Solved Have the redirect malware, cannot find it with scans/removers

V

VarusTech

Posts: 22   +0
Hello,

I have unfortunately gotten the redirect malware on my computer. The first symptoms began showing yesterday. Since then, I've taken several (and clumsy) approaches to removing it. I have Norton 360 and it informed me yesterday that a restart was needed to finish removing a security threat.

Since the restart I cannot open it, not even with task manager's "New Task" option. I downloaded Malwarebyte's Anti-malware and scanned my computer, but no dice. I also ran TDSSkiller.exe three times with no prevail. I tried scans with Spywaredoctor and Superantispyware but only removed a hundred or so tracking cookies.

These are the only steps I have taken to remedy the problem thus far besides leaving a few details at the "dedicated 2 viruses" website and posting here. I am thankful for any advice or details to help solve this issue.
 
MBAM and GMER logs

Here are the Malwarebytes and GMER logs. I was not able to download the DDS program from the link provided in the 5-step thread, all I get is a page with the address "about:blank" and nothing happens. Anyway, here are the other two logs:


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7622

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

11/12/2011 11:11:39 PM
mbam-log-2011-11-12 (23-11-39).txt

Scan type: Quick scan
Objects scanned: 202809
Time elapsed: 20 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-13 08:48:05
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3120814A rev.3.AAJ
Running: 8zhc3pzz.exe; Driver: C:\DOCUME~1\Daniel\LOCALS~1\Temp\uwroykow.sys


---- System - GMER 1.0.15 ----

SSDT 89941EF8 ZwAlertResumeThread
SSDT 8993A7E8 ZwAlertThread
SSDT 898D30F0 ZwAllocateVirtualMemory
SSDT 898F1038 ZwAssignProcessToJobObject
SSDT 898DAAA8 ZwConnectPort
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0x8A319D3E]
SSDT 89791F38 ZwCreateMutant
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x8A2E8C0C]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x8A2E8ED4]
SSDT 891402A8 ZwCreateSymbolicLinkObject
SSDT 89829ED8 ZwCreateThread
SSDT 8991B618 ZwDebugActiveProcess
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0x8A31A638]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0x8A31A950]
SSDT 89902B90 ZwDuplicateObject
SSDT 8986B718 ZwFreeVirtualMemory
SSDT 89916888 ZwImpersonateAnonymousToken
SSDT 89BC4008 ZwImpersonateThread
SSDT 89940E50 ZwLoadDriver
SSDT 8984BEE0 ZwMapViewOfSection
SSDT 89918418 ZwOpenEvent
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0x8A318EC2]
SSDT 89BE3008 ZwOpenProcess
SSDT 897B6F30 ZwOpenProcessToken
SSDT 8991A9A8 ZwOpenSection
SSDT 89919060 ZwOpenThread
SSDT 8931A468 ZwProtectVirtualMemory
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0x8A31AE1A]
SSDT 89966978 ZwResumeThread
SSDT 897B4FD0 ZwSetContextThread
SSDT 897E2EB8 ZwSetInformationProcess
SSDT 8991AFD0 ZwSetSystemInformation
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0x8A31A09E]
SSDT 89919738 ZwSuspendProcess
SSDT 8993E370 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0x8B47D640]
SSDT 897B34B8 ZwTerminateThread
SSDT 897B6CF0 ZwUnmapViewOfSection
SSDT 89886A38 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6BEE380, 0x8D6CD5, 0xE8000020]
.PAGE1 C:\WINDOWS\System32\DRIVERS\redbook.sys unknown last section [0xB78C2A00, 0x100, 0xC0000040]
? C:\WINDOWS\System32\DRIVERS\redbook.sys suspicious PE modification
? C:\DOCUME~1\Daniel\LOCALS~1\Temp\pcttProtect32.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[384] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 049500B3
.text C:\Program Files\Internet Explorer\iexplore.exe[384] kernel32.dll!VirtualProtectEx + 6E 7C801ACF 7 Bytes JMP 04950502
.text C:\Program Files\Internet Explorer\iexplore.exe[384] kernel32.dll!ReadProcessMemory + 3E 7C80220E 7 Bytes JMP 049502E0
.text C:\Program Files\Internet Explorer\iexplore.exe[384] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 0495044C
.text C:\Program Files\Internet Explorer\iexplore.exe[384] kernel32.dll!GetVersionExA + D3 7C812C51 7 Bytes JMP 049505B8
.text C:\Program Files\Internet Explorer\iexplore.exe[384] kernel32.dll!GetProcessHandleCount + 35 7C86229F 7 Bytes JMP 04950396
.text C:\Program Files\Internet Explorer\iexplore.exe[384] ole32.dll!CreateBindCtx + B5F 774FF14F 7 Bytes JMP 0495072C
.text C:\Program Files\Internet Explorer\iexplore.exe[384] ole32.dll!CoImpersonateClient + 51 775151F0 7 Bytes JMP 04950672
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1580] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FF0001
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1924] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F00001
.text C:\Program Files\Internet Explorer\iexplore.exe[2208] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 062C00B3
.text C:\Program Files\Internet Explorer\iexplore.exe[2208] kernel32.dll!VirtualProtectEx + 6E 7C801ACF 7 Bytes JMP 062C0502
.text C:\Program Files\Internet Explorer\iexplore.exe[2208] kernel32.dll!ReadProcessMemory + 3E 7C80220E 7 Bytes JMP 062C02E0
.text C:\Program Files\Internet Explorer\iexplore.exe[2208] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 062C044C
.text C:\Program Files\Internet Explorer\iexplore.exe[2208] kernel32.dll!GetVersionExA + D3 7C812C51 7 Bytes JMP 062C05B8
.text C:\Program Files\Internet Explorer\iexplore.exe[2208] kernel32.dll!GetProcessHandleCount + 35 7C86229F 7 Bytes JMP 062C0396
.text C:\Program Files\Internet Explorer\iexplore.exe[2208] ole32.dll!CreateBindCtx + B5F 774FF14F 7 Bytes JMP 062C072C
.text C:\Program Files\Internet Explorer\iexplore.exe[2208] ole32.dll!CoImpersonateClient + 51 775151F0 7 Bytes JMP 062C0672
.text C:\Program Files\Axantum\AxCrypt\AxCrypt.exe[2732] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01060001
.text C:\WINDOWS\system32\igfxsrvc.exe[3112] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01210001
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3344] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AC0001
.text C:\WINDOWS\system32\RunDLL32.exe[3352] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 015C0001
.text C:\WINDOWS\Explorer.EXE[3444] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 09750001
.text ...
.text C:\WINDOWS\system32\svchost.exe[5492] USER32.dll!DialogBoxIndirectParamAorW 7E4249D0 5 Bytes [33, C0, C2, 18, 00] {XOR EAX, EAX; RET 0x18}

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\PCToolsProtectInjDrv \Device\PCToolsProtectInjDrv pcttProtect32.sys

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\PCTSDInjDriver32 \Device\PCTSDInjDriver32 PCTSDInj32.sys (UM Injection Driver/PC Tools)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) B8555000-B855E000 (36864 bytes)
Module (noname) (*** hidden *** ) F7657000-F7665000 (57344 bytes)

---- Threads - GMER 1.0.15 ----

Thread System [4:128] B85593E0
Thread System [4:132] B85593E0
Thread System [4:136] 8980C330
Thread System [4:140] 8980C330

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\NetworkService\Cookies\CAGPQ76D.txt 2411 bytes
File C:\Documents and Settings\NetworkService\Cookies\CAIV6FS9.txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\CAOXNPKR.txt 5647 bytes
File C:\Documents and Settings\NetworkService\Cookies\CAS6OCJU.txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\CAYRGARD.txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\CAYZST2B.txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\CAZ1MUQ7.txt 2909 bytes
File C:\Documents and Settings\NetworkService\Cookies\CAZIB9AD.txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\CAL4WQJR.txt 423 bytes
File C:\Documents and Settings\NetworkService\Cookies\CAEFCHM7.txt 126 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\09ER4TAV\47c5424c-0c01-43f8-a898-8917f4f17ee8[1].htm 761 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\09ER4TAV\btr[1].css 49143 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\09ER4TAV\shares[1].json 105 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\09ER4TAV\iframe[1].htm 469 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\09ER4TAV\CAKZWRYJ.php 2510 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\09ER4TAV\glamadapt_jsrv[1].act 2784 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\09ER4TAV\ico-arrow[2].png 155 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\09ER4TAV\ico-email[1].png 1589 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\09ER4TAV\ico-twitter[1].png 1649 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\09ER4TAV\sprite1[1].png 117393 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\09ER4TAV\CACJL3F5.gif 35 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\09ER4TAV\decide[1].php 46 bytes
File C:\WINDOWS\$NtUninstallKB63947$\3717389222 0 bytes
File C:\WINDOWS\$NtUninstallKB63947$\3717389222\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB63947$\3717389222\L 0 bytes
File C:\WINDOWS\$NtUninstallKB63947$\3717389222\L\akygdmgo 57600 bytes
File C:\WINDOWS\$NtUninstallKB63947$\3717389222\loader.tlb 2632 bytes
File C:\WINDOWS\$NtUninstallKB63947$\3717389222\U 0 bytes
File C:\WINDOWS\$NtUninstallKB63947$\3717389222\U\@00000001 45968 bytes
File C:\WINDOWS\$NtUninstallKB63947$\3717389222\U\@000000c0 3072 bytes
File C:\WINDOWS\$NtUninstallKB63947$\3717389222\U\@000000cb 3072 bytes
File C:\WINDOWS\$NtUninstallKB63947$\3717389222\U\@000000cf 1536 bytes
File C:\WINDOWS\$NtUninstallKB63947$\3717389222\U\@80000000 23040 bytes
File C:\WINDOWS\$NtUninstallKB63947$\3717389222\U\@800000c0 35840 bytes
File C:\WINDOWS\$NtUninstallKB63947$\3717389222\U\@800000cb 23040 bytes
File C:\WINDOWS\$NtUninstallKB63947$\3717389222\U\@800000cf 29184 bytes
File C:\WINDOWS\$NtUninstallKB63947$\949474658 0 bytes

---- EOF - GMER 1.0.15 ----
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================================================

Are you able to run DDS?
 
Hello,

I cannot download DDS from the link provided in the "5-step Viruses/Spyware/Malware Preliminary Removal Instructions" thread. When I click on the link, I get a new window named "Untitled" and with the address "about:blank". Is there another link that I can get it from?
 
Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Here is the report:

09:33:23.0234 5460 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
09:33:23.0343 5460 ============================================================
09:33:23.0343 5460 Current date / time: 2011/11/13 09:33:23.0343
09:33:23.0343 5460 SystemInfo:
09:33:23.0343 5460
09:33:23.0343 5460 OS Version: 5.1.2600 ServicePack: 3.0
09:33:23.0343 5460 Product type: Workstation
09:33:23.0343 5460 ComputerName: DANIEL-Q09D8YI1
09:33:23.0343 5460 UserName: Daniel
09:33:23.0343 5460 Windows directory: C:\WINDOWS
09:33:23.0343 5460 System windows directory: C:\WINDOWS
09:33:23.0343 5460 Processor architecture: Intel x86
09:33:23.0343 5460 Number of processors: 2
09:33:23.0343 5460 Page size: 0x1000
09:33:23.0343 5460 Boot type: Normal boot
09:33:23.0343 5460 ============================================================
09:33:24.0109 5460 Initialize success
09:33:29.0234 5012 ============================================================
09:33:29.0234 5012 Scan started
09:33:29.0234 5012 Mode: Manual;
09:33:29.0234 5012 ============================================================
09:33:30.0046 5012 Abiosdsk - ok
09:33:30.0062 5012 abp480n5 - ok
09:33:30.0125 5012 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:33:30.0140 5012 ACPI - ok
09:33:30.0171 5012 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:33:30.0187 5012 ACPIEC - ok
09:33:30.0203 5012 adpu160m - ok
09:33:30.0281 5012 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:33:30.0281 5012 aec - ok
09:33:30.0328 5012 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
09:33:30.0328 5012 AegisP - ok
09:33:30.0406 5012 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:33:30.0406 5012 AFD - ok
09:33:30.0468 5012 Aha154x - ok
09:33:30.0484 5012 aic78u2 - ok
09:33:30.0500 5012 aic78xx - ok
09:33:30.0546 5012 AliIde - ok
09:33:30.0578 5012 amsint - ok
09:33:30.0609 5012 asc - ok
09:33:30.0671 5012 asc3350p - ok
09:33:30.0703 5012 asc3550 - ok
09:33:30.0796 5012 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:33:30.0796 5012 AsyncMac - ok
09:33:30.0828 5012 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:33:30.0828 5012 atapi - ok
09:33:30.0843 5012 Atdisk - ok
09:33:31.0000 5012 ati2mtag (c51608bba3248be2f6d21b132910752a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
09:33:31.0125 5012 ati2mtag - ok
09:33:31.0218 5012 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:33:31.0218 5012 Atmarpc - ok
09:33:31.0312 5012 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:33:31.0312 5012 audstub - ok
09:33:31.0359 5012 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:33:31.0359 5012 Beep - ok
09:33:31.0718 5012 BHDrvx86 (fe57ab6683f48264d1cd36f5d5ee95a8) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111027.001\BHDrvx86.sys
09:33:31.0750 5012 BHDrvx86 - ok
09:33:31.0875 5012 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:33:31.0890 5012 cbidf2k - ok
09:33:31.0906 5012 cd20xrnt - ok
09:33:32.0000 5012 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:33:32.0000 5012 Cdaudio - ok
09:33:32.0062 5012 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:33:32.0062 5012 Cdfs - ok
09:33:32.0093 5012 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:33:32.0093 5012 Cdrom - ok
09:33:32.0109 5012 Changer - ok
09:33:32.0140 5012 CmdIde - ok
09:33:32.0218 5012 Cpqarray - ok
09:33:32.0296 5012 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
09:33:32.0296 5012 ctsfm2k - ok
09:33:32.0312 5012 dac2w2k - ok
09:33:32.0328 5012 dac960nt - ok
09:33:32.0437 5012 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:33:32.0437 5012 Disk - ok
09:33:32.0515 5012 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:33:32.0546 5012 dmboot - ok
09:33:32.0562 5012 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:33:32.0578 5012 dmio - ok
09:33:32.0593 5012 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:33:32.0593 5012 dmload - ok
09:33:32.0687 5012 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:33:32.0687 5012 DMusic - ok
09:33:32.0718 5012 dpti2o - ok
09:33:32.0812 5012 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:33:32.0828 5012 drmkaud - ok
09:33:33.0000 5012 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
09:33:33.0015 5012 eeCtrl - ok
09:33:33.0062 5012 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
09:33:33.0062 5012 EraserUtilRebootDrv - ok
09:33:33.0359 5012 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:33:33.0437 5012 Fastfat - ok
09:33:33.0484 5012 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:33:33.0484 5012 Fdc - ok
09:33:33.0500 5012 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:33:33.0781 5012 Fips - ok
09:33:33.0812 5012 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
09:33:33.0812 5012 Flpydisk - ok
09:33:33.0875 5012 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:33:33.0890 5012 FltMgr - ok
09:33:33.0953 5012 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:33:33.0953 5012 Fs_Rec - ok
09:33:33.0968 5012 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:33:33.0968 5012 Ftdisk - ok
09:33:34.0062 5012 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
09:33:34.0062 5012 GEARAspiWDM - ok
09:33:34.0187 5012 gkmixern - ok
09:33:34.0265 5012 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:33:34.0265 5012 Gpc - ok
09:33:34.0343 5012 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:33:34.0343 5012 HidUsb - ok
09:33:34.0375 5012 hpn - ok
09:33:34.0406 5012 hpt3xx - ok
09:33:34.0468 5012 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
09:33:34.0484 5012 HTTP - ok
09:33:34.0500 5012 i2omgmt - ok
09:33:34.0531 5012 i2omp - ok
09:33:34.0609 5012 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:33:34.0609 5012 i8042prt - ok
09:33:34.0703 5012 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
09:33:34.0750 5012 ialm - ok
09:33:35.0015 5012 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111110.030\IDSxpx86.sys
09:33:35.0031 5012 IDSxpx86 - ok
09:33:35.0171 5012 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys
09:33:35.0187 5012 Imapi - ok
09:33:35.0203 5012 ini910u - ok
09:33:35.0218 5012 IntelIde - ok
09:33:35.0265 5012 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:33:35.0265 5012 intelppm - ok
09:33:35.0312 5012 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:33:35.0312 5012 ip6fw - ok
09:33:35.0390 5012 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:33:35.0390 5012 IpFilterDriver - ok
09:33:35.0468 5012 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:33:35.0468 5012 IpInIp - ok
09:33:35.0515 5012 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:33:35.0515 5012 IpNat - ok
09:33:35.0546 5012 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:33:35.0546 5012 IPSec - ok
09:33:35.0609 5012 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:33:35.0609 5012 IRENUM - ok
09:33:35.0656 5012 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:33:35.0656 5012 isapnp - ok
09:33:35.0687 5012 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:33:35.0703 5012 Kbdclass - ok
09:33:35.0765 5012 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:33:35.0781 5012 kmixer - ok
09:33:35.0796 5012 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:33:35.0812 5012 KSecDD - ok
09:33:35.0828 5012 lbrtfdc - ok
09:33:36.0000 5012 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:33:36.0000 5012 mnmdd - ok
09:33:36.0078 5012 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:33:36.0078 5012 Modem - ok
09:33:36.0093 5012 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:33:36.0093 5012 Mouclass - ok
09:33:36.0187 5012 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:33:36.0187 5012 mouhid - ok
09:33:36.0218 5012 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:33:36.0218 5012 MountMgr - ok
09:33:36.0218 5012 mraid35x - ok
09:33:36.0250 5012 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:33:36.0265 5012 MRxDAV - ok
09:33:36.0343 5012 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:33:36.0343 5012 MRxSmb - ok
09:33:36.0421 5012 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:33:36.0421 5012 Msfs - ok
09:33:36.0500 5012 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:33:36.0515 5012 MSKSSRV - ok
09:33:36.0562 5012 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:33:36.0562 5012 MSPCLOCK - ok
09:33:36.0593 5012 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:33:36.0593 5012 MSPQM - ok
09:33:36.0640 5012 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:33:36.0640 5012 mssmbios - ok
09:33:36.0718 5012 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:33:36.0718 5012 Mup - ok
09:33:37.0031 5012 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111111.002\NAVENG.SYS
09:33:37.0031 5012 NAVENG - ok
09:33:37.0109 5012 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111111.002\NAVEX15.SYS
09:33:37.0156 5012 NAVEX15 - ok
09:33:37.0296 5012 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:33:37.0296 5012 NDIS - ok
09:33:37.0359 5012 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:33:37.0359 5012 NdisTapi - ok
09:33:37.0359 5012 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:33:37.0375 5012 Ndisuio - ok
09:33:37.0390 5012 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:33:37.0406 5012 NdisWan - ok
09:33:37.0500 5012 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:33:37.0500 5012 NDProxy - ok
09:33:37.0531 5012 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:33:37.0531 5012 NetBIOS - ok
09:33:37.0562 5012 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:33:37.0562 5012 NetBT - ok
09:33:37.0656 5012 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:33:37.0656 5012 Npfs - ok
09:33:37.0718 5012 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:33:37.0734 5012 Ntfs - ok
09:33:37.0796 5012 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:33:37.0796 5012 Null - ok
09:33:37.0921 5012 nv (e9c44fa6803832b80fe18f7bcdd18318) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:33:38.0390 5012 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\nv4_mini.sys. Real md5: e9c44fa6803832b80fe18f7bcdd18318, Fake md5: 4b54dcd6adee535df80f07c59ddd8f14
09:33:38.0453 5012 nv ( ForgedFile.Multi.Generic ) - warning
09:33:38.0453 5012 nv - detected ForgedFile.Multi.Generic (1)
09:33:38.0546 5012 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:33:38.0546 5012 NwlnkFlt - ok
09:33:38.0578 5012 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:33:38.0578 5012 NwlnkFwd - ok
09:33:38.0671 5012 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
09:33:38.0671 5012 NwlnkIpx - ok
09:33:38.0703 5012 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
09:33:38.0703 5012 NwlnkNb - ok
09:33:38.0734 5012 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
09:33:38.0734 5012 NwlnkSpx - ok
09:33:38.0812 5012 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
09:33:38.0812 5012 NWRDR - ok
09:33:38.0890 5012 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
09:33:38.0890 5012 ossrv - ok
09:33:39.0000 5012 P17 (df886ffed69aead0cf608b89b18c3f6f) C:\WINDOWS\system32\drivers\P17.sys
09:33:39.0093 5012 P17 - ok
09:33:39.0156 5012 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:33:39.0171 5012 Parport - ok
09:33:39.0187 5012 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:33:39.0187 5012 PartMgr - ok
09:33:39.0250 5012 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:33:39.0265 5012 ParVdm - ok
09:33:39.0281 5012 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:33:39.0281 5012 PCI - ok
09:33:39.0296 5012 PCIDump - ok
09:33:39.0343 5012 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:33:39.0343 5012 PCIIde - ok
09:33:39.0421 5012 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:33:39.0421 5012 Pcmcia - ok
09:33:39.0500 5012 PCTBD (3a0262b85b5bb4d4cfc096ea00ed610b) C:\WINDOWS\system32\Drivers\PCTBD.sys
09:33:39.0500 5012 PCTBD - ok
09:33:39.0578 5012 PCTCore (3a1efee38dcc8db0b0ee8bb98edd950d) C:\WINDOWS\system32\drivers\PCTCore.sys
09:33:39.0593 5012 PCTCore - ok
09:33:39.0609 5012 pctDS (af08ec0f2093867ab955e24121ee7002) C:\WINDOWS\system32\drivers\pctDS.sys
09:33:39.0625 5012 pctDS - ok
09:33:39.0671 5012 pctEFA (4b1b0cd45a047c0941f6b6151f6fb3c1) C:\WINDOWS\system32\drivers\pctEFA.sys
09:33:39.0734 5012 pctEFA - ok
09:33:39.0781 5012 PCTSD (6f8c66b756eccff3e75d362a8c66b21e) C:\WINDOWS\system32\Drivers\PCTSD.sys
09:33:39.0796 5012 PCTSD - ok
09:33:39.0812 5012 PDCOMP - ok
09:33:39.0828 5012 PDFRAME - ok
09:33:39.0890 5012 PDRELI - ok
09:33:39.0906 5012 PDRFRAME - ok
09:33:39.0921 5012 perc2 - ok
09:33:39.0953 5012 perc2hib - ok
09:33:40.0093 5012 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:33:40.0093 5012 PptpMiniport - ok
09:33:40.0109 5012 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
09:33:40.0125 5012 Processor - ok
09:33:40.0171 5012 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:33:40.0171 5012 PSched - ok
09:33:40.0187 5012 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:33:40.0187 5012 Ptilink - ok
09:33:40.0203 5012 ql1080 - ok
09:33:40.0218 5012 Ql10wnt - ok
09:33:40.0234 5012 ql12160 - ok
09:33:40.0250 5012 ql1240 - ok
09:33:40.0281 5012 ql1280 - ok
09:33:40.0312 5012 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:33:40.0312 5012 RasAcd - ok
09:33:40.0406 5012 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:33:40.0421 5012 Rasl2tp - ok
09:33:40.0484 5012 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:33:40.0484 5012 RasPppoe - ok
09:33:40.0562 5012 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:33:40.0562 5012 Raspti - ok
09:33:40.0593 5012 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:33:40.0593 5012 Rdbss - ok
09:33:40.0625 5012 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:33:40.0625 5012 RDPCDD - ok
09:33:40.0656 5012 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:33:40.0656 5012 rdpdr - ok
09:33:40.0718 5012 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
09:33:40.0734 5012 RDPWD - ok
09:33:40.0796 5012 redbook (8f4164ffa6095629a3aef80e9f39f76f) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:33:40.0796 5012 redbook - ok
09:33:40.0875 5012 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
09:33:40.0875 5012 ROOTMODEM - ok
09:33:40.0968 5012 RT61 (581e74880aeb1dba1cb5ac8e6e6c0a69) C:\WINDOWS\system32\DRIVERS\RT61.sys
09:33:40.0984 5012 RT61 - ok
09:33:41.0046 5012 RT80x86 (671828423b5bf9db4fc20ae337f2f893) C:\WINDOWS\system32\DRIVERS\RT2860.sys
09:33:41.0062 5012 RT80x86 - ok
09:33:41.0171 5012 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
09:33:41.0187 5012 SASDIFSV - ok
09:33:41.0203 5012 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
09:33:41.0203 5012 SASKUTIL - ok
09:33:41.0328 5012 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:33:41.0328 5012 Secdrv - ok
09:33:41.0359 5012 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:33:41.0375 5012 serenum - ok
09:33:41.0390 5012 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:33:41.0390 5012 Serial - ok
09:33:41.0437 5012 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:33:41.0437 5012 Sfloppy - ok
09:33:41.0468 5012 Simbad - ok
09:33:41.0484 5012 Sparrow - ok
09:33:41.0562 5012 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:33:41.0562 5012 splitter - ok
09:33:41.0593 5012 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:33:41.0593 5012 sr - ok
09:33:41.0750 5012 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS
09:33:41.0765 5012 SRTSP - ok
09:33:41.0781 5012 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS
09:33:41.0781 5012 SRTSPX - ok
09:33:41.0875 5012 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:33:41.0890 5012 Srv - ok
09:33:41.0953 5012 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:33:41.0953 5012 swenum - ok
09:33:42.0000 5012 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:33:42.0000 5012 swmidi - ok
09:33:42.0031 5012 symc810 - ok
09:33:42.0093 5012 symc8xx - ok
09:33:42.0218 5012 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS
09:33:42.0234 5012 SymDS - ok
09:33:42.0281 5012 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS
09:33:42.0312 5012 SymEFA - ok
09:33:42.0375 5012 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
09:33:42.0375 5012 SymEvent - ok
09:33:42.0390 5012 SYMFW - ok
09:33:42.0406 5012 SYMIDS - ok
09:33:42.0437 5012 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS
09:33:42.0453 5012 SymIRON - ok
09:33:42.0468 5012 SYMNDIS - ok
09:33:42.0500 5012 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS
09:33:42.0515 5012 SYMTDI - ok
09:33:42.0531 5012 sym_hi - ok
09:33:42.0546 5012 sym_u3 - ok
09:33:42.0609 5012 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:33:42.0625 5012 sysaudio - ok
09:33:42.0734 5012 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:33:42.0734 5012 Tcpip - ok
09:33:42.0781 5012 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:33:42.0781 5012 TDPIPE - ok
09:33:42.0859 5012 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:33:42.0875 5012 TDTCP - ok
09:33:42.0937 5012 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:33:42.0937 5012 TermDD - ok
09:33:42.0968 5012 TosIde - ok
09:33:43.0031 5012 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:33:43.0046 5012 Udfs - ok
09:33:43.0093 5012 ultra - ok
09:33:43.0171 5012 UnlockerDriver5 (d0cb75386d9e89c864d808d64ec9160f) C:\Program Files\Unlocker\UnlockerDriver5.sys
09:33:43.0187 5012 UnlockerDriver5 - ok
09:33:43.0250 5012 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:33:43.0250 5012 Update - ok
09:33:43.0281 5012 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:33:43.0281 5012 usbehci - ok
09:33:43.0390 5012 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:33:43.0406 5012 usbhub - ok
09:33:43.0453 5012 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:33:43.0468 5012 usbprint - ok
09:33:43.0531 5012 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:33:43.0531 5012 usbscan - ok
09:33:43.0562 5012 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:33:43.0562 5012 USBSTOR - ok
09:33:43.0609 5012 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:33:43.0609 5012 usbuhci - ok
09:33:43.0640 5012 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:33:43.0640 5012 VgaSave - ok
09:33:43.0656 5012 ViaIde - ok
09:33:43.0687 5012 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:33:43.0687 5012 VolSnap - ok
09:33:43.0750 5012 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:33:43.0750 5012 Wanarp - ok
09:33:43.0765 5012 WDICA - ok
09:33:43.0828 5012 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:33:43.0828 5012 wdmaud - ok
09:33:44.0000 5012 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:33:44.0000 5012 WudfPf - ok
09:33:44.0031 5012 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:33:44.0031 5012 WudfRd - ok
09:33:44.0062 5012 xbreader (05a74d2be6f493c65d7221d1d0e8a23c) C:\WINDOWS\system32\Drivers\xbreader.sys
09:33:44.0078 5012 xbreader - ok
09:33:44.0109 5012 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk0\DR0
09:33:44.0250 5012 \Device\Harddisk0\DR0 - ok
09:33:44.0250 5012 Boot (0x1200) (ad2a59801fac5161e67b6a11d3319abe) \Device\Harddisk0\DR0\Partition0
09:33:44.0250 5012 \Device\Harddisk0\DR0\Partition0 - ok
09:33:44.0250 5012 ============================================================
09:33:44.0250 5012 Scan finished
09:33:44.0250 5012 ============================================================
09:33:44.0281 5560 Detected object count: 1
09:33:44.0281 5560 Actual detected object count: 1
09:33:56.0140 5560 nv ( ForgedFile.Multi.Generic ) - skipped by user
09:33:56.0140 5560 nv ( ForgedFile.Multi.Generic ) - User select action: Skip
 
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Here are the logs from aswMBR and ComboFix:


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-13 09:38:29
-----------------------------
09:38:29.375 OS Version: Windows 5.1.2600 Service Pack 3
09:38:29.375 Number of processors: 2 586 0x401
09:38:29.375 ComputerName: DANIEL-Q09D8YI1 UserName: Daniel
09:38:31.640 Initialize success
09:38:39.765 AVAST engine download error: 0
09:38:46.343 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:38:46.343 Disk 0 Vendor: ST3120814A 3.AAJ Size: 114473MB BusType: 3
09:38:48.421 Disk 0 MBR read successfully
09:38:48.437 Disk 0 MBR scan
09:38:48.437 Disk 0 Windows XP default MBR code
09:38:48.484 Disk 0 scanning sectors +234420480
09:38:48.812 Disk 0 scanning C:\WINDOWS\system32\drivers
09:39:59.937 Service scanning
09:40:01.046 Modules scanning
09:40:34.234 Module: C:\WINDOWS\System32\DRIVERS\redbook.sys **SUSPICIOUS**
09:41:37.671 Disk 0 trace - called modules:
09:41:37.750 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8980b9b0]<<
09:41:37.750 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89bacab8]
09:41:37.750 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> [0x8975fb90]
09:41:37.750 \Driver\00001612[0x898e64f8] -> IRP_MJ_CREATE -> 0x8980b9b0
09:41:37.750 Scan finished successfully
09:43:07.218 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Daniel\Desktop\CNS 2.0\MBR.dat"
09:43:07.218 The log file has been saved successfully to "C:\Documents and Settings\Daniel\Desktop\CNS 2.0\aswMBR.txt"




ComboFix 11-11-09.01 - Daniel 11/13/2011 10:06:51.1.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1751 [GMT -8:00]
Running from: c:\documents and settings\Daniel\My Documents\Downloads\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Daniel\My Documents\~WRL0001.tmp
c:\documents and settings\Daniel\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-10-13 to 2011-11-13 )))))))))))))))))))))))))))))))
.
.
2011-11-13 18:39 . 2011-11-13 18:39 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-11-13 17:44 . 2011-11-13 17:44 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Threat Expert
2011-11-12 22:53 . 2011-11-12 22:53 -------- dc----w- c:\documents and settings\Daniel\Application Data\SUPERAntiSpyware.com
2011-11-12 22:52 . 2011-11-12 22:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-12 22:52 . 2011-11-12 22:52 -------- dc----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-11-12 22:21 . 2011-10-28 19:02 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2011-11-12 22:21 . 2011-11-12 22:25 -------- d-----w- c:\program files\PC Tools
2011-11-12 22:20 . 2011-11-12 22:26 -------- dc----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-11-12 22:20 . 2011-11-12 22:20 -------- dc----w- c:\documents and settings\Daniel\Application Data\TestApp
2011-11-12 21:52 . 2011-11-12 21:52 -------- dc----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-11-12 20:14 . 2011-11-12 20:14 709968 ----a-w- c:\windows\isRS-000.tmp
2011-11-11 22:25 . 2011-11-11 22:25 -------- d-s---w- c:\documents and settings\LocalService\UserData
2011-11-11 22:17 . 2011-11-11 22:17 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2011-11-11 22:12 . 2011-11-11 22:13 -------- dcsh--w- c:\documents and settings\Daniel\Local Settings\Application Data\dd92dba6
2011-11-07 01:05 . 2011-11-07 01:05 -------- d-----w- c:\program files\Common Files\Java
2011-11-06 22:48 . 2011-11-06 22:48 -------- d-----w- c:\program files\7-Zip
2011-11-06 05:15 . 2011-11-06 05:15 -------- d-----w- c:\program files\3DO
2011-11-04 03:48 . 2011-11-04 03:48 -------- d-----w- c:\program files\Electronic Arts
2011-10-29 16:34 . 2011-11-06 03:41 -------- d-----w- c:\program files\Kalypso
2011-10-28 15:25 . 2011-10-28 15:25 -------- dc----w- c:\documents and settings\UpdatusUser
2011-10-28 15:25 . 2011-10-28 15:25 -------- dc----w- c:\documents and settings\All Users\Application Data\NVIDIA
2011-10-28 15:25 . 2011-10-08 04:50 298304 ----a-w- c:\windows\system32\nvsvc32.exe
2011-10-28 15:25 . 2011-10-08 04:50 220992 ----a-w- c:\windows\system32\nvcolor.exe
2011-10-28 15:24 . 2011-10-08 04:50 16744256 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-28 15:24 . 2011-10-08 04:50 203072 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-28 15:24 . 2011-10-08 04:50 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-10-28 15:24 . 2011-10-08 04:50 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-10-28 15:23 . 2011-10-31 01:24 285176 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-10-28 15:23 . 2011-10-31 01:24 285176 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-10-28 15:23 . 2011-10-31 01:24 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-10-22 07:49 . 2011-10-22 07:53 -------- d-----w- c:\program files\Tropico
2011-10-22 06:21 . 2011-10-22 06:21 -------- dc----w- C:\Impressions Games
2011-10-22 03:23 . 2011-10-22 03:23 -------- d-----w- c:\program files\FireFly Studios
2011-10-22 01:41 . 1994-12-06 07:00 92208 ----a-r- c:\windows\system\WING.DLL
2011-10-22 01:41 . 1994-12-06 07:00 6736 ----a-r- c:\windows\system\WINGDIB.DRV
2011-10-22 01:41 . 1994-12-06 07:00 188960 ----a-r- c:\windows\system\WINGDE.DLL
2011-10-22 01:41 . 2011-10-22 01:41 -------- dc----w- C:\MMAPP
2011-10-22 01:40 . 2011-10-22 01:40 -------- dc----w- C:\~QTWTMP.TMP
2011-10-20 22:05 . 2011-10-08 04:50 919872 ----a-w- c:\windows\system32\nvdispco32.dll
2011-10-20 22:05 . 2011-10-08 04:50 877376 ----a-w- c:\windows\system32\nvgenco32.dll
2011-10-20 22:05 . 2011-10-08 04:50 65536 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-20 22:05 . 2011-10-08 04:50 17956864 ----a-w- c:\windows\system32\nvoglnt.dll
2011-10-20 22:05 . 2011-10-08 04:50 5595136 ----a-w- c:\windows\system32\nvcuda.dll
2011-10-20 22:05 . 2011-10-08 04:50 2449408 ----a-w- c:\windows\system32\nvapi.dll
2011-10-20 22:05 . 2011-10-08 04:50 2398016 ----a-w- c:\windows\system32\nvcuvid.dll
2011-10-20 22:05 . 2011-10-08 04:50 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-10-20 22:05 . 2011-10-08 04:50 17240064 ----a-w- c:\windows\system32\nvcompiler.dll
2011-10-17 02:55 . 2011-10-17 02:55 18139008 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-11 22:24 . 2008-09-14 20:30 537520 ----a-w- c:\windows\system32\lxdjcoms.exe
2011-10-10 14:22 . 2008-05-17 02:24 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-08 04:50 . 2004-08-04 07:56 4226688 ----a-w- c:\windows\system32\nv4_disp.dll
2011-10-08 04:50 . 2004-08-04 05:29 12791488 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-10-03 13:06 . 2011-06-12 23:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 10:37 . 2009-11-17 05:16 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06 . 2001-08-23 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2001-08-23 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2001-08-23 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2001-08-23 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-05 13:56 . 2001-08-23 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2011-09-05 13:56 . 2001-08-23 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-09-05 13:56 . 2009-07-09 00:06 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-09-05 12:35 . 2004-08-04 05:59 369664 ----a-w- c:\windows\system32\html.iec
2011-09-01 01:00 . 2010-07-26 04:01 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-17 13:49 . 2001-08-23 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-19 68856]
"Steam"="c:\program files\Steam\steam.exe" [2011-08-02 1242448]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-30 61440]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-24 122368]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-09-13 161336]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
TEW-623PI Wireless Client Utility.lnk - c:\program files\TRENDnet\TEW-623PI Wireless Client Utility\UMCCfg.exe [N/A]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\lxdjcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjtime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjwbgw.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Steam\\SteamApps\\huthah\\half-life\\hl.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\grand theft auto 2\\gta2.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:mad:xpsp2res.dll,-22009
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/12/2011 2:21 PM 331880]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [11/12/2011 2:21 PM 341656]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [11/12/2011 2:21 PM 660992]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SymDS.sys [5/24/2011 8:54 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SymEFA.sys [5/24/2011 8:54 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111027.001\BHDrvx86.sys [11/1/2011 11:37 AM 818808]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [11/12/2011 2:21 PM 185560]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 8:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 1:55 PM 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.sys [5/24/2011 8:54 PM 136312]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 3:38 PM 116608]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [11/12/2011 2:27 PM 542672]
R2 lxdjCATSCustConnectService;lxdjCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdjserv.exe [9/14/2008 12:32 PM 99248]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [5/24/2011 8:54 PM 130008]
R2 NICSer_TEW623PI_WPC370L;NICSer_TEW623PI_WPC370L;c:\program files\TRENDnet\TEW-623PI Wireless Client Utility\NICServ.exe [1/21/2009 5:58 PM 534528]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [10/28/2011 7:25 AM 2253120]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/11/2011 10:49 AM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111110.030\IDSXpx86.sys [11/10/2011 10:40 PM 356280]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [11/12/2011 2:27 PM 56840]
R3 RT80x86;TRENDnet Wireless N Network Adapter Service;c:\windows\system32\drivers\rt2860.sys [1/21/2009 5:58 PM 579456]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 6:09 PM 135664]
S3 gkmixern;gkmixern;\??\c:\docume~1\Daniel\LOCALS~1\Temp\gkmixern.sys --> c:\docume~1\Daniel\LOCALS~1\Temp\gkmixern.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 6:09 PM 135664]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools\PC Tools Security\pctsAuxs.exe [11/12/2011 2:25 PM 402336]
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [1/2/2001 10:53 PM 19677]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-19 04:24]
.
2011-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 02:09]
.
2011-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 02:09]
.
2011-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-484763869-725345543-1003Core.job
- c:\documents and settings\Daniel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-15 02:09]
.
2011-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-484763869-725345543-1003UA.job
- c:\documents and settings\Daniel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-15 02:09]
.
2011-11-08 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Daniel.job
- c:\program files\Norton 360\Engine\5.1.0.29\Navw32.exe [2011-05-25 00:28]
.
2011-11-13 c:\windows\Tasks\Norton Security Scan for Daniel.job
- c:\progra~1\NORTON~2\NORTON~1\Engine\301~1.8\Nss.exe [2011-01-13 15:22]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.10.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-Tracks Eraser Pro - c:\program files\Acesoft\Tracks Eraser Pro\te.exe
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKLM-Run-lxdjmon.exe - c:\program files\Lexmark 1400 Series\lxdjmon.exe
HKLM-Run-lxdjamon - c:\program files\Lexmark 1400 Series\lxdjamon.exe
AddRemove-Afraid of Monsters: Director's Cut - c:\program files\steam\steamapps\huthah\half-life\AoMDC\uninstaomdc.exe
AddRemove-Army Men World War - c:\program files\3DO\Army Men World War\Uninst.isu
AddRemove-Azure Sheep - c:\program files\STEAM\STEAMAPPS\HUTHAH\HALF-LIFE\Uninstal.exe
AddRemove-BSPlayerf - c:\program files\Webteh\BSplayer\uninstall.exe
AddRemove-CEP - Colour Enable Packages_is1 - c:\progra~1\EAGAME~1\THESIM~1\zCEP_Uninstaller\unins000.exe
AddRemove-comtypes-py2.6 - c:\python26\Removecomtypes.exe
AddRemove-DDS Converter 2.1 - c:\program files\DDS Converter 2\Uninstal.exe
AddRemove-EADM - c:\program files\Electronic Arts\EADM\Uninstall.exe
AddRemove-GIANTS Ultimate esm file by Puma Man - c:\program files\Bethesda Softworks\Morrowind\Data Files\GIANTS Ultimate ESM Uninstal.exe
AddRemove-Half-Life Visitors - c:\windows\uninstall\Half-Life Visitors\setup.exe
AddRemove-HMS Defiance - c:\program files\Steam\SteamApps\SourceMods\Uninstal.exe
AddRemove-Lexmark 1400 Series - c:\program files\Lexmark 1400 Series\Install\x86\Uninst.exe
AddRemove-Morrowind Graphics Extender_is1 - c:\program files\Bethesda Softworks\Morrowind\mge3\uninstall\unins000.exe
AddRemove-Nuclear Winter for Half-Life Opposing Force - c:\program files\Steam\SteamApps\huthah\opposing force\gearbox\Half-Life\UNINSTAL.EXE
AddRemove-Poke646 1.0 - c:\program files\Steam\SteamApps\huthah\half-life\SXUNINST.EXE
AddRemove-psyco-py2.6 - c:\python26\Removepsyco.exe
AddRemove-pywin32-py2.6 - c:\python26\Removepywin32.exe
AddRemove-Sims2Pack Clean Installer - c:\program files\Sims2Pack Clean Installer\uninstall.exe
AddRemove-Simtowerv1.0 - c:\maxis\Simtower\DeIsL1.isu
AddRemove-The Murderer - c:\program files\The Murderer\uninst32.exe
AddRemove-The Trenches - c:\program files\steam\steamapps\huthah\half-life\uninstall.exe
AddRemove-WindowsFrotz - c:\program files\Windows Frotz\uninstall.exe
AddRemove-Wrye Bash - c:\program files\Bethesda Softworks\Oblivion\Uninstal.exe
AddRemove-WWI Source - c:\program files\steam\SteamApps\Sourcemods\WWI_Source\uninst.exe
AddRemove-WWI Source Beta 1.12 Patch - c:\program files\steam\SteamApps\Sourcemods\WWI_Source\uninst.exe
AddRemove-wxPython2.8-ansi-py26_is1 - c:\python26\Lib\site-packages\wx-2.8-msw-ansi\unins000.exe
AddRemove-{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} - c:\program files\YouTube Downloader\uninstall.exe
AddRemove-{20FC1593-0BA0-4334-8786-E634FC011B69}_is1 - c:\program files\Steam\steamapps\SourceMods\Underhell\unins000.exe
AddRemove-{4817189D-1785-4627-A33C-39FD90919300} - c:\program files\EA GAMES\The Sims 2 Pets\EAUninstall.exe
AddRemove-{7B3577F5-1D82-4C9B-008B-69D026FD8BCA} - c:\program files\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe
AddRemove-{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2} - c:\program files\EA GAMES\The Sims 2 University\EAUninstall.exe
AddRemove-{9C244239-ED8E-40f1-937F-51C706CD2160} - c:\program files\EA GAMES\The Sims 2 Deluxe\EAUninstall.exe
AddRemove-{B1899CD8-9584-4DC5-00AE-48F47CF81183} - c:\program files\EA GAMES\The Sims 2 HomeCrafter Plus\EAUninstall.exe
AddRemove-{CE0900ED-C76A-40C0-8DB4-0F68D825B283}_is1 - c:\stranded ii\unins000.exe
AddRemove-Land of Legends - Heroes of Loria - c:\program files\Steam\SteamApps\huthah\half-life\Uninstal.exe
AddRemove-UnityWebPlayer - c:\documents and settings\Daniel\Local Settings\Application Data\Unity\WebPlayer\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-13 10:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1935655697-484763869-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:12,0a,c8,32,ab,28,3b,57,32,44,76,18,a5,4f,1a,71,75,f6,7d,11,5e,b1,17,
0c,8c,bf,1a,ca,94,ee,5a,be,e2,62,b5,de,a6,5f,73,29,7a,31,41,5f,68,bc,43,b0,\
"??"=hex:c0,6b,55,c4,1d,94,5e,65,4c,0d,18,03,54,98,d4,f9
.
[HKEY_USERS\S-1-5-21-1935655697-484763869-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:0d,04,e9,c7,f9,26,b8,54,51,0e,39,a6,1c,52,10,ba,10,50,57,bf,d6,
a3,ef,5d,c6,31,b9,b6,6b,48,b2,88,d8,9c,7f,d6,8f,18,58,9c,ca,ce,46,93,f0,dc,\
"rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(612)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3724)
c:\windows\system32\hnetcfg.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxdjcoms.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Smith Micro\StuffIt 2010\ArcNameService.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\RunDLL32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2011-11-13 10:58:08 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-13 18:58
.
Pre-Run: 37,606,952,960 bytes free
Post-Run: 38,224,842,752 bytes free
.
- - End Of File - - C41AB75187AA11865CD48F5B446F6AC1
 
Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
NOTE. Make sure to reverse the above changes, when done with this step.
Upload following files to http://www.virustotal.com/ for security check:
- C:\WINDOWS\System32\DRIVERS\redbook.sys
- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.
 
This is the result of the nv4_mini.sys file:

AhnLab-V3 2011.11.13.00 2011.11.13 -
AntiVir 7.11.17.146 2011.11.13 -
Antiy-AVL 2.0.3.7 2011.11.13 -
Avast 6.0.1289.0 2011.11.13 -
AVG 10.0.0.1190 2011.11.13 -
BitDefender 7.2 2011.11.13 -
ByteHero 1.0.0.1 2011.11.04 -
ClamAV 0.97.3.0 2011.11.13 -
Commtouch 5.3.2.6 2011.11.12 -
Comodo 10773 2011.11.13 -
DrWeb 5.0.2.03300 2011.11.13 -
Emsisoft 5.1.0.11 2011.11.13 -
eSafe 7.0.17.0 2011.11.13 -
eTrust-Vet 37.0.9564 2011.11.11 -
F-Prot 4.6.5.141 2011.11.12 -
F-Secure 9.0.16440.0 2011.11.13 -
Fortinet 4.3.370.0 2011.11.13 -
GData 22 2011.11.13 -
Ikarus T3.1.1.109.0 2011.11.13 -
Jiangmin 13.0.900 2011.11.13 -
K7AntiVirus 9.119.5447 2011.11.12 -
Kaspersky 9.0.0.837 2011.11.13 -
McAfee 5.400.0.1158 2011.11.13 -
McAfee-GW-Edition 2010.1D 2011.11.13 -
Microsoft 1.7801 2011.11.13 -
NOD32 6626 2011.11.13 -
Norman 6.07.13 2011.11.13 -
nProtect 2011-11-13.01 2011.11.13 -
Panda 10.0.3.5 2011.11.13 -
PCTools 8.0.0.5 2011.11.13 -
Prevx 3.0 2011.11.13 -
Rising 23.83.04.03 2011.11.11 -
Sophos 4.71.0 2011.11.13 -
SUPERAntiSpyware 4.40.0.1006 2011.11.12 -
Symantec 20111.2.0.82 2011.11.13 -
TheHacker 6.7.0.1.342 2011.11.13 -
TrendMicro 9.500.0.1008 2011.11.13 -
TrendMicro-HouseCall 9.500.0.1008 2011.11.13 -
VBA32 3.12.16.4 2011.11.11 -
VIPRE 11037 2011.11.13 -
ViRobot 2011.11.11.4770 2011.11.13 -
VirusBuster 14.1.61.0 2011.11.13 -
MD5: 4b54dcd6adee535df80f07c59ddd8f14
SHA1: 29f47cd26080a388316adb654388969639eff08e
SHA256: 6e425f8881547a4c96b36b4d99ffd7ee9330f1c1ad34276f039218a4c2613521
File size: 12791488 bytes
Scan date: 2011-11-13 19:52:19 (UTC)
 
Here is the scan of redbook.sys:

AhnLab-V3 2011.11.13.00 2011.11.13 Backdoor/Win32.ZAccess
AntiVir 7.11.17.146 2011.11.13 -
Antiy-AVL 2.0.3.7 2011.11.13 -
Avast 6.0.1289.0 2011.11.13 Win32:ZAccess-BF [Rtk]
AVG 10.0.0.1190 2011.11.13 -
BitDefender 7.2 2011.11.13 Gen:Variant.TDss.76
ByteHero 1.0.0.1 2011.11.04 -
ClamAV 0.97.3.0 2011.11.13 -
Commtouch 5.3.2.6 2011.11.12 -
Comodo 10773 2011.11.13 TrojWare.Win32.Rootkit.ZAccess.KG
DrWeb 5.0.2.03300 2011.11.13 -
Emsisoft 5.1.0.11 2011.11.13 Rootkit.Win32.ZAccess!IK
eSafe 7.0.17.0 2011.11.13 -
eTrust-Vet 37.0.9564 2011.11.11 -
F-Prot 4.6.5.141 2011.11.12 -
F-Secure 9.0.16440.0 2011.11.13 Gen:Variant.TDss.76
Fortinet 4.3.370.0 2011.11.13 -
GData 22 2011.11.13 Gen:Variant.TDss.76
Ikarus T3.1.1.109.0 2011.11.13 Rootkit.Win32.ZAccess
Jiangmin 13.0.900 2011.11.13 -
K7AntiVirus 9.119.5447 2011.11.12 -
Kaspersky 9.0.0.837 2011.11.13 -
McAfee 5.400.0.1158 2011.11.13 -
McAfee-GW-Edition 2010.1D 2011.11.13 -
Microsoft 1.7801 2011.11.13 -
NOD32 6626 2011.11.13 -
Norman 6.07.13 2011.11.13 -
nProtect 2011-11-13.01 2011.11.13 -
Panda 10.0.3.5 2011.11.13 -
PCTools 8.0.0.5 2011.11.13 -
Prevx 3.0 2011.11.13 -
Rising 23.83.04.03 2011.11.11 -
Sophos 4.71.0 2011.11.13 -
SUPERAntiSpyware 4.40.0.1006 2011.11.12 -
Symantec 20111.2.0.82 2011.11.13 -
TheHacker 6.7.0.1.342 2011.11.13 -
TrendMicro 9.500.0.1008 2011.11.13 -
TrendMicro-HouseCall 9.500.0.1008 2011.11.13 -
VBA32 3.12.16.4 2011.11.11 -
VIPRE 11037 2011.11.13 -
ViRobot 2011.11.11.4770 2011.11.13 -
VirusBuster 14.1.61.0 2011.11.13 -
 
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box and paste it into the main textfield:
    Code: 
    :filefind
redbook.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
 
The results:

SystemLook 30.07.11 by jpshortstuff
Log created at 12:35 on 13/11/2011 by Daniel
Administrator - Elevation successful

========== filefind ==========

Searching for "redbook.sys"
C:\WINDOWS\$NtServicePackUninstall$\redbook.sys -----c- 57472 bytes [16:07 18/05/2008] [05:59 04/08/2004] B31B4588E4086D8D84ADBF9845C2402B
C:\WINDOWS\ServicePackFiles\i386\redbook.sys -----c- 57600 bytes [05:59 04/08/2004] [18:40 13/04/2008] F828DD7E1419B6653894A8F97A0094C5
C:\WINDOWS\system32\drivers\redbook.sys --a---- 57600 bytes [19:18 16/05/2008] [18:40 13/04/2008] 8F4164FFA6095629A3AEF80E9F39F76F

-= EOF =-
 
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box
  • Click OK
Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
FCopy::
C:\WINDOWS\$NtServicePackUninstall$\redbook.sys | C:\WINDOWS\system32\drivers\redbook.sys

File::
c:\windows\isRS-000.tmp


Folder::
c:\documents and settings\Daniel\Local Settings\Application Data\dd92dba6

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Here are the results:


ComboFix 11-11-09.01 - Daniel 11/13/2011 12:54:42.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1421 [GMT -8:00]
Running from: c:\documents and settings\Daniel\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Daniel\Desktop\CFScript.txt
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
FILE ::
"c:\windows\isRS-000.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Daniel\Local Settings\Application Data\dd92dba6
c:\documents and settings\Daniel\Local Settings\Application Data\dd92dba6\@
c:\windows\system32\
.
.
--------------- FCopy ---------------
.
c:\windows\$NtServicePackUninstall$\redbook.sys --> c:\windows\system32\drivers\redbook.sys
.
((((((((((((((((((((((((( Files Created from 2011-10-13 to 2011-11-13 )))))))))))))))))))))))))))))))
.
.
2011-11-13 17:44 . 2011-11-13 17:44 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Threat Expert
2011-11-12 22:53 . 2011-11-12 22:53 -------- dc----w- c:\documents and settings\Daniel\Application Data\SUPERAntiSpyware.com
2011-11-12 22:52 . 2011-11-12 22:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-12 22:52 . 2011-11-12 22:52 -------- dc----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-11-12 22:21 . 2011-10-28 19:02 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2011-11-12 22:21 . 2011-11-12 22:25 -------- d-----w- c:\program files\PC Tools
2011-11-12 22:20 . 2011-11-12 22:26 -------- dc----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-11-12 22:20 . 2011-11-12 22:20 -------- dc----w- c:\documents and settings\Daniel\Application Data\TestApp
2011-11-12 21:52 . 2011-11-12 21:52 -------- dc----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-11-12 20:14 . 2011-11-12 20:14 709968 ----a-w- c:\windows\isRS-000.tmp
2011-11-11 22:25 . 2011-11-11 22:25 -------- d-s---w- c:\documents and settings\LocalService\UserData
2011-11-11 22:17 . 2011-11-11 22:17 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2011-11-07 01:05 . 2011-11-07 01:05 -------- d-----w- c:\program files\Common Files\Java
2011-11-06 22:48 . 2011-11-06 22:48 -------- d-----w- c:\program files\7-Zip
2011-11-06 05:15 . 2011-11-06 05:15 -------- d-----w- c:\program files\3DO
2011-11-04 03:48 . 2011-11-04 03:48 -------- d-----w- c:\program files\Electronic Arts
2011-10-29 16:34 . 2011-11-06 03:41 -------- d-----w- c:\program files\Kalypso
2011-10-28 15:25 . 2011-10-28 15:25 -------- dc----w- c:\documents and settings\UpdatusUser
2011-10-28 15:25 . 2011-10-28 15:25 -------- dc----w- c:\documents and settings\All Users\Application Data\NVIDIA
2011-10-28 15:25 . 2011-10-08 04:50 298304 ----a-w- c:\windows\system32\nvsvc32.exe
2011-10-28 15:25 . 2011-10-08 04:50 220992 ----a-w- c:\windows\system32\nvcolor.exe
2011-10-28 15:24 . 2011-10-08 04:50 16744256 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-28 15:24 . 2011-10-08 04:50 203072 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-28 15:24 . 2011-10-08 04:50 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-10-28 15:24 . 2011-10-08 04:50 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-10-28 15:23 . 2011-10-31 01:24 285176 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-10-28 15:23 . 2011-10-31 01:24 285176 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-10-28 15:23 . 2011-10-31 01:24 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-10-22 07:49 . 2011-10-22 07:53 -------- d-----w- c:\program files\Tropico
2011-10-22 06:21 . 2011-10-22 06:21 -------- dc----w- C:\Impressions Games
2011-10-22 03:23 . 2011-10-22 03:23 -------- d-----w- c:\program files\FireFly Studios
2011-10-22 01:41 . 1994-12-06 07:00 92208 ----a-r- c:\windows\system\WING.DLL
2011-10-22 01:41 . 1994-12-06 07:00 6736 ----a-r- c:\windows\system\WINGDIB.DRV
2011-10-22 01:41 . 1994-12-06 07:00 188960 ----a-r- c:\windows\system\WINGDE.DLL
2011-10-22 01:41 . 2011-10-22 01:41 -------- dc----w- C:\MMAPP
2011-10-22 01:40 . 2011-10-22 01:40 -------- dc----w- C:\~QTWTMP.TMP
2011-10-20 22:05 . 2011-10-08 04:50 919872 ----a-w- c:\windows\system32\nvdispco32.dll
2011-10-20 22:05 . 2011-10-08 04:50 877376 ----a-w- c:\windows\system32\nvgenco32.dll
2011-10-20 22:05 . 2011-10-08 04:50 65536 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-20 22:05 . 2011-10-08 04:50 17956864 ----a-w- c:\windows\system32\nvoglnt.dll
2011-10-20 22:05 . 2011-10-08 04:50 5595136 ----a-w- c:\windows\system32\nvcuda.dll
2011-10-20 22:05 . 2011-10-08 04:50 2449408 ----a-w- c:\windows\system32\nvapi.dll
2011-10-20 22:05 . 2011-10-08 04:50 2398016 ----a-w- c:\windows\system32\nvcuvid.dll
2011-10-20 22:05 . 2011-10-08 04:50 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-10-20 22:05 . 2011-10-08 04:50 17240064 ----a-w- c:\windows\system32\nvcompiler.dll
2011-10-17 02:55 . 2011-10-17 02:55 18139008 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-11 22:24 . 2008-09-14 20:30 537520 ----a-w- c:\windows\system32\lxdjcoms.exe
2011-10-10 14:22 . 2008-05-17 02:24 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-08 04:50 . 2004-08-04 07:56 4226688 ----a-w- c:\windows\system32\nv4_disp.dll
2011-10-08 04:50 . 2004-08-04 05:29 12791488 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-10-03 13:06 . 2011-06-12 23:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 10:37 . 2009-11-17 05:16 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06 . 2001-08-23 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2001-08-23 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2001-08-23 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2001-08-23 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-05 13:56 . 2001-08-23 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2011-09-05 13:56 . 2001-08-23 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-09-05 13:56 . 2009-07-09 00:06 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-09-05 12:35 . 2004-08-04 05:59 369664 ----a-w- c:\windows\system32\html.iec
2011-09-01 01:00 . 2010-07-26 04:01 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-17 13:49 . 2001-08-23 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-13_18.48.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-16 19:18 . 2004-08-04 05:59 57472 c:\windows\system32\dllcache\redbook.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-19 68856]
"Steam"="c:\program files\Steam\steam.exe" [2011-08-02 1242448]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-30 61440]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-24 122368]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-09-13 161336]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
TEW-623PI Wireless Client Utility.lnk - c:\program files\TRENDnet\TEW-623PI Wireless Client Utility\UMCCfg.exe [N/A]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\lxdjcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjtime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjwbgw.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Steam\\SteamApps\\huthah\\half-life\\hl.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\grand theft auto 2\\gta2.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:mad:xpsp2res.dll,-22009
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/12/2011 2:21 PM 331880]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [11/12/2011 2:21 PM 341656]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [11/12/2011 2:21 PM 660992]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SymDS.sys [5/24/2011 8:54 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SymEFA.sys [5/24/2011 8:54 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111027.001\BHDrvx86.sys [11/1/2011 11:37 AM 818808]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [11/12/2011 2:21 PM 185560]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 8:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 1:55 PM 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.sys [5/24/2011 8:54 PM 136312]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 3:38 PM 116608]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [11/12/2011 2:27 PM 542672]
R2 lxdjCATSCustConnectService;lxdjCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdjserv.exe [9/14/2008 12:32 PM 99248]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [5/24/2011 8:54 PM 130008]
R2 NICSer_TEW623PI_WPC370L;NICSer_TEW623PI_WPC370L;c:\program files\TRENDnet\TEW-623PI Wireless Client Utility\NICServ.exe [1/21/2009 5:58 PM 534528]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [10/28/2011 7:25 AM 2253120]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/11/2011 10:49 AM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111110.030\IDSXpx86.sys [11/10/2011 10:40 PM 356280]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [11/12/2011 2:27 PM 56840]
R3 RT80x86;TRENDnet Wireless N Network Adapter Service;c:\windows\system32\drivers\rt2860.sys [1/21/2009 5:58 PM 579456]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 6:09 PM 135664]
S3 gkmixern;gkmixern;\??\c:\docume~1\Daniel\LOCALS~1\Temp\gkmixern.sys --> c:\docume~1\Daniel\LOCALS~1\Temp\gkmixern.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 6:09 PM 135664]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools\PC Tools Security\pctsAuxs.exe [11/12/2011 2:25 PM 402336]
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [1/2/2001 10:53 PM 19677]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-19 04:24]
.
2011-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 02:09]
.
2011-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 02:09]
.
2011-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-484763869-725345543-1003Core.job
- c:\documents and settings\Daniel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-15 02:09]
.
2011-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-484763869-725345543-1003UA.job
- c:\documents and settings\Daniel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-15 02:09]
.
2011-11-08 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Daniel.job
- c:\program files\Norton 360\Engine\5.1.0.29\Navw32.exe [2011-05-25 00:28]
.
2011-11-13 c:\windows\Tasks\Norton Security Scan for Daniel.job
- c:\progra~1\NORTON~2\NORTON~1\Engine\301~1.8\Nss.exe [2011-01-13 15:22]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.10.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-13 13:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1935655697-484763869-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:12,0a,c8,32,ab,28,3b,57,32,44,76,18,a5,4f,1a,71,75,f6,7d,11,5e,b1,17,
0c,8c,bf,1a,ca,94,ee,5a,be,e2,62,b5,de,a6,5f,73,29,7a,31,41,5f,68,bc,43,b0,\
"??"=hex:c0,6b,55,c4,1d,94,5e,65,4c,0d,18,03,54,98,d4,f9
.
[HKEY_USERS\S-1-5-21-1935655697-484763869-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:0d,04,e9,c7,f9,26,b8,54,51,0e,39,a6,1c,52,10,ba,10,50,57,bf,d6,
a3,ef,5d,c6,31,b9,b6,6b,48,b2,88,d8,9c,7f,d6,8f,18,58,9c,ca,ce,46,93,f0,dc,\
"rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(612)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-11-13 13:05:25
ComboFix-quarantined-files.txt 2011-11-13 21:05
ComboFix2.txt 2011-11-13 18:58
.
Pre-Run: 38,180,040,704 bytes free
Post-Run: 38,205,542,400 bytes free
.
- - End Of File - - 8DAF287EB2F313F8D013F091E44DE9F8
 
Please re-run Combofix in normal mode and allow Recovery Console installation.

Also, post new aswMBR log.
 
Whenever I get the prompt to install the Recovery Console, I get an error right after that it could not download it. Is this because of the malware? I also cannot get the Avast Virus Definitions to install even after I agree to install them. Anyway, here is the new aswMBR report:


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-13 13:16:54
-----------------------------
13:16:54.187 OS Version: Windows 5.1.2600 Service Pack 3
13:16:54.187 Number of processors: 2 586 0x401
13:16:54.187 ComputerName: DANIEL-Q09D8YI1 UserName: Daniel
13:16:55.671 Initialize success
13:17:01.609 AVAST engine download error: 0
13:17:07.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:17:07.187 Disk 0 Vendor: ST3120814A 3.AAJ Size: 114473MB BusType: 3
13:17:09.234 Disk 0 MBR read successfully
13:17:09.234 Disk 0 MBR scan
13:17:09.234 Disk 0 Windows XP default MBR code
13:17:09.234 Disk 0 scanning sectors +234420480
13:17:09.312 Disk 0 scanning C:\WINDOWS\system32\drivers
13:17:18.015 Service scanning
13:17:19.000 Modules scanning
13:17:27.875 Disk 0 trace - called modules:
13:17:27.906 ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys PCTCore.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
13:17:27.906 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89ba0ab8]
13:17:27.906 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> [0x89b96920]
13:17:27.906 5 PCTCore.sys[f7857407] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89ba8b00]
13:17:27.906 Scan finished successfully
13:17:40.421 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Daniel\Desktop\CNS 2.0\MBR.dat"
13:17:40.421 The log file has been saved successfully to "C:\Documents and Settings\Daniel\Desktop\CNS 2.0\aswMBR2.txt"
 
Looks good now.

What are the current issues?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Here is the OTL.txt:


OTL logfile created on: 11/13/2011 4:50:01 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Daniel\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.65% Memory free
3.35 Gb Paging File | 2.47 Gb Available in Paging File | 73.87% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 35.57 Gb Free Space | 31.82% Space Free | Partition Type: NTFS
Drive D: | 675.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DANIEL-Q09D8YI1 | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/13 16:49:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel\My Documents\Downloads\OTL.exe
PRC - [2011/11/12 14:54:32 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/11/12 14:39:31 | 000,542,672 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2011/11/11 14:24:29 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdjcoms.exe
PRC - [2011/11/11 14:24:28 | 000,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdjserv.exe
PRC - [2011/11/11 14:17:08 | 000,098,304 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2011/11/11 14:17:07 | 001,916,248 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Smith Micro\StuffIt 2010\ArcNameService.exe
PRC - [2011/11/11 14:17:03 | 000,534,528 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-623PI Wireless Client Utility\NICServ.exe
PRC - [2011/11/11 14:17:02 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
PRC - [2011/11/11 14:17:00 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2011/10/07 20:50:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/08/01 16:08:10 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\steam.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/13 10:53:22 | 014,410,024 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll
MOD - [2011/11/13 10:52:21 | 000,194,344 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll
MOD - [2011/11/13 10:52:18 | 000,091,432 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-50.dll
MOD - [2011/11/13 10:52:14 | 000,155,432 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-52.dll
MOD - [2011/11/13 10:52:13 | 000,914,216 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-52.dll
MOD - [2011/11/11 14:17:03 | 000,534,528 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-623PI Wireless Client Utility\NICServ.exe
MOD - [2011/10/25 13:38:10 | 000,108,496 | ---- | M] () -- C:\Program Files\PC Tools\PC Tools Security\BDT\BSPatch.dll
MOD - [2011/10/12 02:13:09 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll
MOD - [2011/10/12 02:12:57 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\36bf3d5f05a40c9e3cadca5789c8a469\System.Runtime.Remoting.ni.dll
MOD - [2011/10/12 02:11:52 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2011/10/12 02:11:40 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/12 02:11:16 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/12 02:10:04 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/12 02:09:54 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/12 02:09:41 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/12 02:09:20 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2009/11/28 02:29:20 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3559.38418__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll
MOD - [2009/11/28 02:29:20 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3559.38418__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll
MOD - [2009/11/28 02:29:20 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3559.38424__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll
MOD - [2009/11/28 02:29:20 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3559.38418__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll
MOD - [2009/11/28 02:29:19 | 001,728,512 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3559.38290__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2009/11/28 02:29:19 | 000,290,816 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3559.38265__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2009/11/28 02:29:19 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3559.38292__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2009/11/28 02:29:19 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3559.38285__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2009/11/28 02:29:19 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3559.38276__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2009/11/28 02:29:18 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3559.38397__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2009/11/28 02:29:18 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3559.38275__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2009/11/28 02:29:17 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3559.38399__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2009/11/28 02:29:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3559.38352__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2009/11/28 02:29:13 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3559.38292__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2009/11/28 02:29:12 | 000,712,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3559.38278__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2009/11/28 02:29:10 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2009/11/28 02:29:10 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2009/11/28 02:29:10 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2009/11/28 02:29:10 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2009/11/28 02:29:10 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2009/11/28 02:29:10 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2009/11/28 02:29:10 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2009/11/28 02:29:10 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2009/11/28 02:29:08 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2009/11/28 02:29:08 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2009/11/28 02:29:08 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2009/11/28 02:29:08 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2009/11/28 02:29:08 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2009/11/28 02:29:08 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2009/11/28 02:29:08 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll
MOD - [2009/11/28 02:29:08 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2009/11/28 02:29:08 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2009/11/28 02:29:07 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2009/11/28 02:29:07 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2009/11/28 02:29:07 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2009/11/28 02:29:07 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2009/11/28 02:29:07 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2009/11/28 02:29:07 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2009/11/28 02:29:07 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2009/11/28 02:29:07 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2009/11/28 02:29:06 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2009/11/28 02:29:06 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2009/11/28 02:29:06 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MultiVPU4.Graphics.Shared\2.0.3309.28642__90ba9c70f846762e\CLI.Aspect.MultiVPU4.Graphics.Shared.dll
MOD - [2009/11/28 02:29:06 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.3309.28647__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.dll
MOD - [2009/11/28 02:29:05 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2009/11/28 02:29:04 | 000,503,808 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3559.38437__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2009/11/28 02:29:04 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3559.38409__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2009/11/28 02:29:04 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2009/11/28 02:29:04 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll
MOD - [2009/11/28 02:29:04 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2009/11/28 02:29:03 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3559.38390__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2009/11/28 02:29:03 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2009/11/28 02:29:03 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2009/11/28 02:29:03 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2009/11/28 02:29:03 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3559.38259__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2009/11/28 02:29:02 | 000,544,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3559.38383__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2009/11/28 02:29:02 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3559.38284__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2009/11/28 02:29:02 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3559.38388__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2009/11/28 02:29:02 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2009/11/28 02:29:02 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2009/11/28 02:29:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2009/11/28 02:29:02 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2009/11/28 02:29:01 | 001,019,904 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Eeu\2.0.3559.38367__90ba9c70f846762e\CLI.Component.Eeu.dll
MOD - [2009/11/28 02:29:01 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3559.38262__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2009/11/28 02:29:01 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3559.38264__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2009/11/28 02:29:01 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2009/11/28 02:29:00 | 001,142,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3559.38271__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2009/11/28 02:29:00 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2009/11/28 02:29:00 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2009/11/28 02:28:59 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3559.38262__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2009/11/28 02:28:59 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3559.38261__90ba9c70f846762e\APM.Server.dll
MOD - [2009/11/28 02:28:59 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2009/11/28 02:28:59 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3559.38390__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009/11/28 02:28:58 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3559.38260__90ba9c70f846762e\AEM.Server.dll
MOD - [2009/10/01 16:45:50 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2007/02/27 09:16:25 | 000,103,936 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdjdrpp.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SQLWriter)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/11/12 14:54:32 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/11/12 14:39:31 | 000,542,672 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2011/11/12 14:39:29 | 000,402,336 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2011/11/11 14:24:29 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdjcoms.exe -- (lxdj_device)
SRV - [2011/11/11 14:24:28 | 000,099,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdjserv.exe -- (lxdjCATSCustConnectService)
SRV - [2011/11/11 14:17:08 | 000,098,304 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2011/11/11 14:17:07 | 001,916,248 | ---- | M] (Smith Micro Software, Inc.) [Auto | Running] -- C:\Program Files\Smith Micro\StuffIt 2010\ArcNameService.exe -- (Stuffit Archive Name Service)
SRV - [2011/11/11 14:17:03 | 000,534,528 | ---- | M] () [Auto | Running] -- C:\Program Files\TRENDnet\TEW-623PI Wireless Client Utility\NICServ.exe -- (NICSer_TEW623PI_WPC370L)
SRV - [2011/11/11 14:17:02 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2011/11/11 14:17:00 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2011/10/28 11:02:02 | 001,117,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2011/10/07 20:50:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/11/09 19:13:41 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111111.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/11/09 19:13:41 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/11/09 19:13:41 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111111.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/11/09 01:20:53 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/10/28 11:02:54 | 000,185,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2011/10/22 15:11:14 | 000,331,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2011/10/14 15:10:08 | 000,818,808 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111027.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/10/07 17:52:12 | 000,660,992 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2011/10/07 17:52:06 | 000,341,656 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2011/09/28 13:14:02 | 000,056,840 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PCTBD.sys -- (PCTBD)
DRV - [2011/08/22 23:17:32 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111110.030\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/07/22 08:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 13:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/24 20:55:06 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/03/30 19:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 19:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 16:39:49 | 000,369,784 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/14 18:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/26 22:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/26 21:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2009/09/29 20:18:22 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/04/13 10:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/01/30 18:28:08 | 000,579,456 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86)
DRV - [2007/06/15 01:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2005/10/27 14:06:30 | 000,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) Linksys Wireless-G PCI Adapter Driver(RT61)
DRV - [2005/01/10 09:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 09:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2001/08/23 04:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/23 04:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/01/02 22:53:30 | 000,019,677 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xbreader.sys -- (xbreader) MaxDrive XBox Driver (xbreader.sys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1935655697-484763869-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1935655697-484763869-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1935655697-484763869-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1935655697-484763869-725345543-1003\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-1935655697-484763869-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1935655697-484763869-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-21-1935655697-484763869-725345543-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=11: C:\Program Files\Google\Google Updater\2.2.1229.1533\npCIDetect11.dll File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Daniel\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2011/09/30 12:47:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_3_6
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2011/11/12 14:27:21 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Chrome\Application\15.0.874.120\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Chrome\Application\15.0.874.120\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Daniel\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AT_CharlotteRonson = C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\obakimnhgahiedhcjlcnohielmendpen\3_0\

O1 HOSTS File: ([2011/11/13 13:01:49 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll File not found
O2 - BHO: (PC Tools Browser Defender BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll File not found
O3 - HKLM\..\Toolbar: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-1935655697-484763869-725345543-1003\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll File not found
O3 - HKU\S-1-5-21-1935655697-484763869-725345543-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [Google Updater] C:\Program Files\Google\Google Updater\GoogleUpdater.exe (Google)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1935655697-484763869-725345543-1003..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1935655697-484763869-725345543-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TEW-623PI Wireless Client Utility.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1935655697-484763869-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1935655697-484763869-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1935655697-484763869-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1935655697-484763869-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1935655697-484763869-725345543-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1935655697-484763869-725345543-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-1935655697-484763869-725345543-1003\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab (DLM Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1211123166485 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6E6602B-443D-4AFC-A4DC-5C74A8B01283}: DhcpNameServer = 192.168.10.1
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\Msdxm6.ocx (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Daniel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Daniel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/16 18:26:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/08/23 19:21:18 | 000,000,067 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/13 10:20:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/11/13 09:44:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/13 09:44:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/13 09:44:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/13 09:44:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/13 09:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/13 09:44:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/12 18:12:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/11/12 14:53:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel\Application Data\SUPERAntiSpyware.com
[2011/11/12 14:52:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/11/12 14:52:47 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/11/12 14:52:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/11/12 14:27:19 | 000,056,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTBD.sys
[2011/11/12 14:27:17 | 002,291,664 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2011/11/12 14:27:17 | 001,681,360 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2011/11/12 14:27:17 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2011/11/12 14:26:17 | 000,252,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2011/11/12 14:26:05 | 000,017,848 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctBTFix.sys
[2011/11/12 14:26:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
 
[2011/11/12 14:25:56 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2011/11/12 14:21:33 | 000,660,992 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
[2011/11/12 14:21:32 | 000,341,656 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2011/11/12 14:21:29 | 000,331,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2011/11/12 14:21:29 | 000,162,584 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2011/11/12 14:21:27 | 000,185,560 | ---- | C] (PC Tools) --C:\WINDOWS\System32\drivers\PCTSD.sys
[2011/11/12 14:21:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/11/12 14:21:26 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2011/11/12 14:20:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/11/12 14:20:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel\Application Data\TestApp
[2011/11/12 13:52:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/11/11 14:18:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/11/11 14:17:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/11/06 17:05:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/11/06 14:48:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2011/11/06 14:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/11/05 21:17:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\3DO
[2011/11/05 21:15:07 | 000,000,000 | ---D | C] -- C:\Program Files\3DO
[2011/11/03 20:03:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel\My Documents\SimCity Societies
[2011/11/03 19:59:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Electronic Arts
[2011/11/03 19:48:09 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2011/10/29 08:34:33 | 000,000,000 | ---D | C] -- C:\Program Files\Kalypso
[2011/10/28 07:25:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2011/10/21 23:49:24 | 000,000,000 | ---D | C] -- C:\Program Files\Tropico
[2011/10/21 23:49:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tropico
[2011/10/21 22:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Impressions Games
[2011/10/21 22:21:21 | 000,000,000 | ---D | C] -- C:\Impressions Games
[2011/10/21 19:23:38 | 000,000,000 | ---D | C] -- C:\Program Files\FireFly Studios
[2011/10/21 19:23:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FireFly Studios
[2011/10/21 17:41:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DK Multimedia
[2011/10/21 17:41:14 | 000,000,000 | ---D | C] -- C:\MMAPP
[2011/10/20 14:05:42 | 000,065,536 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2008/09/14 12:30:28 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjinpa.dll
[2008/09/14 12:30:28 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjhcp.dll
[2008/09/14 12:30:27 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjserv.dll
[2008/09/14 12:30:27 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjusb1.dll
[2008/09/14 12:30:27 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjiesc.dll
[2008/09/14 12:30:26 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjpmui.dll
[2008/09/14 12:30:26 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjlmpm.dll
[2008/09/14 12:30:26 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjprox.dll
[2008/09/14 12:30:26 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjpplc.dll
[2008/09/14 12:30:25 | 000,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjhbn3.dll
[2008/09/14 12:30:25 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjih.exe
[2008/09/14 12:30:24 | 000,537,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjcoms.exe
[2008/09/14 12:30:23 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjcomc.dll
[2008/09/14 12:30:23 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjcomm.dll
[2008/09/14 12:30:23 | 000,394,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjcfg.exe
[2002/04/11 00:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/13 16:54:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-484763869-725345543-1003UA.job
[2011/11/13 16:00:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/13 13:25:00 | 000,000,820 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/11/13 13:01:49 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/13 12:35:14 | 000,000,928 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\Shortcut to SystemLook.exe.lnk
[2011/11/13 10:47:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/13 10:47:42 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/13 10:38:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/13 09:43:23 | 000,000,663 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\Shortcut to ComboFix.exe.lnk
[2011/11/13 09:38:14 | 000,000,651 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\Shortcut to aswMBR.exe.lnk
[2011/11/13 09:33:09 | 000,000,948 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\Shortcut to tdsskiller (1).exe.lnk
[2011/11/12 21:23:48 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/12 17:15:33 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Daniel.job
[2011/11/12 14:52:52 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/11/12 14:26:06 | 000,001,809 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Spyware Doctor.lnk
[2011/11/12 14:21:58 | 000,708,350 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/11/12 12:14:33 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/12 09:54:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-484763869-725345543-1003Core.job
[2011/11/11 14:24:29 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\System32\lxdjcoms.exe
[2011/11/10 19:57:13 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Daniel\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/10 19:57:11 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\Google Chrome.lnk
[2011/11/10 03:09:53 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/07 20:00:01 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Daniel.job
[2011/11/06 11:33:30 | 000,483,064 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/06 11:33:29 | 000,086,774 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/04 23:25:04 | 000,000,280 | ---- | M] () -- C:\{DC6F5D94-DC48-4D53-8C79-AAEF752762EA}
[2011/11/03 19:59:25 | 000,001,902 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SimCity™ Societies.lnk
[2011/10/30 17:24:28 | 000,285,176 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/10/30 17:24:28 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/10/30 17:24:24 | 000,285,176 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/10/28 11:03:18 | 000,070,536 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2011/10/28 11:02:54 | 000,185,560 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2011/10/28 11:01:36 | 000,017,848 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctBTFix.sys
[2011/10/28 10:40:58 | 000,252,840 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2011/10/28 07:23:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/10/25 13:38:20 | 000,149,456 | ---- | M] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2011/10/25 13:38:18 | 002,291,664 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2011/10/25 13:38:18 | 001,681,360 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2011/10/25 13:38:08 | 000,767,952 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
[2011/10/22 21:28:03 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\Fallout Mod Manager.lnk
[2011/10/22 15:11:14 | 000,331,880 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2011/10/22 15:11:08 | 000,162,584 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2011/10/21 23:53:56 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tropico.lnk
[2011/10/21 22:24:45 | 000,001,582 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\Pharaoh and Cleopatra.lnk
[2011/10/21 22:24:44 | 000,000,128 | ---- | M] () -- C:\WINDOWS\Sierra.ini
[2011/10/21 19:26:40 | 000,000,768 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\Shortcut to Stronghold.exe.lnk
[2011/10/21 17:40:42 | 000,000,824 | ---- | M] () -- C:\WINDOWS\QT$INST$.~32
[2011/10/21 17:40:35 | 000,000,037 | ---- | M] () -- C:\WINDOWS\Qtw.ini
[2011/10/20 13:17:49 | 000,353,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/13 12:35:14 | 000,000,928 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\Shortcut to SystemLook.exe.lnk
[2011/11/13 09:44:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/13 09:44:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/13 09:44:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/13 09:44:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/13 09:44:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/13 09:43:23 | 000,000,663 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\Shortcut to ComboFix.exe.lnk
[2011/11/13 09:38:14 | 000,000,651 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\Shortcut to aswMBR.exe.lnk
[2011/11/13 09:33:09 | 000,000,948 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\Shortcut to tdsskiller (1).exe.lnk
[2011/11/12 14:52:52 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/11/12 14:27:18 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2011/11/12 14:27:18 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2011/11/12 14:27:17 | 000,003,488 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2011/11/12 14:27:17 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2011/11/12 14:27:17 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2011/11/12 14:26:06 | 000,001,809 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Spyware Doctor.lnk
[2011/11/12 14:21:36 | 000,708,350 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/11/12 12:14:32 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/04 23:25:03 | 000,000,280 | ---- | C] () -- C:\{DC6F5D94-DC48-4D53-8C79-AAEF752762EA}
[2011/11/03 19:59:25 | 000,001,902 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SimCity™ Societies.lnk
[2011/10/30 17:23:32 | 000,003,250 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2011/10/28 07:23:40 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/10/28 07:23:39 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/10/28 07:23:39 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/10/28 07:23:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/10/22 21:28:03 | 000,000,921 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\Fallout Mod Manager.lnk
[2011/10/21 23:49:24 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tropico.lnk
[2011/10/21 22:24:45 | 000,001,582 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\Pharaoh and Cleopatra.lnk
[2011/10/21 22:24:44 | 000,000,128 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2011/10/21 19:26:40 | 000,000,768 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\Shortcut to Stronghold.exe.lnk
[2011/10/21 17:40:40 | 000,000,824 | ---- | C] () -- C:\WINDOWS\QT$INST$.~32
[2011/10/21 17:40:35 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Qtw.ini
[2011/10/20 14:05:41 | 002,130,002 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/07/25 07:48:34 | 000,041,036 | ---- | C] () -- C:\Program Files\monofont.ttf
[2011/05/18 16:48:11 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Daniel\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/18 16:42:57 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/09/12 15:00:18 | 000,354,304 | ---- | C] () -- C:\WINDOWS\System32\pythoncom26.dll
[2010/09/12 15:00:18 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\pywintypes26.dll
[2010/08/13 14:24:26 | 000,000,003 | ---- | C] () -- C:\WINDOWS\sw_app.sys
[2010/08/13 14:24:26 | 000,000,003 | ---- | C] () -- C:\WINDOWS\approval.dat
[2010/08/13 14:24:16 | 000,000,003 | ---- | C] () -- C:\WINDOWS\sw_ver.dat
[2009/12/20 21:13:41 | 000,002,554 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2009/12/20 21:13:31 | 000,000,187 | ---- | C] () -- C:\WINDOWS\SimTower.ini
[2009/11/27 11:41:35 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2009/11/06 09:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/04/01 21:11:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2009/01/27 21:35:03 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/01/21 17:58:36 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2009/01/19 10:56:29 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/01/10 01:28:36 | 000,000,871 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2008/11/14 19:29:59 | 000,012,496 | ---- | C] () -- C:\WINDOWS\MSPuzzle.dat
[2008/10/11 02:27:33 | 000,000,220 | ---- | C] () -- C:\WINDOWS\cncscore.ini
[2008/10/11 02:21:06 | 000,286,208 | ---- | C] () -- C:\WINDOWS\System32\CNCS232.DLL
[2008/10/07 21:17:04 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Daniel\Application Data\PFP120JPR.{PB
[2008/10/07 21:17:04 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Daniel\Application Data\PFP120JCM.{PB
[2008/09/14 12:32:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdjvs.dll
[2008/09/14 12:32:07 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdjcoin.dll
[2008/09/14 12:30:53 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\lxdjrwrd.ini
[2008/09/14 12:30:28 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\lxdjinst.dll
[2008/09/14 12:30:24 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdjgrd.dll
[2008/09/13 14:31:19 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/06/14 10:03:56 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Daniel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/01 19:06:09 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2008/05/18 09:55:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/05/18 09:51:30 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008/05/18 07:34:51 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/05/16 18:35:56 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/05/16 18:27:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/05/16 18:24:27 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/05/16 11:16:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/05/16 11:16:06 | 000,353,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/03/28 19:36:13 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/03/28 19:36:13 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/03/28 19:36:13 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/03/06 06:40:54 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/05/03 10:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2003/10/02 09:48:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2002/09/18 00:45:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe
[2001/08/23 04:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 04:00:00 | 000,483,064 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 04:00:00 | 000,086,774 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 04:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/23 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2000/01/28 00:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\wrkgadm.exe
[2000/01/28 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1999/12/06 23:00:00 | 000,024,975 | ---- | C] () -- C:\WINDOWS\twain_16.dll

========== LOP Check ==========

[2010/09/24 10:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/08/30 11:20:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011/08/05 22:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fallout3
[2011/11/12 13:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/10/17 12:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2008/08/21 21:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SimCity Societies
[2011/10/10 07:44:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Smith Micro
[2009/02/07 16:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/08/21 16:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\.minecraft
[2011/06/15 15:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\BitTorrent
[2010/12/16 23:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\BSplayer
[2010/12/16 22:52:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\BSplayer Pro
[2008/08/31 12:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\DNA
[2010/06/17 11:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\gtk-2.0
[2009/01/19 10:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\Leadertech
[2009/08/17 20:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\Stella
[2010/11/19 10:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\Subversion
[2011/11/12 14:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\TestApp
[2010/03/15 20:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\Ubisoft
[2011/09/22 21:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\Unity

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/05/16 18:26:29 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/27 14:07:47 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/11/13 13:05:27 | 000,018,000 | ---- | M] () -- C:\ComboFix.txt
[2008/05/16 18:26:29 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/01/21 17:51:47 | 000,000,104 | ---- | M] () -- C:\Delapp.bat
[2011/03/17 21:38:19 | 000,035,354 | ---- | M] () -- C:\drwtsn32.log
[2008/05/16 18:26:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/11/11 14:19:40 | 000,006,734 | ---- | M] () -- C:\lxdj.log
[2008/05/16 18:26:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/05/18 07:39:26 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/05/18 08:10:21 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/11/13 10:38:35 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2010/07/26 04:48:10 | 000,000,592 | ---- | M] () -- C:\rkill.log
[2011/11/12 12:47:54 | 000,049,248 | ---- | M] () -- C:\TDSSKiller.2.6.18.0_12.11.2011_12.46.25_log.txt
[2011/11/12 13:21:56 | 000,049,248 | ---- | M] () -- C:\TDSSKiller.2.6.18.0_12.11.2011_13.20.33_log.txt
[2011/11/12 19:21:09 | 000,104,008 | ---- | M] () -- C:\TDSSKiller.2.6.18.0_12.11.2011_19.20.12_log.txt
[2011/11/12 19:24:27 | 000,001,832 | ---- | M] () -- C:\TDSSKiller.2.6.18.0_12.11.2011_19.23.56_log.txt
[2011/11/13 09:34:59 | 000,052,112 | ---- | M] () -- C:\TDSSKiller.2.6.18.0_13.11.2011_09.33.23_log.txt
[2011/08/04 20:25:58 | 000,000,272 | ---- | M] () -- C:\{207F5618-02CA-43E3-B930-E99F22849122}
[2011/07/25 20:29:34 | 000,000,272 | ---- | M] () -- C:\{9C217BBD-E821-4257-B6C0-5447D680FC49}
[2011/11/04 23:25:04 | 000,000,280 | ---- | M] () -- C:\{DC6F5D94-DC48-4D53-8C79-AAEF752762EA}
[1 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008/05/16 18:26:13 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 04:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/02/27 09:16:25 | 000,103,936 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdjdrpp.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 02:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2009/09/10 20:02:07 | 000,001,778 | -H-- | M] () -- C:\Documents and Settings\Daniel\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >
[2003/10/06 20:36:36 | 000,041,036 | ---- | M] () -- C:\Program Files\monofont.ttf

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/05/16 11:15:18 | 000,090,112 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008/05/16 11:15:18 | 000,630,784 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008/05/16 11:15:17 | 000,397,312 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/05/18 08:14:38 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/05/18 08:19:10 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Daniel\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2008/05/16 18:31:06 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Daniel\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/01/21 21:33:28 | 082,952,744 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Daniel\Desktop\N360S300EN.exe
[1990/05/17 16:40:54 | 000,086,448 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\TP3.EXE

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2008/05/18 09:49:24 | 036,940,312 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Documents and Settings\Daniel\My Documents\8-4_xp32_dd_ccc_wdm_enu_60999.exe
[2008/05/18 10:01:56 | 023,510,720 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Daniel\My Documents\dotnetfx.exe
[2008/05/18 09:53:09 | 008,912,160 | ---- | M] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\Daniel\My Documents\R91081.EXE
[2008/05/22 17:14:44 | 001,206,366 | ---- | M] () -- C:\Documents and Settings\Daniel\My Documents\wrar371.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/05/18 08:19:10 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Daniel\Favorites\Desktop.ini
[2008/05/18 18:20:29 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Daniel\Favorites\Internet.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/01/10 09:41:33 | 000,000,630 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/11/13 16:49:10 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Daniel\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2009/01/30 16:40:22 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2001/05/02 14:24:18 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\blogo.gif
[2008/04/13 16:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/07/17 10:41:08 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2001/03/07 05:00:26 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2001/05/22 12:06:52 | 000,000,866 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008/05/02 06:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 09:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 16:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2001/02/01 05:00:26 | 000,000,685 | ---- | M] () -- C:\Program Files\Messenger\msmsgs.exe.manifest
[2001/08/01 20:58:12 | 000,016,415 | ---- | M] () -- C:\Program Files\Messenger\msmsgsin.exe
[2004/07/17 10:41:08 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/07/17 10:41:08 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/07/17 10:41:08 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2000/12/05 12:10:32 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/07/17 10:41:04 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"NoAutoRebootWithLoggedOnUsers" = 1

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Daniel\Desktop\N360S300EN.exe:SummaryInformation

< End of report >
 
The Extras.txt:


OTL Extras logfile created on: 11/13/2011 4:50:01 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Daniel\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.65% Memory free
3.35 Gb Paging File | 2.47 Gb Available in Paging File | 73.87% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 35.57 Gb Free Space | 31.82% Space Free | Partition Type: NTFS
Drive D: | 675.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DANIEL-Q09D8YI1 | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1935655697-484763869-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Disabled:mad:xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Disabled:mad:xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Lexmark 1400 Series\app4r.exe" = C:\Program Files\Lexmark 1400 Series\app4r.exe:*:Enabled:printing Application

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\WINDOWS\system32\lxdjcoms.exe" = C:\WINDOWS\system32\lxdjcoms.exe:*:Enabled:1400 Series Server -- ( )
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdjpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdjpswx.exe:*:Enabled: -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdjjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdjjswx.exe:*:Enabled: -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdjtime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdjtime.exe:*:Enabled: -- (Lexmark International, Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdjwbgw.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdjwbgw.exe:*:Enabled: -- ()
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Steam\SteamApps\huthah\half-life\hl.exe" = C:\Program Files\Steam\SteamApps\huthah\half-life\hl.exe:*:Enabled:Half-Life -- (Valve)
"C:\Program Files\Steam\SteamApps\common\grand theft auto 2\gta2.exe" = C:\Program Files\Steam\SteamApps\common\grand theft auto 2\gta2.exe:*:Enabled:Grand Theft Auto 2 -- (Rockstar North)
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06053AB3-B607-B752-3252-4A2EA9E9761E}" = CCC Help Dutch
"{0B4A8658-43F1-50CA-AF30-C67E3AE2C9ED}" = CCC Help Greek
"{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}" = SimCity™ Societies
"{0CC61470-D776-2353-D5CB-C7BC20204863}" = CCC Help Finnish
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{12655AB3-9285-A2F0-5BBC-C5C45E4D718C}" = CCC Help Czech
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel(R) PROSet for Wired Connections
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{2205B8AE-490E-43F2-AB43-C13C2BEC86A7}" = DDS Thumbnail Viewer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23D683DD-93C6-48E6-B84E-78B57778F126}" = Oblivion - Construction Set
"{24700C01-3A72-29D4-001B-6EE6BF71EB5E}" = CCC Help Korean
"{26262388-95BF-58B0-CD46-A8F957BB67BF}" = Catalyst Control Center Graphics Full Existing
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 29
"{26A7FC57-FC21-4CA9-85BD-4324B3294D8B}" = StuffIt 2010
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{329376FB-FB6C-C587-F483-07E3418456F5}" = ccc-utility
"{33A38A8B-9E1E-BCBB-EA87-CE797EC75080}" = CCC Help Chinese Traditional
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{369EEB32-64D1-F22A-1B2C-A3E81582E767}" = CCC Help Japanese
"{3FCD8F30-057D-C96F-AEF4-B0D77DE9730C}" = CCC Help Portuguese
"{46605BDE-7F82-DB0F-7906-3279A7E639BE}" = Catalyst Control Center Localization All
"{4723f199-fa64-4233-8e6e-9fccc95a18ee}" = Python 2.6.5
"{47836B39-2465-4F39-9D7E-52F70A1C3D72}" = Axis & Allies
"{480A8E00-D808-7D79-977B-CEBBB3BEB409}" = CCC Help French
"{48C7FD10-D6AD-8EE0-2E8E-0480C4EEB1BD}" = Catalyst Control Center HydraVision Full
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5CA7ABC3-5F89-3A1D-A113-046EA4C7FCEB}" = ccc-core-static
"{6478FF30-60A5-4CAE-AC7E-B04309EFDE5D}" = The Secret of the Silver Earring
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6F77AD48-BA04-F868-2D04-FC1BFF5E00BA}" = Catalyst Control Center Graphics Light
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{788907C5-C83B-9785-A1F0-67050017324E}" = CCC Help Spanish
"{7F5F1767-88C6-CBFC-5DD3-D853343FD5AE}" = CCC Help German
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{818FB39B-1A57-4F1B-A54D-391C33D6C596}" = Tropico
"{821DABD6-26F2-49E5-AE55-40A589ADBE6D}" = Pharaoh and Cleopatra
"{84DE3702-3262-BE38-27E8-5ED423D803C6}" = CCC Help Chinese Standard
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95053B5A-42E0-830E-85BD-733FAFC28BA7}" = ccc-core-preinstall
"{958DE2CC-E767-405F-91EA-B0E899AB582C}" = 802.11 Wireless Client Utility
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B40D533-4F38-893D-EE5A-17226104BBC2}" = Skins
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{A08CB73B-5DEA-185D-5D98-2230004D75ED}" = CCC Help Danish
"{A22D91C3-E7BD-CBEE-7CDC-DE4C42FA27B7}" = CCC Help Hungarian
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD0DD974-ADC2-8C10-DFA6-C1203A6E5106}" = CCC Help Polish
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B014F739-B305-5319-D996-6612BD60ED74}" = CCC Help Swedish
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.95
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B343B0E3-212A-40B9-8207-1BD299228F5D}" = Fallout 3 - The Garden of Eden Creation Kit
"{BED27751-CD2A-4C2F-9813-00B9B60C76FE}" = Railroad Tycoon II - Platinum
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C570CAF4-D734-5412-C842-9AB150803074}" = Catalyst Control Center Core Implementation
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01F5B2C-2776-6C46-441C-E819C08DF4FF}" = CCC Help Turkish
"{D2FCA53F-F568-D08A-458F-F7C9769A30ED}" = CCC Help Norwegian
"{D89B70AB-CF91-36A4-8658-FACA3AF6A654}" = Catalyst Control Center Graphics Previews Common
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set
"{DF1274DC-02D4-B2D7-6197-5D24E1EF84B1}" = CCC Help Thai
"{E000D42E-5842-20A6-EEB1-6DED8C2746C5}" = CCC Help Italian
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4C1DBF1-67D9-4973-9DEC-677E695E7CE0}" = AxCrypt 1.7.2126.0
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E7679B31-21F5-4AAE-1620-0DFACF702325}" = Catalyst Control Center Graphics Full New
"{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
"{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
"{F83491F9-7CDF-46A7-9994-9E002CE5CE75}" = CCC Help Russian
"{FDE409B1-1FF3-DC39-083E-C0F4ED496D5E}" = CCC Help English
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"Army Men II" = Army Men II
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"BitTorrent" = BitTorrent
"BOSS" = BOSS
"Browser Defender_is1" = Browser Defender 4.0
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Chatango" = Chatango Message Catcher
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CSCLIB" = Canon Camera Support Core Library
"DaggerfallSetup_is1" = Daggerfall
"EOS Utility" = Canon Utilities EOS Utility
"Fallout Mod Manager_is1" = Fallout Mod Manager 0.12.6
"GCFScape_is1" = GCFScape 1.8.2
"Google Updater" = Google Updater
"Half-Life 2 Runes" = Half-Life 2 Runes
"HLFX: Lost in Black Mesa" = HLFX: Lost in Black Mesa
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MS Access 97 SP2" = MS Access 97 SP2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"N360" = Norton 360
"NSS" = Norton Security Scan
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PhotoStitch" = Canon Utilities PhotoStitch
"Puzzle Collection" = Microsoft Entertainment Pack: The Puzzle Collection
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"Reissues" = Reissues Final 1.1
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Spyware Doctor" = PC Tools Spyware Doctor 9.0
"Steam App 12180" = Grand Theft Auto 2
"Steam App 211" = Source SDK
"Steam App 215" = Source SDK Base
"Steam App 218" = Source SDK Base - Orange Box
"Steam App 220" = Half-Life 2
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 380" = Half-Life 2: Episode One
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 70" = Half-Life
"Streets of Rage 2_is1" = Streets of Rage 2
"SvenCoop" = Sven Co-op 4.0B
"ULTIMATER" = Microsoft Office Ultimate 2007
"Unlocker" = Unlocker 1.8.9
"VTF Explorer_is1" = VTF Explorer 1.3
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1935655697-484763869-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/6/2011 12:41:37 AM | Computer Name = DANIEL-Q09D8YI1 | Source = Application Error | ID = 1000
Description = Faulting application fallout3.exe, version 1.7.0.3, faulting module
fallout3.exe, version 1.7.0.3, fault address 0x000e868e.

Error - 11/6/2011 12:42:29 AM | Computer Name = DANIEL-Q09D8YI1 | Source = Application Error | ID = 1000
Description = Faulting application fallout3.exe, version 1.7.0.3, faulting module
fallout3.exe, version 1.7.0.3, fault address 0x00119241.

Error - 11/6/2011 12:53:04 AM | Computer Name = DANIEL-Q09D8YI1 | Source = Application Error | ID = 1000
Description = Faulting application fallout3.exe, version 1.7.0.3, faulting module
fallout3.exe, version 1.7.0.3, fault address 0x00119241.

Error - 11/6/2011 12:53:15 AM | Computer Name = DANIEL-Q09D8YI1 | Source = Application Error | ID = 1001
Description = Fault bucket 1570335455.

Error - 11/6/2011 12:53:44 AM | Computer Name = DANIEL-Q09D8YI1 | Source = Application Error | ID = 1000
Description = Faulting application fallout3.exe, version 1.7.0.3, faulting module
fallout3.exe, version 1.7.0.3, fault address 0x00119241.

Error - 11/10/2011 7:40:42 PM | Computer Name = DANIEL-Q09D8YI1 | Source = Application Error | ID = 1000
Description = Faulting application stuffit14.exe, version 14.0.0.18, faulting module
stuffit14.exe, version 14.0.0.18, fault address 0x00090067.

Error - 11/11/2011 6:13:13 PM | Computer Name = DANIEL-Q09D8YI1 | Source = Application Error | ID = 1000
Description = Faulting application stuffit14.exe, version 14.0.0.18, faulting module
urlmon.dll, version 6.0.2900.6148, fault address 0x0000e9e6.

Error - 11/12/2011 4:12:27 PM | Computer Name = DANIEL-Q09D8YI1 | Source = MBAMService | ID = 131073
Description =

Error - 11/12/2011 6:27:32 PM | Computer Name = DANIEL-Q09D8YI1 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/12/2011 6:27:32 PM | Computer Name = DANIEL-Q09D8YI1 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

[ System Events ]
Error - 11/13/2011 12:47:50 AM | Computer Name = DANIEL-Q09D8YI1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 11/13/2011 12:47:56 AM | Computer Name = DANIEL-Q09D8YI1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 11/13/2011 12:47:58 AM | Computer Name = DANIEL-Q09D8YI1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 11/13/2011 12:48:20 AM | Computer Name = DANIEL-Q09D8YI1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 11/13/2011 12:49:08 AM | Computer Name = DANIEL-Q09D8YI1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 11/13/2011 5:00:16 AM | Computer Name = DANIEL-Q09D8YI1 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 11/13/2011 5:00:47 AM | Computer Name = DANIEL-Q09D8YI1 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 11/13/2011 5:01:18 AM | Computer Name = DANIEL-Q09D8YI1 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 11/13/2011 5:01:48 AM | Computer Name = DANIEL-Q09D8YI1 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 11/13/2011 10:00:34 AM | Computer Name = DANIEL-Q09D8YI1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127


< End of report >
 
To tell the truth, things are much better! Google doesn't redirect me anymore and my webpages load normally again instead of taking forever and often losing the connection. If it's ok to check Norton 360 again I'll let you know if it's running again.
 
I'm having trouble starting Norton 360. I can click on the desktop icon but nothing loads, also when I try starting Norton as a New Task in Task Manager it still won't start. Is this from the malware or is this a problem with Norton itself?
 
You must log in or register to reply here.

Similar threads

D
Solved PC Shutting Down During Malware Scans, Presumed Malware Infection (Windows 7)
2
Replies
27
Views
7K
Broni
Broni
D
Inactive Windows 7: profile chagned to temporary profile; system restore 0xc0000022 error -- Malware?
2
Replies
30
Views
8K
Broni
Broni
EyeSore
Inactive Mfplat.dll, SyncToy, and WIN7 Index fail
2
Replies
42
Views
10K
Broni
Broni

Latest posts

Back