogy
[2010/11/26 17:48:10 | 000,000,000 | ---D | C] -- C:\Program Files\Youdagames
[2010/11/26 17:40:48 | 000,000,000 | ---D | C] -- C:\Program Files\Roads of Rome
[2010/11/26 16:24:37 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Realore_Whiterra Roads Of Rome
[2010/11/26 16:24:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Youdagames
[2010/11/25 19:15:00 | 000,000,000 | ---D | C] -- C:\Windows\Youda Marina
[2010/11/25 19:15:00 | 000,000,000 | ---D | C] -- C:\Program Files\Youda Marina
[2010/11/23 18:29:48 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Mozilla
[2010/11/23 18:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/11/23 18:06:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\vmm32
[2010/11/23 18:06:13 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2010/11/17 18:17:17 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Ahead
[2010/11/17 18:15:53 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Nero
[2010/11/17 18:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010/11/17 18:13:00 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010/11/17 18:12:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2010/11/14 20:24:00 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2010/11/14 20:23:28 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/11/14 19:03:32 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\AVS4YOU
[2010/11/14 18:11:47 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\Pavtube
[2010/11/14 18:11:47 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Pavtube
[2010/11/14 18:09:52 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\GetRightToGo
[2010/11/14 18:05:14 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\Emicsoft Studio
[2010/11/14 15:17:09 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\AVS4YOU
[2010/11/14 15:17:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2010/11/14 15:14:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2010/11/14 15:14:32 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2010/11/14 15:13:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVS Video Converter
[2010/11/14 14:49:12 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\CrashDumps
[2010/11/14 13:41:45 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
[2010/11/14 13:28:09 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Moyea
[2010/11/14 13:28:07 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\Leawo
[2010/11/14 13:28:07 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\leawo
[2010/11/14 13:28:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Leawo
[2010/11/14 13:02:26 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/11/14 13:02:20 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010/11/14 12:53:42 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Panasonic
[2010/11/14 12:53:35 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\ArcSoft
[2010/11/14 12:51:42 | 000,011,776 | ---- | C] (Arcsoft, Inc.) -- C:\Windows\System32\drivers\afc.sys
[2010/11/14 12:51:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2010/11/14 12:51:31 | 000,126,976 | ---- | C] (ArcSoft Inc.) -- C:\Windows\System32\MediaImpression Slideshow.scr
[2010/11/14 12:51:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\MediaImpression Slideshow
[2010/11/14 12:50:58 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2010/11/14 12:48:05 | 000,033,408 | ---- | C] (B.H.A Corporation) -- C:\Windows\System32\drivers\cdrbsdrv.sys
[2010/11/14 12:48:04 | 000,145,504 | ---- | C] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe
[2010/11/14 12:48:04 | 000,059,488 | ---- | C] (B.H.A Corporation) -- C:\Windows\System32\GenSvcInst.exe
[2010/11/14 12:47:22 | 000,045,056 | ---- | C] (Matsushita Electric Industrial Co., Ltd.) -- C:\Windows\System32\PhDi2.sys
[2010/11/14 12:47:17 | 000,000,000 | ---D | C] -- C:\Program Files\Panasonic
[2010/11/14 12:39:21 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\bitpim
[2010/11/14 12:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\BitPim
[2010/11/13 16:18:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Elaborate Bytes
[2010/11/12 16:34:07 | 000,000,000 | ---D | C] -- C:\Program Files\CloneDVD2
[2010/11/12 15:28:38 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\DVDFab
[2010/11/12 15:16:44 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\admin\AppData\Roaming\pcouffin.sys
[2010/11/12 15:16:44 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Vso
[2010/11/12 15:16:44 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\PcSetup
[2010/11/12 15:16:35 | 000,000,000 | ---D | C] -- C:\Program Files\DVDFab 8
[2010/11/12 14:52:51 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft
[2010/11/12 14:39:07 | 000,334,792 | ---- | C] (Alcohol Soft Development Team) -- C:\Windows\System32\_AxShlEx.dll
[2010/11/12 14:35:25 | 000,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft
[2010/11/11 08:01:05 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\AnyDVDHD
[2010/11/11 07:45:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft
[2010/11/11 07:40:15 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Adobe
[2010/11/11 07:39:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/11/11 07:39:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/11/11 07:39:14 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/11/10 17:43:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2010/11/07 14:35:24 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Microsoft Games
[2010/11/06 10:11:19 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Apple Computer
[2010/11/06 10:11:18 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Apple Computer
[2010/11/06 10:09:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/11/06 10:09:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/11/06 10:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/11/06 09:56:42 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/11/06 09:56:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/11/06 09:56:29 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Apple
[2010/11/06 09:56:26 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/11/06 09:53:57 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/11/06 09:53:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/11/06 09:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/11/05 12:51:41 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Epson
[2010/11/05 10:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2010/11/05 10:15:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2010/11/05 10:11:24 | 000,000,000 | ---D | C] -- C:\Program Files\Epson Software
[2010/11/05 10:10:37 | 000,000,000 | ---D | C] -- C:\Program Files\epson
[2010/11/05 10:04:14 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2010/09/29 16:21:30 | 000,129,024 | ---- | C] (Fp6t7DQi84YsPx2m1S0) -- C:\Program Files\Common Files\Uninstall.exe

 

[nikkhasnsi]

OTl.txt (cont)

========== Files - Modified Within 30 Days ==========

[2010/12/05 09:46:15 | 001,827,150 | ---- | M] () -- C:\Windows\System32\drivers\N360\0403000.005\Cat.DB
[2010/12/05 09:43:31 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/12/05 09:43:27 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2010/12/05 09:43:23 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/05 09:43:23 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/05 09:37:08 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/05 09:37:07 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/05 09:37:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/05 09:37:01 | 3485,667,328 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/05 00:50:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1359485384-3737201983-1324802995-1000UA.job
[2010/12/04 23:36:43 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/12/04 23:36:42 | 000,040,448 | ---- | M] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/04 22:12:39 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/12/04 21:56:07 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1359485384-3737201983-1324802995-1000Core.job
[2010/12/04 15:54:07 | 000,013,415 | ---- | M] () -- C:\Users\admin\Desktop\x3daudio1_7.zip
[2010/12/04 13:38:21 | 000,017,963 | ---- | M] () -- C:\Users\admin\Desktop\5570.gif
[2010/12/03 18:07:18 | 000,000,993 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Alcohol 120%.lnk
[2010/12/02 18:00:11 | 371,780,828 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/12/02 17:46:33 | 000,002,006 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/02 17:41:12 | 053,123,856 | ---- | M] () -- C:\Users\admin\Desktop\avira_antivir_personal_en.exe
[2010/12/01 21:44:58 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010/12/01 21:44:02 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/12/01 21:38:04 | 000,000,968 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/12/01 18:58:16 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2010/12/01 18:57:53 | 000,001,356 | ---- | M] () -- C:\Users\admin\AppData\Local\d3d9caps.dat
[2010/12/01 18:14:08 | 000,000,280 | ---- | M] () -- C:\Windows\System32\.crusader
[2010/11/27 13:00:13 | 016,776,864 | ---- | M] () -- C:\Users\admin\Desktop\R167384.EXE
[2010/11/27 12:59:39 | 003,892,272 | ---- | M] () -- C:\Users\admin\Desktop\CW1337A0.exe
[2010/11/27 12:59:28 | 002,192,630 | ---- | M] () -- C:\Users\admin\Desktop\R154069.exe
[2010/11/26 20:26:35 | 000,000,083 | -HS- | M] () -- C:\ProgramData\.zreglib
[2010/11/26 16:24:19 | 000,000,552 | ---- | M] () -- C:\Users\admin\AppData\Local\d3d8caps.dat
[2010/11/23 18:29:44 | 000,001,750 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/23 18:29:44 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/11/17 18:16:59 | 000,002,536 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2010/11/17 18:16:59 | 000,002,438 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk
[2010/11/17 18:15:19 | 000,001,024 | ---- | M] () -- C:\Users\admin\.rnd
[2010/11/15 17:51:47 | 000,232,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/11/14 13:41:53 | 000,000,026 | ---- | M] () -- C:\UpdaterforApp.ini
[2010/11/14 13:09:12 | 000,000,940 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/11/12 15:16:44 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\admin\AppData\Roaming\pcouffin.sys
[2010/11/12 15:16:44 | 000,007,887 | ---- | M] () -- C:\Users\admin\AppData\Roaming\pcouffin.cat
[2010/11/12 15:16:44 | 000,001,144 | ---- | M] () -- C:\Users\admin\AppData\Roaming\pcouffin.inf
[2010/11/12 15:16:42 | 000,000,766 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab 8.lnk
[2010/11/11 08:04:43 | 000,716,272 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys
[2010/11/11 07:39:25 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\Windows\MBR.exe
[2010/11/05 10:10:42 | 000,000,767 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2010/11/05 09:49:23 | 000,002,316 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk

========== Files Created - No Company Name ==========

[2010/12/04 22:34:46 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/12/04 22:06:11 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/04 22:06:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/04 22:06:11 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/04 22:06:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/04 22:06:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/04 15:54:13 | 000,013,415 | ---- | C] () -- C:\Users\admin\Desktop\x3daudio1_7.zip
[2010/12/04 13:38:21 | 000,017,963 | ---- | C] () -- C:\Users\admin\Desktop\5570.gif
[2010/12/03 18:07:18 | 000,000,993 | ---- | C] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Alcohol 120%.lnk
[2010/12/02 17:46:32 | 000,002,006 | ---- | C] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/02 17:45:43 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1359485384-3737201983-1324802995-1000UA.job
[2010/12/02 17:45:41 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1359485384-3737201983-1324802995-1000Core.job
[2010/12/02 17:41:10 | 053,123,856 | ---- | C] () -- C:\Users\admin\Desktop\avira_antivir_personal_en.exe
[2010/12/01 21:44:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/01 21:44:02 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/12/01 21:38:03 | 000,000,968 | ---- | C] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/12/01 19:01:18 | 3485,667,328 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/01 18:58:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/12/01 18:14:08 | 000,000,280 | ---- | C] () -- C:\Windows\System32\.crusader
[2010/11/30 19:22:31 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/11/27 13:00:13 | 016,776,864 | ---- | C] () -- C:\Users\admin\Desktop\R167384.EXE
[2010/11/27 12:59:34 | 003,892,272 | ---- | C] () -- C:\Users\admin\Desktop\CW1337A0.exe
[2010/11/27 12:59:22 | 002,192,630 | ---- | C] () -- C:\Users\admin\Desktop\R154069.exe
[2010/11/26 16:24:19 | 000,000,552 | ---- | C] () -- C:\Users\admin\AppData\Local\d3d8caps.dat
[2010/11/23 18:37:05 | 000,009,596 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2010/11/23 18:29:44 | 000,001,750 | ---- | C] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/23 18:29:43 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/11/23 18:17:33 | 371,780,828 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/11/20 19:06:43 | 000,001,356 | ---- | C] () -- C:\Users\admin\AppData\Local\d3d9caps.dat
[2010/11/17 18:16:59 | 000,002,536 | ---- | C] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2010/11/17 18:16:59 | 000,002,438 | ---- | C] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk
[2010/11/17 18:15:17 | 000,001,024 | ---- | C] () -- C:\Users\admin\.rnd
[2010/11/14 13:41:53 | 000,000,026 | ---- | C] () -- C:\UpdaterforApp.ini
[2010/11/14 13:27:22 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/11/14 13:09:12 | 000,000,940 | ---- | C] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/11/14 12:49:50 | 000,006,442 | ---- | C] () -- C:\Windows\System32\EPPICLocal_IT.cfg
[2010/11/14 12:49:50 | 000,006,335 | ---- | C] () -- C:\Windows\System32\EPPICLocal_GE.cfg
[2010/11/14 12:49:50 | 000,006,122 | ---- | C] () -- C:\Windows\System32\EPPICLocal_DU.cfg
[2010/11/14 12:49:50 | 000,005,817 | ---- | C] () -- C:\Windows\System32\EPPICLocal_KO.cfg
[2010/11/14 12:49:50 | 000,005,436 | ---- | C] () -- C:\Windows\System32\EPPICLocal_SC.cfg
[2010/11/14 12:49:50 | 000,002,889 | ---- | C] () -- C:\Windows\System32\EPPICLocal_RU.cfg
[2010/11/14 12:49:50 | 000,002,426 | ---- | C] () -- C:\Windows\System32\EPPICLocal_TC.cfg
[2010/11/14 12:49:50 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010/11/14 12:49:50 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010/11/14 12:49:50 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010/11/12 15:17:18 | 000,000,034 | ---- | C] () -- C:\Users\admin\AppData\Roaming\pcouffin.log
[2010/11/12 15:16:44 | 000,007,887 | ---- | C] () -- C:\Users\admin\AppData\Roaming\pcouffin.cat
[2010/11/12 15:16:44 | 000,001,144 | ---- | C] () -- C:\Users\admin\AppData\Roaming\pcouffin.inf
[2010/11/12 15:16:42 | 000,000,766 | ---- | C] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab 8.lnk
[2010/11/12 15:00:12 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/11/11 08:04:43 | 000,716,272 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010/11/11 07:39:24 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010/11/10 17:41:32 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2010/11/10 17:41:32 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2010/11/10 17:41:32 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2010/11/05 10:11:20 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010/11/05 10:11:20 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010/11/05 10:11:20 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010/11/05 10:11:20 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010/11/05 10:11:20 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010/11/05 10:11:20 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010/11/05 10:11:20 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010/11/05 10:11:20 | 000,013,732 | ---- | C] () -- C:\Windows\System32\EPPICLocal_EN.cfg
[2010/11/05 10:11:20 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010/11/05 10:11:20 | 000,006,347 | ---- | C] () -- C:\Windows\System32\EPPICLocal_PT.cfg
[2010/11/05 10:11:20 | 000,006,347 | ---- | C] () -- C:\Windows\System32\EPPICLocal_BP.cfg
[2010/11/05 10:11:20 | 000,006,195 | ---- | C] () -- C:\Windows\System32\EPPICLocal_FR.cfg
[2010/11/05 10:11:20 | 000,006,195 | ---- | C] () -- C:\Windows\System32\EPPICLocal_CF.cfg
[2010/11/05 10:11:20 | 000,006,103 | ---- | C] () -- C:\Windows\System32\EPPICLocal_ES.cfg
[2010/11/05 10:11:20 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010/11/05 10:11:20 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010/11/05 10:11:20 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010/11/05 10:11:20 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010/11/05 10:11:20 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010/11/05 10:11:20 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010/11/05 10:11:20 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010/11/05 10:11:20 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/11/05 10:10:42 | 000,000,767 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2010/10/29 18:40:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/10/29 15:50:56 | 000,040,448 | ---- | C] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/27 02:13:04 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2009/08/07 19:51:34 | 000,178,430 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2010/11/28 18:13:36 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\.ABC
[2010/11/05 13:25:33 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Epson
[2010/11/14 18:11:24 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\GetRightToGo
[2010/12/01 18:25:56 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\kikin
[2010/11/14 13:28:09 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\leawo
[2010/11/14 13:28:09 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Moyea
[2010/12/01 18:25:34 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\OpenCandy
[2010/11/14 12:53:43 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Panasonic
[2010/11/14 18:11:47 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Pavtube
[2010/11/12 15:17:18 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Vso
[2010/12/03 12:01:27 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\YoudaGames
[2010/12/05 01:07:46 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 13:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 22:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2010/10/29 13:44:51 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010/12/04 22:14:36 | 000,024,287 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 13:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/03/12 00:28:03 | 000,004,795 | RH-- | M] () -- C:\dell.sdr
[2010/12/05 09:37:01 | 3485,667,328 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/06 14:00:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/06 14:00:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/12/05 09:37:00 | 3801,366,528 | -HS- | M] () -- C:\pagefile.sys
[2010/11/14 13:41:53 | 000,000,026 | ---- | M] () -- C:\UpdaterforApp.ini

< %systemroot%\Fonts\*.com >
[2006/11/02 04:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 04:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 04:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/10/29 18:53:33 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 13:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 04:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 18:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 19:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 19:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 19:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 02:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 02:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/11/14 13:41:27 | 000,000,928 | -HS- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/12/02 17:41:12 | 053,123,856 | ---- | M] () -- C:\Users\admin\Desktop\avira_antivir_personal_en.exe
[2010/11/27 12:59:39 | 003,892,272 | ---- | M] () -- C:\Users\admin\Desktop\CW1337A0.exe
[2010/12/05 09:43:27 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2010/11/27 12:59:28 | 002,192,630 | ---- | M] () -- C:\Users\admin\Desktop\R154069.exe
[2010/11/27 13:00:13 | 016,776,864 | ---- | M] () -- C:\Users\admin\Desktop\R167384.EXE

< %PROGRAMFILES%\Common Files\*.* >
[2010/10/05 13:47:54 | 000,129,024 | ---- | M] (Fp6t7DQi84YsPx2m1S0) -- C:\Program Files\Common Files\Uninstall.exe

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2010/11/23 18:39:53 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2010/11/23 18:39:23 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2010/11/23 18:39:23 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2010/11/23 18:39:23 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2010/11/23 18:39:23 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
[2010/11/23 18:39:23 | 001,056,768 | ---- | M] (NVIDIA Corporation) -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/11/14 13:41:30 | 000,000,402 | -HS- | M] () -- C:\Users\admin\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/11/26 20:26:35 | 000,000,083 | -HS- | M] () -- C:\ProgramData\.zreglib

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_PVX2VCGFMVF9FFN4TK1RVLNGCMLLJG7JYKLPYUKVM9VMVFVVR4TP
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_PVX2V6GFMVF9KFNYTKBRVLNGCMPVJDKJ9F11HELPS9UTTAWNNJ2VL1J55TYFXM4CFLLP5T68H06VCEVXGVMVK5VRJKT
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E9DC8DCB
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:FFE0B1EF

< End of report >

 

[nikkhasnsi]

Extra.txt

OTL Extras logfile created on: 12/5/2010 9:45:32 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\admin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 145.85 Gb Free Space | 65.47% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.76 Gb Free Space | 47.64% Space Free | Partition Type: NTFS
Drive G: | 7.73 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: HOME | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03531DFA-6ADC-44BC-93A9-18B41DBA2DF7}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{08C5657B-A983-4FCD-85EC-1443A8122E63}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{176A7037-0511-44D9-8D7E-42C8A4AD1437}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{1AA8469B-B1EA-47EF-8BB9-E67D0B090F1B}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{271634F4-3370-46A0-9874-5E6B283B0EAF}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{36BBC98F-F398-4E0F-809D-616C8B89BF8C}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{3B7CC63C-19FF-4DEC-B8DF-A20807F40CA5}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{404A8008-686D-4EE3-BFC2-514B56032B9D}" = protocol=17 | dir=in | app=c:\program files\sonicwall\sonicwall global vpn client\swgvc.exe |
"{477B6B93-7D06-4690-B0FA-194F5CA7E3C1}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{539E7823-D429-402C-B6D5-A764A2897ED4}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{66BDB4C5-DB58-46E7-94F7-F8A6F3CF9746}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{684D6D40-8A4B-403A-8B8C-B9A6758F885E}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{839F989F-85CC-4A3B-9218-0295C58A08A4}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{9368A231-41A8-4D68-9012-D1EA6C535446}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{A1FA78F7-8139-46A0-853A-5832DB53995A}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{ACCAFAEB-0229-4AEE-9FC5-842308F9DA1F}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{CA24283A-639B-46D3-A083-03036086F17A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CE2BAE7F-8FE8-45EE-A157-929D416E0B75}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D8F68515-6F41-4E7D-B180-33784A8A58FD}" = protocol=6 | dir=in | app=c:\program files\sonicwall\sonicwall global vpn client\swgvc.exe |
"{D9B63DF6-D05E-4B1A-AD11-6DA3194E7171}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{E99D8923-EF00-46EF-9FF0-37DC89198A88}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{F0009A31-34D5-4237-9BB5-B3EE46B9828A}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00FE2654-4377-8F53-55F4-83B70EE44C73}" = CCC Help Dutch
"{01DD9D3D-FA8A-E148-008D-5CDF1BE8911F}" = CCC Help Korean
"{02F5BD83-B529-37E3-B5DF-32ABC7EC63C4}" = ccc-core-static
"{072224C5-0C98-0902-9A71-89D4A8F3E810}" = CCC Help Thai
"{1229D58B-9185-4F85-71B2-4B34EBF8AD17}" = CCC Help Italian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = oZone3D.Net FurMark v1.8.2
"{27C6CB2E-415B-6020-91FC-BA5CE3B912AC}" = CCC Help Russian
"{29656550-8463-258C-55BA-5C4F7950DBDE}" = CCC Help Portuguese
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{40624553-811E-400E-B69B-38D8926A66BD}" = SonicWALL Global VPN Client
"{41B21B1F-950E-13FC-57C7-2AC44B196223}" = Catalyst Control Center Graphics Previews Vista
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{48D5DBBA-7B60-B832-59DB-BE252C2E5A23}" = CCC Help Finnish
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{490F45FA-738D-5D4A-6B9D-DC1373ACF794}" = CCC Help Polish
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{53AFCE35-1653-91F4-8991-900731F32111}" = CCC Help Norwegian
"{568EF3B9-C672-E82A-BCD4-A88072578521}" = CCC Help Swedish
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper version 2.5.0
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{654733F2-22EC-776F-9C2D-CF3C4F578768}" = CCC Help Danish
"{67ABC7E8-A241-F90D-0B04-5BB03428AF96}" = CCC Help Greek
"{6AA30800-F713-BB43-EDA2-1C380FE7FD63}" = Catalyst Control Center Localization All
"{6F235FE4-8EC6-3FAB-1739-A434BFE76E27}" = CCC Help Chinese Standard
"{7042FC7D-ED2E-4C93-B3AA-63D117D31033}" = Nero 8
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7DCB635C-D999-9496-A6D1-AAABD23A04FD}" = ATI AVIVO Codecs
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85090727-99E2-F1DC-1589-83D5AC986F3E}" = CCC Help Spanish
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO HD Edition
"{9EEA437C-F436-755C-6B39-1840A33F45CF}" = Catalyst Control Center InstallProxy
"{A05EF3DC-AAFA-6903-433D-0F383F5F4EC3}" = CCC Help German
"{A317EF8E-66FB-94B6-C4FA-96A0AED1AB2F}" = CCC Help Chinese Traditional
"{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1
"{B2AF5585-FACF-7760-5C68-F2DC6BBACE47}" = CCC Help Czech
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{BCA434F2-A541-F63E-890C-F5D14E5B33D0}" = CCC Help English
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4406DB6-A28D-8047-7704-94A8DE7F6A68}" = CCC Help Hungarian
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5134D14-A38D-A217-4310-5C8B6DFA08D0}" = HydraVision
"{D6044256-A309-43B5-9833-D3FAFE2AD24D}" = MagicTune Premium
"{D79E2563-3FDD-0A62-187A-5BE5F920F317}" = CCC Help Turkish
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin plugin 2.8
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F538505D-D29C-6259-682C-E607D659B4B4}" = Catalyst Control Center Graphics Previews Common
"{F768C380-A17C-B2DE-77CC-AB35434BE818}" = ccc-utility
"{F820F894-EC5F-D52A-F862-5B472EAFE69A}" = CCC Help French
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.7
"{FBD77AF9-B6DA-7383-14D8-FDC7CEBD2ADC}" = ATI Catalyst Install Manager
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FFB4E67D-DEF9-30BC-39F6-E9C1B05539F9}" = CCC Help Japanese
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"ABC" = ABC (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVS Screen Capture_is1" = AVS Screen Capture version 1.1.2
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 5
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CloneDVD2" = CloneDVD2
"DivX Codec" = DivX Codec
"DVDFab 8_is1" = DVDFab 8.0.0.5 (25/08/2010)
"EPSON Scanner" = EPSON Scan
"EPSON WorkForce 610 Series" = EPSON WorkForce 610 Series Printer Uninstall
"HitmanPro35" = Hitman Pro 3.5
"InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"N360" = Norton 360
"NVIDIA Drivers" = NVIDIA Drivers
"The Fall Trilogy1.0" = The Fall Trilogy
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"Youda Marina1.01" = Youda Marina
"Youda Survivor 1.00" = Youda Survivor 1.00

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/4/2010 2:17:20 AM | Computer Name = HOME | Source = System Restore | ID = 8193
Description =

Error - 12/4/2010 2:17:51 AM | Computer Name = HOME | Source = System Restore | ID = 8193
Description =

Error - 12/4/2010 1:53:19 PM | Computer Name = HOME | Source = WinMgmt | ID = 10
Description =

Error - 12/4/2010 4:05:03 PM | Computer Name = HOME | Source = System Restore | ID = 8193
Description =

Error - 12/4/2010 4:14:38 PM | Computer Name = HOME | Source = WinMgmt | ID = 10
Description =

Error - 12/4/2010 7:54:33 PM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application metro2033.exe, version 1.0.0.1, time stamp 0x4b912b1f,
faulting module X3DAudio1_7.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000135, fault offset 0x00009eed, process id 0x16f4, application
start time 0x01cb940e4e448e80.

Error - 12/4/2010 7:54:45 PM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application metro2033.exe, version 1.0.0.1, time stamp 0x4b912b1f,
faulting module metro2033.exe, version 1.0.0.1, time stamp 0x4b912b1f, exception
code 0xc0000005, fault offset 0x004b164f, process id 0x1364, application start time
0x01cb940e9d88daa0.

Error - 12/4/2010 8:22:48 PM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application metro2033.exe, version 1.0.0.1, time stamp 0x4b912b1f,
faulting module metro2033.exe, version 1.0.0.1, time stamp 0x4b912b1f, exception
code 0xc0000005, fault offset 0x003e4f0f, process id 0x176c, application start time
0x01cb9412884cb590.

Error - 12/5/2010 3:05:46 AM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application abc.exe, version 0.0.0.0, time stamp 0x431f03f4,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x5be9d84d, process id 0x1024, application start time 0x01cb944a8e9fbfe0.

Error - 12/5/2010 1:38:43 PM | Computer Name = HOME | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 11/6/2010 2:06:32 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7022
Description =

Error - 11/6/2010 2:08:40 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7031
Description =

Error - 11/7/2010 1:25:36 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7022
Description =

Error - 11/11/2010 11:37:33 AM | Computer Name = HOME | Source = WinDefend | ID = 3006
Description = %%827 Real-Time Protection agent has encountered an error when taking
action on spyware or other potentially unwanted software. For more information please
see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Alureon.V&threatid=152591

Scan
ID: {69AE1CF8-F88B-4487-9AF4-1D5FC3623094} User: HOME\admin Name: TrojanDropper:Win32/Alureon.V

ID:
152591 Severity ID: 5 Category ID: 37 Path: Alert Type: %%805 Action: %%811 Error Code:
0x80508025 Error description: To see how to finish removing spyware and other potentially
unwanted software, see this support article on the Microsoft Security website.

Error - 11/11/2010 11:40:12 AM | Computer Name = HOME | Source = DCOM | ID = 10005
Description =

Error - 11/11/2010 11:40:12 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7009
Description =

Error - 11/11/2010 11:40:12 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7000
Description =

Error - 11/11/2010 12:02:49 PM | Computer Name = HOME | Source = WinDefend | ID = 3006
Description = %%827 Real-Time Protection agent has encountered an error when taking
action on spyware or other potentially unwanted software. For more information please
see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Alureon.V&threatid=152591

Scan
ID: {753E4E4C-2747-4B13-9037-77696AAF97FA} User: HOME\admin Name: TrojanDropper:Win32/Alureon.V

ID:
152591 Severity ID: 5 Category ID: 37 Path: Alert Type: %%805 Action: %%811 Error Code:
0x80508025 Error description: To see how to finish removing spyware and other potentially
unwanted software, see this support article on the Microsoft Security website.

Error - 11/12/2010 6:59:52 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7022
Description =

Error - 11/12/2010 7:13:09 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7022
Description =


< End of report >

 

[nikkhasnsi]

Combofix log looks fine.

How is computer doing?[/list]

Hitman Pro no longer gives the message and displays that no malware was found.

 

[Broni]

Good

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.

=====================================================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
  @Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_PVX2VCGFMVF9FFN4TK1RVLNGCMLLJG7JYKLPYUKVM9VMV FVVR4TP
  @Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_PVX2V6GFMVF9KFNYTKBRVLNGCMPVJDKJ9F11HELPS9UTT AWNNJ2VL1J55TYFXM4CFLLP5T68H06VCEVXGVMVK5VRJKT
  @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E9DC8DCB
  @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:FFE0B1EF
  
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

====================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• IMPORTANT! UN-check Remove found threats
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[nikkhasnsi]

JavaRa log

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sun Dec 05 16:27:59 2010

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

------------------------------------

Finished reporting.