Solved Infected with Backdoor.tidserv
- Thread starter bigdru222
- Start date
- Status
Broni
Posts: 56,041 +516
Welcome aboard
Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.
Please, observe following rules:
Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running tools or applying updates other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
Norton Internet Security
Scan Statistics:
Scan Time: 2,115 seconds
Scan Targets: Entire computer
Counts:
Total items scanned: 468,868
- Files & Directories: 462,102
- Registry Entries: 317
- Processes & Start-up Items: 4,365
- Network & Browser Items: 2,078
- Other: 4
- Trusted Files: 7,726
- Skipped Files: 18,956
Total security risks detected: 18
Total items resolved: 18
Total items that require attention: 0
Resolved Threats:
18 Tracking Cookies
Type: Anomaly
Risk: Low (Low Stealth, Low Removal, Low Performance, Low Privacy)
Categories: Tracking Cookies
Status: Fully Resolved
-----------
18 Tracking Cookies
ad.yieldmanager.com - Deleted
.apmebf.com - Deleted
.fastclick.net - Deleted
.atdmt.com - Deleted
.quantserve.com - Deleted
.doubleclick.net - Deleted
.content.yieldmanager.com - Deleted
.247realmedia.com - Deleted
.ru4.com - Deleted
.trafficmp.com - Deleted
.go.com - Deleted
.espn.go.com - Deleted
.gostats.com - Deleted
.myxer.adbureau.net - Deleted
oasc09.247realmedia.com - Deleted
statse.webtrendslive.com - Deleted
- Deleted
- Deleted
Unresolved Threats:
No unresolved risks
Scan Statistics:
Scan Time: 2,115 seconds
Scan Targets: Entire computer
Counts:
Total items scanned: 468,868
- Files & Directories: 462,102
- Registry Entries: 317
- Processes & Start-up Items: 4,365
- Network & Browser Items: 2,078
- Other: 4
- Trusted Files: 7,726
- Skipped Files: 18,956
Total security risks detected: 18
Total items resolved: 18
Total items that require attention: 0
Resolved Threats:
18 Tracking Cookies
Type: Anomaly
Risk: Low (Low Stealth, Low Removal, Low Performance, Low Privacy)
Categories: Tracking Cookies
Status: Fully Resolved
-----------
18 Tracking Cookies
ad.yieldmanager.com - Deleted
.apmebf.com - Deleted
.fastclick.net - Deleted
.atdmt.com - Deleted
.quantserve.com - Deleted
.doubleclick.net - Deleted
.content.yieldmanager.com - Deleted
.247realmedia.com - Deleted
.ru4.com - Deleted
.trafficmp.com - Deleted
.go.com - Deleted
.espn.go.com - Deleted
.gostats.com - Deleted
.myxer.adbureau.net - Deleted
oasc09.247realmedia.com - Deleted
statse.webtrendslive.com - Deleted
- Deleted
- Deleted
Unresolved Threats:
No unresolved risks
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6487
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
5/1/2011 7:49:33 PM
mbam-log-2011-05-01 (19-49-33).txt
Scan type: Quick scan
Objects scanned: 154450
Time elapsed: 1 minute(s), 25 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
www.malwarebytes.org
Database version: 6487
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
5/1/2011 7:49:33 PM
mbam-log-2011-05-01 (19-49-33).txt
Scan type: Quick scan
Objects scanned: 154450
Time elapsed: 1 minute(s), 25 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by user at 20:12:38.64 on Sun 05/01/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.12279.10342 [GMT -7:00]
.
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\System32\hdsp32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\hdspmix.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\SlySoft\VirtualCloneDrive\VCDDaemon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\user\Desktop\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=Z005&form=ZGAPHP
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\SlySoft\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\user\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CODEME~1.LNK - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
mRun-x64: [HDSPTray1] hdsp32.exe
mRun-x64: [HDSPTray2] hdspmix.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z005&form=ZGAADF&q=
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1205000.07D\SymDS64.sys [2011-1-10 450608]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1205000.07D\SymEFA64.sys [2011-1-10 802864]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110419.001\BHDrvx64.sys [2011-4-19 1127032]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110429.002\IDSviA64.sys [2011-4-30 476792]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1205000.07D\Ironx64.sys [2011-1-10 171128]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1205000.07D\symnets.sys [2011-1-10 382072]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 CodeMeter.exe;CodeMeter Runtime Server;C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2010-4-8 1868176]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe [2011-1-10 130000]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-7-31 235624]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-9-23 132656]
R3 hdsp;RME Hammerfall Audio Device;C:\Windows\System32\drivers\hdsp_64.sys [2010-9-22 97280]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2009-6-19 712704]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2009-9-25 73728]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2009-9-25 178688]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2010-9-22 131688]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-17 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-17 136176]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-17 1255736]
.
=============== Created Last 30 ================
.
2011-05-02 02:47:29 -------- d-----w- C:\Users\user\AppData\Roaming\Malwarebytes
2011-05-02 02:46:32 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-02 02:46:32 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-05-02 02:46:29 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-02 02:46:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2011-04-27 03:01:39 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-04-27 03:01:39 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-04-27 03:01:27 2870272 ----a-w- C:\Windows\explorer.exe
2011-04-27 03:01:27 2614784 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-04-27 02:57:31 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-04-27 02:57:31 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-04-27 02:57:31 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-04-27 02:57:31 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-04-27 02:57:31 2566144 ----a-w- C:\Windows\System32\esent.dll
2011-04-27 02:57:31 187264 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-04-27 02:57:31 1686016 ----a-w- C:\Windows\SysWow64\esent.dll
2011-04-27 02:57:31 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-04-27 02:57:31 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-04-27 02:57:31 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-04-27 02:57:31 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-04-27 02:56:54 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-04-27 02:56:54 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-04-23 23:56:30 -------- d-sh--w- C:\$RECYCLE.BIN
2011-04-23 23:39:37 89048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2011-04-23 23:39:37 781272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-04-23 23:39:37 465880 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2011-04-23 23:39:37 1874904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-04-23 23:39:37 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
2011-04-23 23:39:36 1974616 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-04-23 23:39:36 1892184 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-04-23 23:39:36 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-04-23 21:07:15 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-04-23 21:07:15 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-04-23 20:10:20 98816 ----a-w- C:\Windows\sed.exe
2011-04-23 20:10:20 89088 ----a-w- C:\Windows\MBR.exe
2011-04-23 20:10:20 256512 ----a-w- C:\Windows\PEV.exe
2011-04-23 20:10:20 161792 ----a-w- C:\Windows\SWREG.exe
2011-04-15 01:07:47 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-04-15 01:06:05 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-04-15 01:06:05 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-04-15 01:06:05 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-04-14 10:39:02 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-04-14 10:39:02 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-03-11 06:19:26 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 06:19:26 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 05:40:24 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:40:24 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-08 06:14:30 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:38:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-04 06:17:25 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17:24 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 03:58:32 3133440 ----a-w- C:\Windows\System32\win32k.sys
2011-02-24 06:29:15 1197056 ----a-w- C:\Windows\System32\wininet.dll
2011-02-24 06:24:57 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-02-24 05:32:52 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-24 05:32:44 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-02-24 05:30:16 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-02-24 05:05:13 482816 ----a-w- C:\Windows\System32\html.iec
2011-02-24 04:24:04 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-02-24 04:23:48 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-02-24 03:50:26 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-02-23 05:16:28 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-02-23 05:16:01 401920 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-02-23 05:15:50 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-02-23 05:15:27 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-02-23 05:15:14 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-02-23 05:15:13 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-02-23 05:15:06 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-02-19 06:37:44 1135104 ----a-w- C:\Windows\System32\FntCache.dll
2011-02-19 06:37:10 1540608 ----a-w- C:\Windows\System32\DWrite.dll
2011-02-19 06:36:49 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-02-19 06:36:13 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-19 05:32:48 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-02-19 05:32:35 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-02-19 05:32:08 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-02-19 04:13:39 367104 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-19 03:37:02 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-02-18 06:37:05 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-02-18 05:36:26 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-02-12 06:14:41 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-02-05 12:41:43 556928 ----a-w- C:\Windows\System32\winresume.efi
2011-02-05 12:41:35 640896 ----a-w- C:\Windows\System32\winload.efi
2011-02-05 12:41:24 20352 ----a-w- C:\Windows\System32\kdusb.dll
2011-02-05 12:41:24 19328 ----a-w- C:\Windows\System32\kd1394.dll
2011-02-05 12:41:23 17792 ----a-w- C:\Windows\System32\kdcom.dll
2011-02-05 12:39:21 603976 ----a-w- C:\Windows\System32\winload.exe
2011-02-05 12:39:21 518160 ----a-w- C:\Windows\System32\winresume.exe
.
============= FINISH: 20:12:49.70 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/17/2010 1:27:40 PM
System Uptime: 5/1/2011 7:41:13 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P6X58D-E
Processor: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz | LGA1366 | 2801/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 414.949 GiB free.
D: is FIXED (NTFS) - 1863 GiB total, 1544.557 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is FIXED (FAT32) - 0 GiB total, 0 GiB free.
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP45: 4/10/2011 1:01:25 PM - Scheduled Checkpoint
RP46: 4/14/2011 10:38:03 PM - Windows Update
RP47: 4/23/2011 1:10:30 PM - ComboFix created restore point
RP48: 4/23/2011 1:53:53 PM - OTL Restore Point
RP49: 4/23/2011 2:06:55 PM - Installed Java(TM) 6 Update 22
RP50: 4/23/2011 2:08:39 PM - Installed Java(TM) 6 Update 24
RP51: 4/23/2011 2:12:51 PM - Removed Java(TM) 6 Update 24
RP52: 4/23/2011 2:13:26 PM - Installed Java(TM) 6 Update 24
RP53: 4/26/2011 10:31:33 PM - Windows Update
RP54: 4/27/2011 11:20:56 PM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.4
AnyDVD
Apple Application Support
Apple Software Update
Authorizer 1.0.2
Beatscape 1.0
CloneCD
CloneDVD2
Conduit Engine
Dimension Pro
DreamStation DXi2
Dropbox
Google Toolbar for Internet Explorer
Google Update Helper
Java Auto Updater
Java(TM) 6 Update 24
Malwarebytes' Anti-Malware
Mega Manager
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Mozilla Firefox 4.0.1 (x86 en-US)
NEC Electronics USB 3.0 Host Controller Driver
Norton Internet Security
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
oZone3D.Net FurMark v1.6.5
QuickTime
Reason
Reason 5.0
Record 1.5
RME DIGICheck
Samsung_MonSetup
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
SONAR 8 Content
SONAR 8.0 Producer Edition
SONAR 8.5 Producer
uTorrentBar Toolbar
VirtualCloneDrive
vShare Plugin
WinRAR archiver
WinZip 14.5
.
==== Event Viewer Messages From Past Week ========
.
5/1/2011 7:39:45 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/27/2011 7:24:05 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Update for Windows 7 for x64-based Systems (KB2506928).
4/27/2011 7:14:31 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB982018).
4/27/2011 7:14:31 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2522422).
4/27/2011 7:14:31 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2515325).
4/27/2011 7:14:31 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2492386).
.
==== End Of File ===========================
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by user at 20:12:38.64 on Sun 05/01/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.12279.10342 [GMT -7:00]
.
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\System32\hdsp32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\hdspmix.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\SlySoft\VirtualCloneDrive\VCDDaemon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\user\Desktop\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=Z005&form=ZGAPHP
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\SlySoft\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\user\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CODEME~1.LNK - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
mRun-x64: [HDSPTray1] hdsp32.exe
mRun-x64: [HDSPTray2] hdspmix.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z005&form=ZGAADF&q=
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1205000.07D\SymDS64.sys [2011-1-10 450608]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1205000.07D\SymEFA64.sys [2011-1-10 802864]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110419.001\BHDrvx64.sys [2011-4-19 1127032]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110429.002\IDSviA64.sys [2011-4-30 476792]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1205000.07D\Ironx64.sys [2011-1-10 171128]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1205000.07D\symnets.sys [2011-1-10 382072]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 CodeMeter.exe;CodeMeter Runtime Server;C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2010-4-8 1868176]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe [2011-1-10 130000]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-7-31 235624]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-9-23 132656]
R3 hdsp;RME Hammerfall Audio Device;C:\Windows\System32\drivers\hdsp_64.sys [2010-9-22 97280]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2009-6-19 712704]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2009-9-25 73728]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2009-9-25 178688]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2010-9-22 131688]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-17 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-17 136176]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-17 1255736]
.
=============== Created Last 30 ================
.
2011-05-02 02:47:29 -------- d-----w- C:\Users\user\AppData\Roaming\Malwarebytes
2011-05-02 02:46:32 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-02 02:46:32 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-05-02 02:46:29 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-02 02:46:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2011-04-27 03:01:39 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-04-27 03:01:39 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-04-27 03:01:27 2870272 ----a-w- C:\Windows\explorer.exe
2011-04-27 03:01:27 2614784 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-04-27 02:57:31 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-04-27 02:57:31 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-04-27 02:57:31 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-04-27 02:57:31 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-04-27 02:57:31 2566144 ----a-w- C:\Windows\System32\esent.dll
2011-04-27 02:57:31 187264 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-04-27 02:57:31 1686016 ----a-w- C:\Windows\SysWow64\esent.dll
2011-04-27 02:57:31 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-04-27 02:57:31 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-04-27 02:57:31 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-04-27 02:57:31 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-04-27 02:56:54 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-04-27 02:56:54 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-04-23 23:56:30 -------- d-sh--w- C:\$RECYCLE.BIN
2011-04-23 23:39:37 89048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2011-04-23 23:39:37 781272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-04-23 23:39:37 465880 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2011-04-23 23:39:37 1874904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-04-23 23:39:37 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
2011-04-23 23:39:36 1974616 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-04-23 23:39:36 1892184 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-04-23 23:39:36 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-04-23 21:07:15 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-04-23 21:07:15 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-04-23 20:10:20 98816 ----a-w- C:\Windows\sed.exe
2011-04-23 20:10:20 89088 ----a-w- C:\Windows\MBR.exe
2011-04-23 20:10:20 256512 ----a-w- C:\Windows\PEV.exe
2011-04-23 20:10:20 161792 ----a-w- C:\Windows\SWREG.exe
2011-04-15 01:07:47 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-04-15 01:06:05 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-04-15 01:06:05 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-04-15 01:06:05 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-04-14 10:39:02 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-04-14 10:39:02 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-03-11 06:19:26 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 06:19:26 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 05:40:24 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:40:24 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-08 06:14:30 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:38:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-04 06:17:25 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17:24 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 03:58:32 3133440 ----a-w- C:\Windows\System32\win32k.sys
2011-02-24 06:29:15 1197056 ----a-w- C:\Windows\System32\wininet.dll
2011-02-24 06:24:57 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-02-24 05:32:52 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-24 05:32:44 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-02-24 05:30:16 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-02-24 05:05:13 482816 ----a-w- C:\Windows\System32\html.iec
2011-02-24 04:24:04 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-02-24 04:23:48 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-02-24 03:50:26 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-02-23 05:16:28 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-02-23 05:16:01 401920 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-02-23 05:15:50 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-02-23 05:15:27 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-02-23 05:15:14 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-02-23 05:15:13 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-02-23 05:15:06 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-02-19 06:37:44 1135104 ----a-w- C:\Windows\System32\FntCache.dll
2011-02-19 06:37:10 1540608 ----a-w- C:\Windows\System32\DWrite.dll
2011-02-19 06:36:49 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-02-19 06:36:13 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-19 05:32:48 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-02-19 05:32:35 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-02-19 05:32:08 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-02-19 04:13:39 367104 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-19 03:37:02 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-02-18 06:37:05 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-02-18 05:36:26 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-02-12 06:14:41 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-02-05 12:41:43 556928 ----a-w- C:\Windows\System32\winresume.efi
2011-02-05 12:41:35 640896 ----a-w- C:\Windows\System32\winload.efi
2011-02-05 12:41:24 20352 ----a-w- C:\Windows\System32\kdusb.dll
2011-02-05 12:41:24 19328 ----a-w- C:\Windows\System32\kd1394.dll
2011-02-05 12:41:23 17792 ----a-w- C:\Windows\System32\kdcom.dll
2011-02-05 12:39:21 603976 ----a-w- C:\Windows\System32\winload.exe
2011-02-05 12:39:21 518160 ----a-w- C:\Windows\System32\winresume.exe
.
============= FINISH: 20:12:49.70 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/17/2010 1:27:40 PM
System Uptime: 5/1/2011 7:41:13 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P6X58D-E
Processor: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz | LGA1366 | 2801/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 414.949 GiB free.
D: is FIXED (NTFS) - 1863 GiB total, 1544.557 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is FIXED (FAT32) - 0 GiB total, 0 GiB free.
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP45: 4/10/2011 1:01:25 PM - Scheduled Checkpoint
RP46: 4/14/2011 10:38:03 PM - Windows Update
RP47: 4/23/2011 1:10:30 PM - ComboFix created restore point
RP48: 4/23/2011 1:53:53 PM - OTL Restore Point
RP49: 4/23/2011 2:06:55 PM - Installed Java(TM) 6 Update 22
RP50: 4/23/2011 2:08:39 PM - Installed Java(TM) 6 Update 24
RP51: 4/23/2011 2:12:51 PM - Removed Java(TM) 6 Update 24
RP52: 4/23/2011 2:13:26 PM - Installed Java(TM) 6 Update 24
RP53: 4/26/2011 10:31:33 PM - Windows Update
RP54: 4/27/2011 11:20:56 PM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.4
AnyDVD
Apple Application Support
Apple Software Update
Authorizer 1.0.2
Beatscape 1.0
CloneCD
CloneDVD2
Conduit Engine
Dimension Pro
DreamStation DXi2
Dropbox
Google Toolbar for Internet Explorer
Google Update Helper
Java Auto Updater
Java(TM) 6 Update 24
Malwarebytes' Anti-Malware
Mega Manager
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Mozilla Firefox 4.0.1 (x86 en-US)
NEC Electronics USB 3.0 Host Controller Driver
Norton Internet Security
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
oZone3D.Net FurMark v1.6.5
QuickTime
Reason
Reason 5.0
Record 1.5
RME DIGICheck
Samsung_MonSetup
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
SONAR 8 Content
SONAR 8.0 Producer Edition
SONAR 8.5 Producer
uTorrentBar Toolbar
VirtualCloneDrive
vShare Plugin
WinRAR archiver
WinZip 14.5
.
==== Event Viewer Messages From Past Week ========
.
5/1/2011 7:39:45 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/27/2011 7:24:05 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Update for Windows 7 for x64-based Systems (KB2506928).
4/27/2011 7:14:31 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB982018).
4/27/2011 7:14:31 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2522422).
4/27/2011 7:14:31 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2515325).
4/27/2011 7:14:31 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2492386).
.
==== End Of File ===========================
Broni
Posts: 56,041 +516
Good 
Download Bootkit Remover to your Desktop.
=====================================================================
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
Make sure, you re-enable your security programs, when you're done with Combofix.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTE.
If, for some reason, Combofix refuses to run, try one of the following:
1. Run Combofix from Safe Mode.
2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
Rkill.com
Rkill.scr
Rkill.exe
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.
If normal mode still doesn't work, run BOTH tools from safe mode.
In case #2, please post BOTH logs, rKill and Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Download Bootkit Remover to your Desktop.
- You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
- After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
- It will show a Black screen with some data on it.
- Right click on the screen and click Select All.
- Press CTRL+C
- Open a Notepad and press CTRL+V
- Post the output back here.
=====================================================================
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE 2. If Combofix asks you to update the program, always do so.- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
Make sure, you re-enable your security programs, when you're done with Combofix.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTE.
If, for some reason, Combofix refuses to run, try one of the following:
1. Run Combofix from Safe Mode.
2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
Rkill.com
Rkill.scr
Rkill.exe
- Double-click on the Rkill desktop icon to run the tool.
- If using Vista or Windows 7 right-click on it and choose Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
- Do not reboot until instructed.
- If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.
If normal mode still doesn't work, run BOTH tools from safe mode.
In case #2, please post BOTH logs, rKill and Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com
Program version: 1.2.0.0
OS Version: Microsoft Windows 7 (build 7600), 64-bit
System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000
Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
Done;
Press any key to quit...
ComboFix 11-05-02.03 - user 05/02/2011 18:43:43.3.8 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.12279.10617 [GMT -7:00]
Running from: c:\users\user\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-04-03 to 2011-05-03 )))))))))))))))))))))))))))))))
.
.
2011-05-03 01:45 . 2011-05-03 01:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-02 02:47 . 2011-05-02 02:47 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes
2011-05-02 02:46 . 2011-05-02 02:46 -------- d-----w- c:\programdata\Malwarebytes
2011-05-02 02:46 . 2010-12-21 01:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-02 02:46 . 2011-05-02 02:46 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2011-05-02 02:46 . 2010-12-21 01:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-27 03:01 . 2011-03-12 12:03 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-27 03:01 . 2011-03-12 11:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-04-27 03:01 . 2011-02-26 06:23 2870272 ----a-w- c:\windows\explorer.exe
2011-04-27 03:01 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\SysWow64\explorer.exe
2011-04-27 02:57 . 2011-03-11 06:23 187264 ----a-w- c:\windows\system32\drivers\storport.sys
2011-04-27 02:57 . 2011-03-11 06:23 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-04-27 02:57 . 2011-03-11 06:23 1657216 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-04-27 02:57 . 2011-03-11 06:23 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-04-27 02:57 . 2011-03-11 06:23 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-04-27 02:57 . 2011-03-11 06:22 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-04-27 02:57 . 2011-03-11 06:22 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-04-27 02:57 . 2011-03-11 06:18 2566144 ----a-w- c:\windows\system32\esent.dll
2011-04-27 02:57 . 2011-03-11 06:15 96768 ----a-w- c:\windows\system32\fsutil.exe
2011-04-27 02:57 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\SysWow64\esent.dll
2011-04-27 02:57 . 2011-03-11 05:37 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2011-04-27 02:56 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-04-27 02:56 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2011-04-23 23:39 . 2011-05-01 05:16 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-04-23 23:39 . 2011-05-01 05:16 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-04-23 23:39 . 2011-05-01 05:16 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-04-23 23:39 . 2011-05-01 05:16 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-04-23 23:39 . 2011-05-01 05:16 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-04-23 23:39 . 2011-05-01 05:16 1974616 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-04-23 23:39 . 2011-05-01 05:16 1892184 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-04-23 23:39 . 2011-05-01 05:16 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-04-23 21:14 . 2011-04-23 21:14 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-04-23 21:13 . 2011-04-23 21:13 -------- d-----w- c:\program files (x86)\Java
2011-04-23 21:07 . 2011-04-23 21:13 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-04-23 21:07 . 2011-04-23 21:13 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-04-15 01:07 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-15 01:06 . 2011-03-03 06:17 182272 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-15 01:06 . 2011-03-03 06:14 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-15 01:06 . 2011-03-03 05:27 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-04-14 10:39 . 2011-04-14 10:39 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-04-14 10:39 . 2011-04-14 10:39 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-04 06:17 . 2011-04-27 03:01 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17 . 2011-04-27 03:01 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-02-19 06:37 . 2011-03-09 04:17 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-09 04:17 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-09 04:17 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-03-09 04:17 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-09 04:17 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-23_20.36.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-17 20:44 . 2011-05-03 01:35 31588 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-05-03 01:35 31980 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:30 . 2010-12-11 03:05 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2011-04-30 17:59 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-04-27 02:57 . 2011-03-11 04:31 91136 c:\windows\system32\DriverStore\FileRepository\usbstor.inf_amd64_neutral_dd8b7470ecdd8b8b\USBSTOR.SYS
+ 2011-04-27 02:57 . 2011-03-11 06:22 27008 c:\windows\system32\DriverStore\FileRepository\amdsata.inf_amd64_neutral_66a166f5508d8f1c\amdxata.sys
+ 2011-04-27 02:57 . 2011-03-11 04:31 91136 c:\windows\system32\drivers\USBSTOR.SYS
+ 2010-09-17 20:25 . 2011-04-30 18:01 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-17 20:25 . 2011-04-21 04:20 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-04-21 04:20 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-30 18:01 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-17 20:29 . 2011-05-03 01:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-17 20:29 . 2011-04-23 20:02 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-04-30 18:04 85208 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:46 . 2011-04-23 01:46 85208 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-09-17 20:29 . 2011-04-23 20:02 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-17 20:29 . 2011-05-03 01:34 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-17 20:29 . 2011-04-23 20:02 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-17 20:29 . 2011-05-03 01:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-17 20:38 . 2011-05-03 01:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-17 20:38 . 2011-04-23 20:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-17 20:38 . 2011-05-03 01:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-17 20:38 . 2011-04-23 20:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-28 02:19 . 2011-04-28 02:19 25088 c:\windows\Installer\a39fb.msi
+ 2010-09-17 20:44 . 2011-05-03 01:35 8642 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2696968603-565600004-306040373-1001_UserData.bin
+ 2011-05-03 01:34 . 2011-05-03 01:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-04-23 20:02 . 2011-04-23 20:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-04-23 20:02 . 2011-04-23 20:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-05-03 01:34 . 2011-05-03 01:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-05-01 16:03 . 2011-05-01 16:03 235168 c:\windows\SysWOW64\Macromed\Flash\FlashUtil10p_Plugin.exe
+ 2011-04-23 21:13 . 2011-04-23 21:13 157472 c:\windows\SysWOW64\javaws.exe
+ 2011-04-23 21:13 . 2011-04-23 21:13 145184 c:\windows\SysWOW64\javaw.exe
+ 2011-04-23 21:13 . 2011-04-23 21:13 145184 c:\windows\SysWOW64\java.exe
+ 2009-07-14 02:36 . 2011-05-03 01:38 861364 c:\windows\system32\perfc009.dat
- 2009-07-14 05:30 . 2010-12-11 03:05 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-04-30 17:59 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-04-30 17:59 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2010-12-08 03:13 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-04-27 02:57 . 2011-03-11 06:23 166272 c:\windows\system32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
+ 2011-04-27 02:57 . 2011-03-11 06:23 148352 c:\windows\system32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvraid.sys
+ 2011-04-27 02:57 . 2011-03-11 06:23 410496 c:\windows\system32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
+ 2011-04-27 02:57 . 2011-03-11 06:22 107904 c:\windows\system32\DriverStore\FileRepository\amdsata.inf_amd64_neutral_66a166f5508d8f1c\amdsata.sys
- 2009-07-14 05:31 . 2010-09-29 15:16 399360 c:\windows\system32\DriverStore\drvindex.dat
+ 2009-07-14 05:31 . 2011-04-30 17:59 399360 c:\windows\system32\DriverStore\drvindex.dat
- 2009-07-14 05:01 . 2011-04-23 20:01 228660 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-05-02 04:29 228660 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-04-23 21:14 . 2011-04-23 21:14 183808 c:\windows\Installer\3b80c1.msi
+ 2010-09-23 03:19 . 2011-05-01 16:03 6053536 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
+ 2009-07-14 02:36 . 2011-05-03 01:38 2862464 c:\windows\system32\perfh009.dat
+ 2009-07-14 04:45 . 2011-04-30 18:01 3894414 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-04-16 16:26 3894414 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-04-24 06:29 . 2011-05-02 04:29 3341728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2696968603-565600004-306040373-1001-8192.dat
+ 2011-04-14 14:46 . 2011-04-14 14:46 3854848 c:\windows\Installer\887e8.msp
- 2009-07-14 02:34 . 2011-04-23 20:15 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-05-02 02:54 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-09-23 04:33 . 2011-04-18 23:22 43802056 c:\windows\system32\MRT.exe
+ 2011-04-23 21:12 . 2011-04-23 21:12 12565504 c:\windows\Installer\3b80ba.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 19:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 19:51 3911776 ----a-w- c:\program files (x86)\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-17 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-09-26 106496]
"VirtualCloneDrive"="c:\program files (x86)\SlySoft\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-14 421160]
"CloneCDTray"="c:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-1-26 23361424]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CodeMeter Control Center.lnk - c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe [2010-4-7 6837648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-17 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-17 136176]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 uxddrv;Dynamically loaded UxdDrv;g:\wow64\uxddrv.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1205000.07D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1205000.07D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110419.001\BHDrvx64.sys [2011-04-15 1127032]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110429.002\IDSvia64.sys [2011-03-14 476792]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1205000.07D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1205000.07D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2010-04-08 1868176]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe [2010-11-24 130000]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-31 235624]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-09-23 132656]
S3 hdsp;RME Hammerfall Audio Device;c:\windows\system32\drivers\hdsp_64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-17 21:09]
.
2011-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-17 21:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDSPTray1"="hdsp32.exe" [2010-08-27 656384]
"HDSPTray2"="hdspmix.exe" [2010-08-27 1204224]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com/?pc=Z005&form=ZGAPHP
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z005&form=ZGAADF&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.5.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-02 18:47:06
ComboFix-quarantined-files.txt 2011-05-03 01:47
ComboFix2.txt 2011-04-23 20:37
.
Pre-Run: 446,234,324,992 bytes free
Post-Run: 446,176,870,400 bytes free
.
- - End Of File - - 04E01782AE975AC70AE2D81DF70384AA
(c) 2009 eSage Lab
www.esagelab.com
Program version: 1.2.0.0
OS Version: Microsoft Windows 7 (build 7600), 64-bit
System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000
Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
Done;
Press any key to quit...
ComboFix 11-05-02.03 - user 05/02/2011 18:43:43.3.8 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.12279.10617 [GMT -7:00]
Running from: c:\users\user\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-04-03 to 2011-05-03 )))))))))))))))))))))))))))))))
.
.
2011-05-03 01:45 . 2011-05-03 01:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-02 02:47 . 2011-05-02 02:47 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes
2011-05-02 02:46 . 2011-05-02 02:46 -------- d-----w- c:\programdata\Malwarebytes
2011-05-02 02:46 . 2010-12-21 01:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-02 02:46 . 2011-05-02 02:46 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2011-05-02 02:46 . 2010-12-21 01:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-27 03:01 . 2011-03-12 12:03 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-27 03:01 . 2011-03-12 11:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-04-27 03:01 . 2011-02-26 06:23 2870272 ----a-w- c:\windows\explorer.exe
2011-04-27 03:01 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\SysWow64\explorer.exe
2011-04-27 02:57 . 2011-03-11 06:23 187264 ----a-w- c:\windows\system32\drivers\storport.sys
2011-04-27 02:57 . 2011-03-11 06:23 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-04-27 02:57 . 2011-03-11 06:23 1657216 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-04-27 02:57 . 2011-03-11 06:23 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-04-27 02:57 . 2011-03-11 06:23 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-04-27 02:57 . 2011-03-11 06:22 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-04-27 02:57 . 2011-03-11 06:22 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-04-27 02:57 . 2011-03-11 06:18 2566144 ----a-w- c:\windows\system32\esent.dll
2011-04-27 02:57 . 2011-03-11 06:15 96768 ----a-w- c:\windows\system32\fsutil.exe
2011-04-27 02:57 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\SysWow64\esent.dll
2011-04-27 02:57 . 2011-03-11 05:37 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2011-04-27 02:56 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-04-27 02:56 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2011-04-23 23:39 . 2011-05-01 05:16 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-04-23 23:39 . 2011-05-01 05:16 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-04-23 23:39 . 2011-05-01 05:16 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-04-23 23:39 . 2011-05-01 05:16 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-04-23 23:39 . 2011-05-01 05:16 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-04-23 23:39 . 2011-05-01 05:16 1974616 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-04-23 23:39 . 2011-05-01 05:16 1892184 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-04-23 23:39 . 2011-05-01 05:16 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-04-23 21:14 . 2011-04-23 21:14 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-04-23 21:13 . 2011-04-23 21:13 -------- d-----w- c:\program files (x86)\Java
2011-04-23 21:07 . 2011-04-23 21:13 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-04-23 21:07 . 2011-04-23 21:13 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-04-15 01:07 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-15 01:06 . 2011-03-03 06:17 182272 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-15 01:06 . 2011-03-03 06:14 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-15 01:06 . 2011-03-03 05:27 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-04-14 10:39 . 2011-04-14 10:39 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-04-14 10:39 . 2011-04-14 10:39 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-04 06:17 . 2011-04-27 03:01 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17 . 2011-04-27 03:01 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-02-19 06:37 . 2011-03-09 04:17 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-09 04:17 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-09 04:17 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-03-09 04:17 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-09 04:17 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-23_20.36.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-17 20:44 . 2011-05-03 01:35 31588 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-05-03 01:35 31980 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:30 . 2010-12-11 03:05 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2011-04-30 17:59 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-04-27 02:57 . 2011-03-11 04:31 91136 c:\windows\system32\DriverStore\FileRepository\usbstor.inf_amd64_neutral_dd8b7470ecdd8b8b\USBSTOR.SYS
+ 2011-04-27 02:57 . 2011-03-11 06:22 27008 c:\windows\system32\DriverStore\FileRepository\amdsata.inf_amd64_neutral_66a166f5508d8f1c\amdxata.sys
+ 2011-04-27 02:57 . 2011-03-11 04:31 91136 c:\windows\system32\drivers\USBSTOR.SYS
+ 2010-09-17 20:25 . 2011-04-30 18:01 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-17 20:25 . 2011-04-21 04:20 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-04-21 04:20 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-30 18:01 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-17 20:29 . 2011-05-03 01:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-17 20:29 . 2011-04-23 20:02 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-04-30 18:04 85208 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:46 . 2011-04-23 01:46 85208 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-09-17 20:29 . 2011-04-23 20:02 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-17 20:29 . 2011-05-03 01:34 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-17 20:29 . 2011-04-23 20:02 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-17 20:29 . 2011-05-03 01:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-17 20:38 . 2011-05-03 01:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-17 20:38 . 2011-04-23 20:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-17 20:38 . 2011-05-03 01:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-17 20:38 . 2011-04-23 20:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-28 02:19 . 2011-04-28 02:19 25088 c:\windows\Installer\a39fb.msi
+ 2010-09-17 20:44 . 2011-05-03 01:35 8642 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2696968603-565600004-306040373-1001_UserData.bin
+ 2011-05-03 01:34 . 2011-05-03 01:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-04-23 20:02 . 2011-04-23 20:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-04-23 20:02 . 2011-04-23 20:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-05-03 01:34 . 2011-05-03 01:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-05-01 16:03 . 2011-05-01 16:03 235168 c:\windows\SysWOW64\Macromed\Flash\FlashUtil10p_Plugin.exe
+ 2011-04-23 21:13 . 2011-04-23 21:13 157472 c:\windows\SysWOW64\javaws.exe
+ 2011-04-23 21:13 . 2011-04-23 21:13 145184 c:\windows\SysWOW64\javaw.exe
+ 2011-04-23 21:13 . 2011-04-23 21:13 145184 c:\windows\SysWOW64\java.exe
+ 2009-07-14 02:36 . 2011-05-03 01:38 861364 c:\windows\system32\perfc009.dat
- 2009-07-14 05:30 . 2010-12-11 03:05 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-04-30 17:59 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-04-30 17:59 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2010-12-08 03:13 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-04-27 02:57 . 2011-03-11 06:23 166272 c:\windows\system32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
+ 2011-04-27 02:57 . 2011-03-11 06:23 148352 c:\windows\system32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvraid.sys
+ 2011-04-27 02:57 . 2011-03-11 06:23 410496 c:\windows\system32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
+ 2011-04-27 02:57 . 2011-03-11 06:22 107904 c:\windows\system32\DriverStore\FileRepository\amdsata.inf_amd64_neutral_66a166f5508d8f1c\amdsata.sys
- 2009-07-14 05:31 . 2010-09-29 15:16 399360 c:\windows\system32\DriverStore\drvindex.dat
+ 2009-07-14 05:31 . 2011-04-30 17:59 399360 c:\windows\system32\DriverStore\drvindex.dat
- 2009-07-14 05:01 . 2011-04-23 20:01 228660 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-05-02 04:29 228660 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-04-23 21:14 . 2011-04-23 21:14 183808 c:\windows\Installer\3b80c1.msi
+ 2010-09-23 03:19 . 2011-05-01 16:03 6053536 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
+ 2009-07-14 02:36 . 2011-05-03 01:38 2862464 c:\windows\system32\perfh009.dat
+ 2009-07-14 04:45 . 2011-04-30 18:01 3894414 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-04-16 16:26 3894414 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-04-24 06:29 . 2011-05-02 04:29 3341728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2696968603-565600004-306040373-1001-8192.dat
+ 2011-04-14 14:46 . 2011-04-14 14:46 3854848 c:\windows\Installer\887e8.msp
- 2009-07-14 02:34 . 2011-04-23 20:15 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-05-02 02:54 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-09-23 04:33 . 2011-04-18 23:22 43802056 c:\windows\system32\MRT.exe
+ 2011-04-23 21:12 . 2011-04-23 21:12 12565504 c:\windows\Installer\3b80ba.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 19:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 19:51 3911776 ----a-w- c:\program files (x86)\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-17 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-09-26 106496]
"VirtualCloneDrive"="c:\program files (x86)\SlySoft\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-14 421160]
"CloneCDTray"="c:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-1-26 23361424]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CodeMeter Control Center.lnk - c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe [2010-4-7 6837648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-17 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-17 136176]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 uxddrv;Dynamically loaded UxdDrv;g:\wow64\uxddrv.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1205000.07D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1205000.07D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110419.001\BHDrvx64.sys [2011-04-15 1127032]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110429.002\IDSvia64.sys [2011-03-14 476792]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1205000.07D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1205000.07D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2010-04-08 1868176]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe [2010-11-24 130000]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-31 235624]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-09-23 132656]
S3 hdsp;RME Hammerfall Audio Device;c:\windows\system32\drivers\hdsp_64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-17 21:09]
.
2011-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-17 21:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDSPTray1"="hdsp32.exe" [2010-08-27 656384]
"HDSPTray2"="hdspmix.exe" [2010-08-27 1204224]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com/?pc=Z005&form=ZGAPHP
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z005&form=ZGAADF&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.5.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-02 18:47:06
ComboFix-quarantined-files.txt 2011-05-03 01:47
ComboFix2.txt 2011-04-23 20:37
.
Pre-Run: 446,234,324,992 bytes free
Post-Run: 446,176,870,400 bytes free
.
- - End Of File - - 04E01782AE975AC70AE2D81DF70384AA
Broni
Posts: 56,041 +516
Where is your information about being infected with Backdoor.tidserv coming from?
Download TDSSKiller and save it to your desktop.
Download TDSSKiller and save it to your desktop.
- Extract (unzip) its contents to your desktop.
- Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
- If an infected file is detected, the default action will be Cure, click on Continue.
- If a suspicious file is detected, the default action will be Skip, click on Continue.
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
- If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
Norton Internet Security pops up a few times a day and says infected with Backdoor.tidserv. I read that this affects the MBR and is difficult to remove.
2011/05/02 19:41:49.0881 4988 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/05/02 19:41:50.0677 4988 ================================================================================
2011/05/02 19:41:50.0677 4988 SystemInfo:
2011/05/02 19:41:50.0677 4988
2011/05/02 19:41:50.0677 4988 OS Version: 6.1.7600 ServicePack: 0.0
2011/05/02 19:41:50.0677 4988 Product type: Workstation
2011/05/02 19:41:50.0677 4988 ComputerName: BIGDRU
2011/05/02 19:41:50.0692 4988 UserName: user
2011/05/02 19:41:50.0692 4988 Windows directory: C:\Windows
2011/05/02 19:41:50.0692 4988 System windows directory: C:\Windows
2011/05/02 19:41:50.0692 4988 Running under WOW64
2011/05/02 19:41:50.0692 4988 Processor architecture: Intel x64
2011/05/02 19:41:50.0692 4988 Number of processors: 8
2011/05/02 19:41:50.0692 4988 Page size: 0x1000
2011/05/02 19:41:50.0692 4988 Boot type: Normal boot
2011/05/02 19:41:50.0692 4988 ================================================================================
2011/05/02 19:41:51.0722 4988 Initialize success
2011/05/02 19:41:58.0898 4940 ================================================================================
2011/05/02 19:41:58.0898 4940 Scan started
2011/05/02 19:41:58.0898 4940 Mode: Manual;
2011/05/02 19:41:58.0898 4940 ================================================================================
2011/05/02 19:41:59.0507 4940 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/05/02 19:41:59.0553 4940 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/05/02 19:41:59.0569 4940 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/05/02 19:41:59.0616 4940 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/02 19:41:59.0631 4940 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/02 19:41:59.0663 4940 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/02 19:41:59.0725 4940 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/05/02 19:41:59.0741 4940 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/05/02 19:41:59.0772 4940 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/05/02 19:41:59.0787 4940 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/05/02 19:41:59.0819 4940 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/02 19:41:59.0834 4940 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/02 19:41:59.0881 4940 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
2011/05/02 19:41:59.0912 4940 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/02 19:41:59.0928 4940 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
2011/05/02 19:41:59.0975 4940 AnyDVD (aa10a90af32ba0682820a51fbc4ace90) C:\Windows\system32\Drivers\AnyDVD.sys
2011/05/02 19:41:59.0990 4940 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/05/02 19:42:00.0068 4940 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/05/02 19:42:00.0084 4940 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/02 19:42:00.0099 4940 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/02 19:42:00.0115 4940 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/05/02 19:42:00.0162 4940 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/05/02 19:42:00.0209 4940 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/05/02 19:42:00.0224 4940 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/05/02 19:42:00.0443 4940 BHDrvx64 (3b9b31981894123f78c4ef0d97184319) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110430.001\BHDrvx64.sys
2011/05/02 19:42:00.0474 4940 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/02 19:42:00.0521 4940 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/02 19:42:00.0552 4940 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/02 19:42:00.0567 4940 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/02 19:42:00.0583 4940 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/05/02 19:42:00.0599 4940 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/02 19:42:00.0614 4940 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/02 19:42:00.0614 4940 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/02 19:42:00.0630 4940 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/02 19:42:00.0677 4940 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/02 19:42:00.0708 4940 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/02 19:42:00.0739 4940 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/02 19:42:00.0755 4940 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/05/02 19:42:00.0801 4940 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/02 19:42:00.0817 4940 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/05/02 19:42:00.0833 4940 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/05/02 19:42:00.0848 4940 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/02 19:42:00.0879 4940 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/05/02 19:42:00.0895 4940 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/02 19:42:00.0926 4940 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2011/05/02 19:42:00.0973 4940 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/05/02 19:42:00.0989 4940 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/05/02 19:42:01.0004 4940 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/05/02 19:42:01.0051 4940 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/05/02 19:42:01.0098 4940 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/02 19:42:01.0176 4940 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/05/02 19:42:01.0238 4940 eeCtrl (066108ae4c35835081598827a1a7d08d) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
2011/05/02 19:42:01.0301 4940 ElbyCDFL (9387a484d31209d7fc3f795a787294db) C:\Windows\system32\Drivers\ElbyCDFL.sys
2011/05/02 19:42:01.0332 4940 ElbyCDIO (65e0ec00c209d4f2618f8ff0dd4ea444) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/05/02 19:42:01.0347 4940 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/02 19:42:01.0394 4940 EraserUtilRebootDrv (12866876e3851f1e5d462b2a83e25578) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/05/02 19:42:01.0425 4940 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/05/02 19:42:01.0472 4940 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/05/02 19:42:01.0488 4940 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/05/02 19:42:01.0503 4940 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/02 19:42:01.0535 4940 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/05/02 19:42:01.0550 4940 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/05/02 19:42:01.0566 4940 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/02 19:42:01.0581 4940 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/05/02 19:42:01.0613 4940 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/05/02 19:42:01.0628 4940 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/02 19:42:01.0659 4940 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/02 19:42:01.0675 4940 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/02 19:42:01.0706 4940 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/02 19:42:01.0753 4940 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/02 19:42:01.0800 4940 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/05/02 19:42:01.0831 4940 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/02 19:42:01.0878 4940 hdsp (da3237b3cb5d9faf2a96833861ca2b29) C:\Windows\system32\drivers\hdsp_64.sys
2011/05/02 19:42:01.0893 4940 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/02 19:42:01.0909 4940 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/02 19:42:01.0925 4940 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/02 19:42:01.0940 4940 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/02 19:42:01.0971 4940 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/05/02 19:42:02.0003 4940 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/05/02 19:42:02.0034 4940 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/02 19:42:02.0065 4940 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/02 19:42:02.0096 4940 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
2011/05/02 19:42:02.0252 4940 IDSVia64 (8f9faa4583e634a1505bad8d0c04c5c9) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110429.002\IDSvia64.sys
2011/05/02 19:42:02.0268 4940 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/02 19:42:02.0283 4940 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/05/02 19:42:02.0299 4940 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/02 19:42:02.0330 4940 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/02 19:42:02.0346 4940 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/05/02 19:42:02.0361 4940 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/05/02 19:42:02.0393 4940 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/05/02 19:42:02.0408 4940 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/05/02 19:42:02.0424 4940 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/02 19:42:02.0455 4940 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/02 19:42:02.0471 4940 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/02 19:42:02.0502 4940 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/02 19:42:02.0533 4940 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/02 19:42:02.0549 4940 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/05/02 19:42:02.0595 4940 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/02 19:42:02.0627 4940 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/02 19:42:02.0642 4940 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/02 19:42:02.0658 4940 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/02 19:42:02.0673 4940 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/02 19:42:02.0705 4940 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/05/02 19:42:02.0720 4940 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/02 19:42:02.0736 4940 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/02 19:42:02.0767 4940 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/05/02 19:42:02.0783 4940 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/02 19:42:02.0798 4940 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/02 19:42:02.0814 4940 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/02 19:42:02.0829 4940 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/05/02 19:42:02.0845 4940 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/05/02 19:42:02.0861 4940 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/02 19:42:02.0892 4940 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/02 19:42:02.0907 4940 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/02 19:42:02.0939 4940 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/02 19:42:02.0970 4940 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/02 19:42:02.0985 4940 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/05/02 19:42:03.0001 4940 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/05/02 19:42:03.0048 4940 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/05/02 19:42:03.0063 4940 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/02 19:42:03.0079 4940 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/05/02 19:42:03.0110 4940 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/02 19:42:03.0126 4940 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/02 19:42:03.0157 4940 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/05/02 19:42:03.0173 4940 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/05/02 19:42:03.0188 4940 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/02 19:42:03.0204 4940 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/05/02 19:42:03.0219 4940 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/02 19:42:03.0251 4940 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/05/02 19:42:03.0282 4940 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/05/02 19:42:03.0313 4940 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/02 19:42:03.0453 4940 NAVENG (ba3d1e520fccc1783282f43b8adfc4ca) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110502.018\ENG64.SYS
2011/05/02 19:42:03.0500 4940 NAVEX15 (9f602385a74e30d13fb9083213cddc87) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110502.018\EX64.SYS
2011/05/02 19:42:03.0547 4940 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/05/02 19:42:03.0578 4940 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/02 19:42:03.0609 4940 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/02 19:42:03.0625 4940 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/02 19:42:03.0641 4940 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/02 19:42:03.0672 4940 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/05/02 19:42:03.0687 4940 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/02 19:42:03.0703 4940 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/02 19:42:03.0750 4940 netr28x (d66596db0a0739a89c25b590ce36d628) C:\Windows\system32\DRIVERS\netr28x.sys
2011/05/02 19:42:03.0781 4940 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/02 19:42:03.0797 4940 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/05/02 19:42:03.0828 4940 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/02 19:42:03.0875 4940 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
2011/05/02 19:42:03.0906 4940 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/05/02 19:42:03.0921 4940 nusb3hub (a61b0af4d6b934928cfd1140deea5c8d) C:\Windows\system32\DRIVERS\nusb3hub.sys
2011/05/02 19:42:03.0953 4940 nusb3xhc (fa4b2f20561bdbcc6b9ac3e3bdcd7e3f) C:\Windows\system32\DRIVERS\nusb3xhc.sys
2011/05/02 19:42:03.0984 4940 NVHDA (e20abd5b229760158f753ca90b97e090) C:\Windows\system32\drivers\nvhda64v.sys
2011/05/02 19:42:04.0202 4940 nvlddmkm (cd0b2c7666e2a594127cbcceab7d0465) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/02 19:42:04.0311 4940 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
2011/05/02 19:42:04.0343 4940 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
2011/05/02 19:42:04.0374 4940 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/05/02 19:42:04.0389 4940 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/02 19:42:04.0421 4940 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/05/02 19:42:04.0436 4940 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/05/02 19:42:04.0467 4940 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/05/02 19:42:04.0483 4940 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/05/02 19:42:04.0499 4940 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/02 19:42:04.0514 4940 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/05/02 19:42:04.0530 4940 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/05/02 19:42:04.0592 4940 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/02 19:42:04.0623 4940 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/05/02 19:42:04.0639 4940 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/02 19:42:04.0686 4940 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/02 19:42:04.0701 4940 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/02 19:42:04.0733 4940 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/02 19:42:04.0748 4940 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/02 19:42:04.0764 4940 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/02 19:42:04.0779 4940 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/02 19:42:04.0811 4940 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/02 19:42:04.0826 4940 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/02 19:42:04.0842 4940 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/02 19:42:04.0857 4940 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/02 19:42:04.0873 4940 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/02 19:42:04.0904 4940 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2011/05/02 19:42:04.0920 4940 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/02 19:42:04.0935 4940 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/02 19:42:04.0951 4940 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/05/02 19:42:04.0982 4940 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/05/02 19:42:05.0013 4940 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/02 19:42:05.0029 4940 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/05/02 19:42:05.0060 4940 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/05/02 19:42:05.0076 4940 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/02 19:42:05.0091 4940 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/05/02 19:42:05.0123 4940 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/02 19:42:05.0154 4940 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/05/02 19:42:05.0169 4940 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/02 19:42:05.0201 4940 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/05/02 19:42:05.0232 4940 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/05/02 19:42:05.0247 4940 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/05/02 19:42:05.0263 4940 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/02 19:42:05.0294 4940 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/02 19:42:05.0294 4940 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/02 19:42:05.0325 4940 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/05/02 19:42:05.0372 4940 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/05/02 19:42:05.0435 4940 SRTSP (9a359fb3d10c9de23edc427ada8ac8be) C:\Windows\System32\Drivers\NISx64\1205000.07D\SRTSP64.SYS
2011/05/02 19:42:05.0466 4940 SRTSPX (a14a9aaa8005d411ef1657601f55776d) C:\Windows\system32\drivers\NISx64\1205000.07D\SRTSPX64.SYS
2011/05/02 19:42:05.0497 4940 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys
2011/05/02 19:42:05.0528 4940 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/02 19:42:05.0559 4940 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/02 19:42:05.0606 4940 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/02 19:42:05.0622 4940 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/05/02 19:42:05.0653 4940 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2011/05/02 19:42:05.0669 4940 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/02 19:42:05.0684 4940 SymDS (6d33d1669b3b6193658129d1767a4aff) C:\Windows\system32\drivers\NISx64\1205000.07D\SYMDS64.SYS
2011/05/02 19:42:05.0715 4940 SymEFA (9acc52c79420236dcb1ab1a17ed0df2e) C:\Windows\system32\drivers\NISx64\1205000.07D\SYMEFA64.SYS
2011/05/02 19:42:05.0762 4940 SymEvent (84e27ca1a5af320a705e767ea53086e5) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2011/05/02 19:42:05.0778 4940 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1205000.07D\Ironx64.SYS
2011/05/02 19:42:05.0793 4940 SymNetS (af56ca02f9dc706709c0a7df5c1dab82) C:\Windows\system32\drivers\NISx64\1205000.07D\SYMNETS.SYS
2011/05/02 19:42:05.0871 4940 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/05/02 19:42:05.0934 4940 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/02 19:42:05.0965 4940 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/02 19:42:05.0996 4940 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/05/02 19:42:06.0012 4940 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/05/02 19:42:06.0043 4940 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/02 19:42:06.0059 4940 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/02 19:42:06.0090 4940 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/02 19:42:06.0105 4940 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/02 19:42:06.0137 4940 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/02 19:42:06.0152 4940 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/02 19:42:06.0183 4940 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/05/02 19:42:06.0199 4940 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/02 19:42:06.0215 4940 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/02 19:42:06.0261 4940 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
2011/05/02 19:42:06.0293 4940 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/05/02 19:42:06.0308 4940 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/02 19:42:06.0324 4940 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/05/02 19:42:06.0339 4940 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/02 19:42:06.0355 4940 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/02 19:42:06.0371 4940 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/02 19:42:06.0386 4940 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/02 19:42:06.0417 4940 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
2011/05/02 19:42:06.0433 4940 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/02 19:42:06.0558 4940 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
2011/05/02 19:42:06.0558 4940 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/05/02 19:42:06.0589 4940 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/02 19:42:06.0605 4940 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/05/02 19:42:06.0620 4940 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/05/02 19:42:06.0636 4940 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/05/02 19:42:06.0651 4940 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2011/05/02 19:42:06.0667 4940 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/05/02 19:42:06.0683 4940 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/05/02 19:42:06.0714 4940 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/05/02 19:42:06.0729 4940 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/05/02 19:42:06.0761 4940 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/02 19:42:06.0776 4940 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/05/02 19:42:06.0792 4940 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/05/02 19:42:06.0823 4940 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/02 19:42:06.0854 4940 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/02 19:42:06.0854 4940 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/02 19:42:06.0885 4940 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/05/02 19:42:06.0917 4940 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/02 19:42:06.0948 4940 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/02 19:42:06.0979 4940 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/05/02 19:42:07.0026 4940 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/05/02 19:42:07.0057 4940 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/02 19:42:07.0088 4940 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/02 19:42:07.0119 4940 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/05/02 19:42:07.0135 4940 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/02 19:42:07.0182 4940 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/05/02 19:42:07.0322 4940 ================================================================================
2011/05/02 19:42:07.0322 4940 Scan finished
2011/05/02 19:42:07.0322 4940 ================================================================================
2011/05/02 19:41:49.0881 4988 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/05/02 19:41:50.0677 4988 ================================================================================
2011/05/02 19:41:50.0677 4988 SystemInfo:
2011/05/02 19:41:50.0677 4988
2011/05/02 19:41:50.0677 4988 OS Version: 6.1.7600 ServicePack: 0.0
2011/05/02 19:41:50.0677 4988 Product type: Workstation
2011/05/02 19:41:50.0677 4988 ComputerName: BIGDRU
2011/05/02 19:41:50.0692 4988 UserName: user
2011/05/02 19:41:50.0692 4988 Windows directory: C:\Windows
2011/05/02 19:41:50.0692 4988 System windows directory: C:\Windows
2011/05/02 19:41:50.0692 4988 Running under WOW64
2011/05/02 19:41:50.0692 4988 Processor architecture: Intel x64
2011/05/02 19:41:50.0692 4988 Number of processors: 8
2011/05/02 19:41:50.0692 4988 Page size: 0x1000
2011/05/02 19:41:50.0692 4988 Boot type: Normal boot
2011/05/02 19:41:50.0692 4988 ================================================================================
2011/05/02 19:41:51.0722 4988 Initialize success
2011/05/02 19:41:58.0898 4940 ================================================================================
2011/05/02 19:41:58.0898 4940 Scan started
2011/05/02 19:41:58.0898 4940 Mode: Manual;
2011/05/02 19:41:58.0898 4940 ================================================================================
2011/05/02 19:41:59.0507 4940 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/05/02 19:41:59.0553 4940 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/05/02 19:41:59.0569 4940 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/05/02 19:41:59.0616 4940 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/02 19:41:59.0631 4940 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/02 19:41:59.0663 4940 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/02 19:41:59.0725 4940 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/05/02 19:41:59.0741 4940 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/05/02 19:41:59.0772 4940 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/05/02 19:41:59.0787 4940 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/05/02 19:41:59.0819 4940 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/02 19:41:59.0834 4940 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/02 19:41:59.0881 4940 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
2011/05/02 19:41:59.0912 4940 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/02 19:41:59.0928 4940 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
2011/05/02 19:41:59.0975 4940 AnyDVD (aa10a90af32ba0682820a51fbc4ace90) C:\Windows\system32\Drivers\AnyDVD.sys
2011/05/02 19:41:59.0990 4940 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/05/02 19:42:00.0068 4940 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/05/02 19:42:00.0084 4940 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/02 19:42:00.0099 4940 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/02 19:42:00.0115 4940 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/05/02 19:42:00.0162 4940 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/05/02 19:42:00.0209 4940 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/05/02 19:42:00.0224 4940 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/05/02 19:42:00.0443 4940 BHDrvx64 (3b9b31981894123f78c4ef0d97184319) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110430.001\BHDrvx64.sys
2011/05/02 19:42:00.0474 4940 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/02 19:42:00.0521 4940 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/02 19:42:00.0552 4940 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/02 19:42:00.0567 4940 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/02 19:42:00.0583 4940 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/05/02 19:42:00.0599 4940 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/02 19:42:00.0614 4940 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/02 19:42:00.0614 4940 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/02 19:42:00.0630 4940 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/02 19:42:00.0677 4940 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/02 19:42:00.0708 4940 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/02 19:42:00.0739 4940 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/02 19:42:00.0755 4940 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/05/02 19:42:00.0801 4940 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/02 19:42:00.0817 4940 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/05/02 19:42:00.0833 4940 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/05/02 19:42:00.0848 4940 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/02 19:42:00.0879 4940 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/05/02 19:42:00.0895 4940 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/02 19:42:00.0926 4940 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2011/05/02 19:42:00.0973 4940 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/05/02 19:42:00.0989 4940 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/05/02 19:42:01.0004 4940 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/05/02 19:42:01.0051 4940 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/05/02 19:42:01.0098 4940 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/02 19:42:01.0176 4940 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/05/02 19:42:01.0238 4940 eeCtrl (066108ae4c35835081598827a1a7d08d) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
2011/05/02 19:42:01.0301 4940 ElbyCDFL (9387a484d31209d7fc3f795a787294db) C:\Windows\system32\Drivers\ElbyCDFL.sys
2011/05/02 19:42:01.0332 4940 ElbyCDIO (65e0ec00c209d4f2618f8ff0dd4ea444) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/05/02 19:42:01.0347 4940 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/02 19:42:01.0394 4940 EraserUtilRebootDrv (12866876e3851f1e5d462b2a83e25578) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/05/02 19:42:01.0425 4940 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/05/02 19:42:01.0472 4940 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/05/02 19:42:01.0488 4940 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/05/02 19:42:01.0503 4940 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/02 19:42:01.0535 4940 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/05/02 19:42:01.0550 4940 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/05/02 19:42:01.0566 4940 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/02 19:42:01.0581 4940 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/05/02 19:42:01.0613 4940 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/05/02 19:42:01.0628 4940 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/02 19:42:01.0659 4940 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/02 19:42:01.0675 4940 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/02 19:42:01.0706 4940 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/02 19:42:01.0753 4940 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/02 19:42:01.0800 4940 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/05/02 19:42:01.0831 4940 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/02 19:42:01.0878 4940 hdsp (da3237b3cb5d9faf2a96833861ca2b29) C:\Windows\system32\drivers\hdsp_64.sys
2011/05/02 19:42:01.0893 4940 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/02 19:42:01.0909 4940 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/02 19:42:01.0925 4940 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/02 19:42:01.0940 4940 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/02 19:42:01.0971 4940 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/05/02 19:42:02.0003 4940 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/05/02 19:42:02.0034 4940 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/02 19:42:02.0065 4940 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/02 19:42:02.0096 4940 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
2011/05/02 19:42:02.0252 4940 IDSVia64 (8f9faa4583e634a1505bad8d0c04c5c9) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110429.002\IDSvia64.sys
2011/05/02 19:42:02.0268 4940 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/02 19:42:02.0283 4940 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/05/02 19:42:02.0299 4940 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/02 19:42:02.0330 4940 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/02 19:42:02.0346 4940 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/05/02 19:42:02.0361 4940 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/05/02 19:42:02.0393 4940 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/05/02 19:42:02.0408 4940 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/05/02 19:42:02.0424 4940 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/02 19:42:02.0455 4940 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/02 19:42:02.0471 4940 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/02 19:42:02.0502 4940 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/02 19:42:02.0533 4940 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/02 19:42:02.0549 4940 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/05/02 19:42:02.0595 4940 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/02 19:42:02.0627 4940 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/02 19:42:02.0642 4940 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/02 19:42:02.0658 4940 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/02 19:42:02.0673 4940 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/02 19:42:02.0705 4940 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/05/02 19:42:02.0720 4940 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/02 19:42:02.0736 4940 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/02 19:42:02.0767 4940 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/05/02 19:42:02.0783 4940 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/02 19:42:02.0798 4940 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/02 19:42:02.0814 4940 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/02 19:42:02.0829 4940 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/05/02 19:42:02.0845 4940 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/05/02 19:42:02.0861 4940 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/02 19:42:02.0892 4940 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/02 19:42:02.0907 4940 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/02 19:42:02.0939 4940 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/02 19:42:02.0970 4940 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/02 19:42:02.0985 4940 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/05/02 19:42:03.0001 4940 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/05/02 19:42:03.0048 4940 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/05/02 19:42:03.0063 4940 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/02 19:42:03.0079 4940 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/05/02 19:42:03.0110 4940 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/02 19:42:03.0126 4940 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/02 19:42:03.0157 4940 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/05/02 19:42:03.0173 4940 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/05/02 19:42:03.0188 4940 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/02 19:42:03.0204 4940 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/05/02 19:42:03.0219 4940 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/02 19:42:03.0251 4940 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/05/02 19:42:03.0282 4940 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/05/02 19:42:03.0313 4940 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/02 19:42:03.0453 4940 NAVENG (ba3d1e520fccc1783282f43b8adfc4ca) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110502.018\ENG64.SYS
2011/05/02 19:42:03.0500 4940 NAVEX15 (9f602385a74e30d13fb9083213cddc87) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110502.018\EX64.SYS
2011/05/02 19:42:03.0547 4940 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/05/02 19:42:03.0578 4940 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/02 19:42:03.0609 4940 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/02 19:42:03.0625 4940 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/02 19:42:03.0641 4940 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/02 19:42:03.0672 4940 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/05/02 19:42:03.0687 4940 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/02 19:42:03.0703 4940 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/02 19:42:03.0750 4940 netr28x (d66596db0a0739a89c25b590ce36d628) C:\Windows\system32\DRIVERS\netr28x.sys
2011/05/02 19:42:03.0781 4940 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/02 19:42:03.0797 4940 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/05/02 19:42:03.0828 4940 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/02 19:42:03.0875 4940 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
2011/05/02 19:42:03.0906 4940 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/05/02 19:42:03.0921 4940 nusb3hub (a61b0af4d6b934928cfd1140deea5c8d) C:\Windows\system32\DRIVERS\nusb3hub.sys
2011/05/02 19:42:03.0953 4940 nusb3xhc (fa4b2f20561bdbcc6b9ac3e3bdcd7e3f) C:\Windows\system32\DRIVERS\nusb3xhc.sys
2011/05/02 19:42:03.0984 4940 NVHDA (e20abd5b229760158f753ca90b97e090) C:\Windows\system32\drivers\nvhda64v.sys
2011/05/02 19:42:04.0202 4940 nvlddmkm (cd0b2c7666e2a594127cbcceab7d0465) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/02 19:42:04.0311 4940 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
2011/05/02 19:42:04.0343 4940 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
2011/05/02 19:42:04.0374 4940 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/05/02 19:42:04.0389 4940 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/02 19:42:04.0421 4940 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/05/02 19:42:04.0436 4940 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/05/02 19:42:04.0467 4940 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/05/02 19:42:04.0483 4940 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/05/02 19:42:04.0499 4940 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/02 19:42:04.0514 4940 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/05/02 19:42:04.0530 4940 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/05/02 19:42:04.0592 4940 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/02 19:42:04.0623 4940 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/05/02 19:42:04.0639 4940 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/02 19:42:04.0686 4940 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/02 19:42:04.0701 4940 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/02 19:42:04.0733 4940 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/02 19:42:04.0748 4940 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/02 19:42:04.0764 4940 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/02 19:42:04.0779 4940 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/02 19:42:04.0811 4940 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/02 19:42:04.0826 4940 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/02 19:42:04.0842 4940 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/02 19:42:04.0857 4940 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/02 19:42:04.0873 4940 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/02 19:42:04.0904 4940 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2011/05/02 19:42:04.0920 4940 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/02 19:42:04.0935 4940 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/02 19:42:04.0951 4940 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/05/02 19:42:04.0982 4940 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/05/02 19:42:05.0013 4940 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/02 19:42:05.0029 4940 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/05/02 19:42:05.0060 4940 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/05/02 19:42:05.0076 4940 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/02 19:42:05.0091 4940 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/05/02 19:42:05.0123 4940 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/02 19:42:05.0154 4940 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/05/02 19:42:05.0169 4940 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/02 19:42:05.0201 4940 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/05/02 19:42:05.0232 4940 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/05/02 19:42:05.0247 4940 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/05/02 19:42:05.0263 4940 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/02 19:42:05.0294 4940 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/02 19:42:05.0294 4940 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/02 19:42:05.0325 4940 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/05/02 19:42:05.0372 4940 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/05/02 19:42:05.0435 4940 SRTSP (9a359fb3d10c9de23edc427ada8ac8be) C:\Windows\System32\Drivers\NISx64\1205000.07D\SRTSP64.SYS
2011/05/02 19:42:05.0466 4940 SRTSPX (a14a9aaa8005d411ef1657601f55776d) C:\Windows\system32\drivers\NISx64\1205000.07D\SRTSPX64.SYS
2011/05/02 19:42:05.0497 4940 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys
2011/05/02 19:42:05.0528 4940 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/02 19:42:05.0559 4940 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/02 19:42:05.0606 4940 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/02 19:42:05.0622 4940 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/05/02 19:42:05.0653 4940 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2011/05/02 19:42:05.0669 4940 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/02 19:42:05.0684 4940 SymDS (6d33d1669b3b6193658129d1767a4aff) C:\Windows\system32\drivers\NISx64\1205000.07D\SYMDS64.SYS
2011/05/02 19:42:05.0715 4940 SymEFA (9acc52c79420236dcb1ab1a17ed0df2e) C:\Windows\system32\drivers\NISx64\1205000.07D\SYMEFA64.SYS
2011/05/02 19:42:05.0762 4940 SymEvent (84e27ca1a5af320a705e767ea53086e5) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2011/05/02 19:42:05.0778 4940 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1205000.07D\Ironx64.SYS
2011/05/02 19:42:05.0793 4940 SymNetS (af56ca02f9dc706709c0a7df5c1dab82) C:\Windows\system32\drivers\NISx64\1205000.07D\SYMNETS.SYS
2011/05/02 19:42:05.0871 4940 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/05/02 19:42:05.0934 4940 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/02 19:42:05.0965 4940 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/02 19:42:05.0996 4940 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/05/02 19:42:06.0012 4940 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/05/02 19:42:06.0043 4940 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/02 19:42:06.0059 4940 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/02 19:42:06.0090 4940 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/02 19:42:06.0105 4940 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/02 19:42:06.0137 4940 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/02 19:42:06.0152 4940 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/02 19:42:06.0183 4940 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/05/02 19:42:06.0199 4940 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/02 19:42:06.0215 4940 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/02 19:42:06.0261 4940 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
2011/05/02 19:42:06.0293 4940 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/05/02 19:42:06.0308 4940 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/02 19:42:06.0324 4940 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/05/02 19:42:06.0339 4940 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/02 19:42:06.0355 4940 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/02 19:42:06.0371 4940 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/02 19:42:06.0386 4940 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/02 19:42:06.0417 4940 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
2011/05/02 19:42:06.0433 4940 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/02 19:42:06.0558 4940 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
2011/05/02 19:42:06.0558 4940 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/05/02 19:42:06.0589 4940 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/02 19:42:06.0605 4940 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/05/02 19:42:06.0620 4940 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/05/02 19:42:06.0636 4940 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/05/02 19:42:06.0651 4940 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2011/05/02 19:42:06.0667 4940 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/05/02 19:42:06.0683 4940 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/05/02 19:42:06.0714 4940 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/05/02 19:42:06.0729 4940 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/05/02 19:42:06.0761 4940 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/02 19:42:06.0776 4940 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/05/02 19:42:06.0792 4940 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/05/02 19:42:06.0823 4940 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/02 19:42:06.0854 4940 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/02 19:42:06.0854 4940 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/02 19:42:06.0885 4940 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/05/02 19:42:06.0917 4940 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/02 19:42:06.0948 4940 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/02 19:42:06.0979 4940 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/05/02 19:42:07.0026 4940 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/05/02 19:42:07.0057 4940 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/02 19:42:07.0088 4940 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/02 19:42:07.0119 4940 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/05/02 19:42:07.0135 4940 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/02 19:42:07.0182 4940 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/05/02 19:42:07.0322 4940 ================================================================================
2011/05/02 19:42:07.0322 4940 Scan finished
2011/05/02 19:42:07.0322 4940 ================================================================================
Yes when I started computer today. But I just opened Norton and clicked on the threat and found another button that said remove or quarantine threat. It popped up and said threat no longer detected.....so I am hoping it doesn't pop up again. Other than that Im assuming everything else looks clean?
Broni
Posts: 56,041 +516
Yes, but we'll run couple more checks to make sure...
Download OTL to your Desktop.
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop
Download OTL to your Desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Click the Scan All Users checkbox.
- Under the Custom Scan box paste this in:
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
There wasn't an extras text file
OTL logfile created on: 5/2/2011 8:07:42 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\user\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
12.00 Gb Total Physical Memory | 10.00 Gb Available Physical Memory | 83.00% Memory free
24.00 Gb Paging File | 22.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 415.23 Gb Free Space | 89.17% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 1544.56 Gb Free Space | 82.91% Space Free | Partition Type: NTFS
Drive G: | 38.57 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: FAT32
Drive I: | 74.36 Gb Total Space | 5.04 Gb Free Space | 6.78% Space Free | Partition Type: FAT32
Computer Name: BIGDRU | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found --
PRC - [2011/05/02 20:00:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2011/04/30 22:16:23 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/11/23 19:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
PRC - [2010/07/31 08:27:36 | 000,235,624 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/04/08 04:20:00 | 001,868,176 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
PRC - [2010/04/07 04:20:00 | 006,837,648 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
PRC - [2009/09/25 22:59:18 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/06/17 04:44:11 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files (x86)\SlySoft\VirtualCloneDrive\VCDDaemon.exe
========== Modules (SafeList) ==========
MOD - [2011/05/02 20:00:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 18:15:48 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mssprxy.dll
MOD - [2009/07/13 18:15:21 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fontext.dll
MOD - [2009/07/13 18:15:21 | 000,093,696 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWOW64\fms.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/11/23 19:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe -- (NIS)
SRV - [2010/07/31 08:27:36 | 000,235,624 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/04/08 04:20:00 | 001,868,176 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/10 00:30:17 | 000,174,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/11/30 22:24:00 | 000,382,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\symnets.sys -- (SymNetS)
DRV:64bit: - [2010/11/23 02:45:55 | 000,040,616 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/22 21:08:32 | 000,735,864 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/11/22 21:08:32 | 000,040,568 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/11/17 19:59:55 | 000,802,864 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2010/11/15 18:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/10/20 19:28:36 | 000,450,608 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\SymDS64.sys -- (SymDS)
DRV:64bit: - [2010/09/28 16:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/14 06:16:15 | 000,125,888 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2010/08/26 19:41:08 | 000,097,280 | ---- | M] (RME) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hdsp_64.sys -- (hdsp)
DRV:64bit: - [2010/06/21 15:07:36 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/09/25 22:58:32 | 000,178,688 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/09/25 22:58:24 | 000,073,728 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/08/09 14:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/07/15 20:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 07:56:08 | 000,712,704 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/02/15 17:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2011/04/15 13:29:04 | 001,127,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110430.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/03/30 21:00:19 | 001,828,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110502.018\EX64.SYS -- (NAVEX15)
DRV - [2011/03/30 21:00:19 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110502.018\ENG64.SYS -- (NAVENG)
DRV - [2011/03/14 11:58:28 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110429.002\IDSviA64.sys -- (IDSVia64)
DRV - [2011/01/08 02:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/09/22 21:00:01 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/09/14 06:16:15 | 000,125,888 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2007/02/15 17:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2696968603-565600004-306040373-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z005&form=ZGAPHP
IE - HKU\S-1-5-21-2696968603-565600004-306040373-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2696968603-565600004-306040373-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6C FA 6E 1A A9 56 CB 01 [binary data]
IE - HKU\S-1-5-21-2696968603-565600004-306040373-1001\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2696968603-565600004-306040373-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2696968603-565600004-306040373-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: " "
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.2
FF - prefs.js..extensions.enabledItems: vshareus@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z005&form=ZGAADF&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011/01/10 18:50:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn\ [2011/01/10 00:30:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/30 22:16:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/30 12:03:46 | 000,000,000 | ---D | M]
[2010/09/22 20:10:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions
[2011/04/30 12:08:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\extensions
[2011/01/19 23:27:22 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2011/04/23 14:14:41 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/04/23 14:14:41 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\extensions\engine@conduit.com
[2010/12/11 20:03:32 | 000,000,000 | ---D | M] (vShare) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\extensions\vshareus@toolbar
[2010/12/11 20:03:27 | 000,001,919 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\searchplugins\bing-zugo.xml
[2011/03/20 16:24:25 | 000,000,863 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\searchplugins\conduit.xml
[2011/01/10 19:30:19 | 000,002,470 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\searchplugins\safesearch.xml
[2011/04/23 14:13:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/04/23 14:07:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/23 14:13:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/01/10 18:50:56 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPLGN
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KA44SO43.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2011/04/30 22:16:23 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2011/04/23 14:13:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/04/23 16:39:37 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011/04/23 13:36:48 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3:64bit: - HKU\S-1-5-21-2696968603-565600004-306040373-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-2696968603-565600004-306040373-1001\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2696968603-565600004-306040373-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2696968603-565600004-306040373-1001\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [HDSPTray1] C:\Windows\SysNative\hdsp32.exe (RME)
O4:64bit: - HKLM..\Run: [HDSPTray2] C:\Windows\SysNative\hdspmix.exe ()
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\SlySoft\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2696968603-565600004-306040373-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2696968603-565600004-306040373-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2696968603-565600004-306040373-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18:64bit: - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - Reg Error: Key error. File not found
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/05/02 20:00:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/02 18:47:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/05/02 18:42:47 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/02 18:42:47 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/02 18:42:47 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/02 18:41:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/02 18:37:18 | 000,083,968 | ---- | C] (eSage Lab) -- C:\Users\user\Desktop\remover.exe
[2011/05/01 19:47:29 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2011/05/01 19:46:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/01 19:46:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/01 19:46:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebyte Anti-Malware
[2011/05/01 19:46:29 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/05/01 19:46:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2011/05/01 19:38:58 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\user\Desktop\TDSSKiller.exe
[2011/05/01 19:38:58 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2011/05/01 19:38:58 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\TFC.exe
[2011/05/01 19:38:58 | 000,400,384 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Users\user\Desktop\JavaRa.exe
[2011/04/23 14:14:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/04/23 14:13:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011/04/23 14:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/04/23 13:10:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/23 13:09:02 | 000,000,000 | ---D | C] -- C:\Qoobox
========== Files - Modified Within 30 Days ==========
[2011/05/02 20:00:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2011/05/02 19:55:51 | 002,874,846 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/02 19:55:51 | 000,865,550 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/02 19:55:51 | 000,005,152 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/02 19:24:14 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/02 19:24:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/02 19:19:53 | 001,006,778 | ---- | M] () -- C:\Users\user\Desktop\rkill.exe
[2011/05/02 18:41:46 | 004,335,422 | R--- | M] () -- C:\Users\user\Desktop\ComboFix.exe
[2011/05/02 18:41:25 | 000,015,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/02 18:41:25 | 000,015,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/02 18:36:54 | 000,039,605 | ---- | M] () -- C:\Users\user\Desktop\bootkit_remover.rar
[2011/05/02 18:34:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/02 18:34:01 | 1066,754,046 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/01 20:11:08 | 000,625,664 | ---- | M] () -- C:\Users\user\Desktop\dds.scr
[2011/05/01 19:54:03 | 000,301,568 | ---- | M] () -- C:\Users\user\Desktop\fbf2usqd.exe
[2011/05/01 19:46:32 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/30 22:16:30 | 000,002,052 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/30 20:42:52 | 000,000,166 | -HS- | M] () -- C:\ProgramData\.zreglib
[2011/04/23 14:29:19 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\TFC.exe
[2011/04/23 14:29:12 | 000,879,028 | ---- | M] () -- C:\Users\user\Desktop\SecurityCheck.exe
[2011/04/23 13:36:48 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/04/23 12:55:42 | 000,080,384 | ---- | M] () -- C:\Users\user\Desktop\MBRCheck.exe
[2011/04/23 12:54:44 | 001,263,721 | ---- | M] () -- C:\Users\user\Desktop\tdsskiller.zip
[2011/04/16 09:23:55 | 000,268,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/04/07 21:52:39 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\CloneCD.lnk
========== Files Created - No Company Name ==========
[2011/05/02 19:19:49 | 001,006,778 | ---- | C] () -- C:\Users\user\Desktop\rkill.exe
[2011/05/02 18:42:47 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/02 18:42:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/02 18:42:47 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/02 18:42:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/02 18:42:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/02 18:41:51 | 004,335,422 | R--- | C] () -- C:\Users\user\Desktop\ComboFix.exe
[2011/05/02 18:36:53 | 000,039,605 | ---- | C] () -- C:\Users\user\Desktop\bootkit_remover.rar
[2011/05/01 20:11:03 | 000,625,664 | ---- | C] () -- C:\Users\user\Desktop\dds.scr
[2011/05/01 19:53:57 | 000,301,568 | ---- | C] () -- C:\Users\user\Desktop\fbf2usqd.exe
[2011/05/01 19:46:32 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/01 19:38:58 | 001,263,721 | ---- | C] () -- C:\Users\user\Desktop\tdsskiller.zip
[2011/05/01 19:38:58 | 000,879,028 | ---- | C] () -- C:\Users\user\Desktop\SecurityCheck.exe
[2011/05/01 19:38:58 | 000,301,809 | ---- | C] () -- C:\Users\user\Desktop\JavaRa.def
[2011/05/01 19:38:58 | 000,080,384 | ---- | C] () -- C:\Users\user\Desktop\MBRCheck.exe
[2011/04/23 16:39:45 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/07 21:52:39 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\CloneCD.lnk
[2011/02/26 18:28:31 | 000,003,584 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/04 20:18:29 | 000,001,940 | ---- | C] () -- C:\Users\user\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/10/18 18:13:03 | 000,000,120 | ---- | C] () -- C:\Users\user\AppData\Local\Yludexexexivux.dat
[2010/10/18 18:13:03 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\Bvugol.bin
[2010/09/28 22:24:58 | 000,118,784 | ---- | C] () -- C:\Windows\dsdxirmv.exe
[2010/09/22 21:30:51 | 000,000,166 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/09/17 15:23:04 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/09/17 15:22:59 | 000,024,187 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 05:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
========== LOP Check ==========
[2010/10/12 19:01:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Cakewalk
[2011/05/02 18:34:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Dropbox
[2010/11/15 20:28:35 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Megaupload
[2010/10/08 17:50:06 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Propellerhead Software
[2011/05/01 13:17:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent
[2011/02/27 18:41:28 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2011/05/02 18:47:06 | 000,026,608 | ---- | M] () -- C:\ComboFix.txt
[2011/05/02 18:34:01 | 1066,754,046 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/02 18:34:05 | 4285,652,990 | -HS- | M] () -- C:\pagefile.sys
[2011/05/02 19:42:20 | 000,068,108 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_02.05.2011_19.41.49_log.txt
< %systemroot%\Fonts\*.com >
[2009/07/13 22:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 22:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 22:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 22:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2009/06/10 13:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2009/07/13 21:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/09/17 13:44:16 | 000,000,221 | -HS- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
< %USERPROFILE%\Desktop\*.exe >
[2011/05/02 18:41:46 | 004,335,422 | R--- | M] () -- C:\Users\user\Desktop\ComboFix.exe
[2011/05/01 19:54:03 | 000,301,568 | ---- | M] () -- C:\Users\user\Desktop\fbf2usqd.exe
[2010/12/27 19:23:50 | 000,400,384 | ---- | M] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Users\user\Desktop\JavaRa.exe
[2011/04/23 12:55:42 | 000,080,384 | ---- | M] () -- C:\Users\user\Desktop\MBRCheck.exe
[2011/05/02 20:00:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2010/09/01 15:33:49 | 000,083,968 | ---- | M] (eSage Lab) -- C:\Users\user\Desktop\remover.exe
[2011/05/02 19:19:53 | 001,006,778 | ---- | M] () -- C:\Users\user\Desktop\rkill.exe
[2011/04/23 14:29:12 | 000,879,028 | ---- | M] () -- C:\Users\user\Desktop\SecurityCheck.exe
[2011/03/10 12:27:50 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\user\Desktop\TDSSKiller.exe
[2011/04/23 14:29:19 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\TFC.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
< %USERPROFILE%\*.exe >
< %systemroot%\ADDINS\*.* >
[2009/06/10 14:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. >
< %USERPROFILE%\Favorites\*.url /x >
[2010/09/17 14:27:15 | 000,000,402 | -HS- | M] () -- C:\Users\user\Favorites\desktop.ini
< %systemroot%\system32\*.bk >
< %systemroot%\*.te >
< %systemroot%\system32\system32\*.* >
< %ALLUSERSPROFILE%\*.dat /x >
[2011/04/30 20:42:52 | 000,000,166 | -HS- | M] () -- C:\ProgramData\.zreglib
< %systemroot%\system32\drivers\*.rmv >
< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
< dir /b "%systemroot%\*.exe" | find /i " " /c >
< %PROGRAMFILES%\Microsoft\*.* >
< %systemroot%\System32\Wbem\proquota.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.dat >
< %USERPROFILE%\Cookies\*.txt /x >
< %SystemRoot%\system32\fonts\*.* >
< %systemroot%\system32\winlog\*.* >
< %systemroot%\system32\Language\*.* >
< %systemroot%\system32\Settings\*.* >
< %systemroot%\system32\*.quo >
< %SYSTEMROOT%\AppPatch\*.exe >
< %SYSTEMROOT%\inf\*.exe >
< %SYSTEMROOT%\Installer\*.exe >
< %systemroot%\system32\config\*.bak2 >
< %systemroot%\system32\Computers\*.* >
< %SystemRoot%\system32\Sound\*.* >
< %SystemRoot%\system32\SpecialImg\*.* >
< %SystemRoot%\system32\code\*.* >
< %SystemRoot%\system32\draft\*.* >
< %SystemRoot%\system32\MSSSys\*.* >
< %ProgramFiles%\Javascript\*.* >
< %systemroot%\pchealth\helpctr\System\*.exe /s >
< %systemroot%\Web\*.exe >
< %systemroot%\system32\msn\*.* >
< %systemroot%\system32\*.tro >
< %AppData%\Microsoft\Installer\msupdates\*.* >
< %ProgramFiles%\Messenger\*.* >
< %systemroot%\system32\systhem32\*.* >
< %systemroot%\system\*.exe >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >
OTL logfile created on: 5/2/2011 8:07:42 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\user\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
12.00 Gb Total Physical Memory | 10.00 Gb Available Physical Memory | 83.00% Memory free
24.00 Gb Paging File | 22.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 415.23 Gb Free Space | 89.17% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 1544.56 Gb Free Space | 82.91% Space Free | Partition Type: NTFS
Drive G: | 38.57 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: FAT32
Drive I: | 74.36 Gb Total Space | 5.04 Gb Free Space | 6.78% Space Free | Partition Type: FAT32
Computer Name: BIGDRU | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found --
PRC - [2011/05/02 20:00:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2011/04/30 22:16:23 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/11/23 19:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
PRC - [2010/07/31 08:27:36 | 000,235,624 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/04/08 04:20:00 | 001,868,176 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
PRC - [2010/04/07 04:20:00 | 006,837,648 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
PRC - [2009/09/25 22:59:18 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/06/17 04:44:11 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files (x86)\SlySoft\VirtualCloneDrive\VCDDaemon.exe
========== Modules (SafeList) ==========
MOD - [2011/05/02 20:00:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 18:15:48 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mssprxy.dll
MOD - [2009/07/13 18:15:21 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fontext.dll
MOD - [2009/07/13 18:15:21 | 000,093,696 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWOW64\fms.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/11/23 19:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe -- (NIS)
SRV - [2010/07/31 08:27:36 | 000,235,624 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/04/08 04:20:00 | 001,868,176 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/10 00:30:17 | 000,174,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/11/30 22:24:00 | 000,382,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\symnets.sys -- (SymNetS)
DRV:64bit: - [2010/11/23 02:45:55 | 000,040,616 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/22 21:08:32 | 000,735,864 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/11/22 21:08:32 | 000,040,568 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/11/17 19:59:55 | 000,802,864 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2010/11/15 18:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/10/20 19:28:36 | 000,450,608 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\SymDS64.sys -- (SymDS)
DRV:64bit: - [2010/09/28 16:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/14 06:16:15 | 000,125,888 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2010/08/26 19:41:08 | 000,097,280 | ---- | M] (RME) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hdsp_64.sys -- (hdsp)
DRV:64bit: - [2010/06/21 15:07:36 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/09/25 22:58:32 | 000,178,688 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/09/25 22:58:24 | 000,073,728 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/08/09 14:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/07/15 20:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 07:56:08 | 000,712,704 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/02/15 17:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2011/04/15 13:29:04 | 001,127,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110430.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/03/30 21:00:19 | 001,828,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110502.018\EX64.SYS -- (NAVEX15)
DRV - [2011/03/30 21:00:19 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110502.018\ENG64.SYS -- (NAVENG)
DRV - [2011/03/14 11:58:28 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110429.002\IDSviA64.sys -- (IDSVia64)
DRV - [2011/01/08 02:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/09/22 21:00:01 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/09/14 06:16:15 | 000,125,888 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2007/02/15 17:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2696968603-565600004-306040373-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z005&form=ZGAPHP
IE - HKU\S-1-5-21-2696968603-565600004-306040373-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2696968603-565600004-306040373-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6C FA 6E 1A A9 56 CB 01 [binary data]
IE - HKU\S-1-5-21-2696968603-565600004-306040373-1001\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2696968603-565600004-306040373-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2696968603-565600004-306040373-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: " "
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.2
FF - prefs.js..extensions.enabledItems: vshareus@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z005&form=ZGAADF&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011/01/10 18:50:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn\ [2011/01/10 00:30:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/30 22:16:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/30 12:03:46 | 000,000,000 | ---D | M]
[2010/09/22 20:10:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions
[2011/04/30 12:08:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\extensions
[2011/01/19 23:27:22 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2011/04/23 14:14:41 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/04/23 14:14:41 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\extensions\engine@conduit.com
[2010/12/11 20:03:32 | 000,000,000 | ---D | M] (vShare) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\extensions\vshareus@toolbar
[2010/12/11 20:03:27 | 000,001,919 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\searchplugins\bing-zugo.xml
[2011/03/20 16:24:25 | 000,000,863 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\searchplugins\conduit.xml
[2011/01/10 19:30:19 | 000,002,470 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\searchplugins\safesearch.xml
[2011/04/23 14:13:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/04/23 14:07:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/23 14:13:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/01/10 18:50:56 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPLGN
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KA44SO43.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2011/04/30 22:16:23 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2011/04/23 14:13:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/04/23 16:39:37 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011/04/23 13:36:48 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3:64bit: - HKU\S-1-5-21-2696968603-565600004-306040373-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-2696968603-565600004-306040373-1001\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2696968603-565600004-306040373-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2696968603-565600004-306040373-1001\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [HDSPTray1] C:\Windows\SysNative\hdsp32.exe (RME)
O4:64bit: - HKLM..\Run: [HDSPTray2] C:\Windows\SysNative\hdspmix.exe ()
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\SlySoft\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2696968603-565600004-306040373-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2696968603-565600004-306040373-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2696968603-565600004-306040373-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18:64bit: - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - Reg Error: Key error. File not found
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/05/02 20:00:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/02 18:47:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/05/02 18:42:47 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/02 18:42:47 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/02 18:42:47 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/02 18:41:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/02 18:37:18 | 000,083,968 | ---- | C] (eSage Lab) -- C:\Users\user\Desktop\remover.exe
[2011/05/01 19:47:29 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2011/05/01 19:46:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/01 19:46:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/01 19:46:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebyte Anti-Malware
[2011/05/01 19:46:29 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/05/01 19:46:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2011/05/01 19:38:58 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\user\Desktop\TDSSKiller.exe
[2011/05/01 19:38:58 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2011/05/01 19:38:58 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\TFC.exe
[2011/05/01 19:38:58 | 000,400,384 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Users\user\Desktop\JavaRa.exe
[2011/04/23 14:14:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/04/23 14:13:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011/04/23 14:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/04/23 13:10:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/23 13:09:02 | 000,000,000 | ---D | C] -- C:\Qoobox
========== Files - Modified Within 30 Days ==========
[2011/05/02 20:00:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2011/05/02 19:55:51 | 002,874,846 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/02 19:55:51 | 000,865,550 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/02 19:55:51 | 000,005,152 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/02 19:24:14 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/02 19:24:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/02 19:19:53 | 001,006,778 | ---- | M] () -- C:\Users\user\Desktop\rkill.exe
[2011/05/02 18:41:46 | 004,335,422 | R--- | M] () -- C:\Users\user\Desktop\ComboFix.exe
[2011/05/02 18:41:25 | 000,015,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/02 18:41:25 | 000,015,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/02 18:36:54 | 000,039,605 | ---- | M] () -- C:\Users\user\Desktop\bootkit_remover.rar
[2011/05/02 18:34:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/02 18:34:01 | 1066,754,046 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/01 20:11:08 | 000,625,664 | ---- | M] () -- C:\Users\user\Desktop\dds.scr
[2011/05/01 19:54:03 | 000,301,568 | ---- | M] () -- C:\Users\user\Desktop\fbf2usqd.exe
[2011/05/01 19:46:32 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/30 22:16:30 | 000,002,052 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/30 20:42:52 | 000,000,166 | -HS- | M] () -- C:\ProgramData\.zreglib
[2011/04/23 14:29:19 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\TFC.exe
[2011/04/23 14:29:12 | 000,879,028 | ---- | M] () -- C:\Users\user\Desktop\SecurityCheck.exe
[2011/04/23 13:36:48 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/04/23 12:55:42 | 000,080,384 | ---- | M] () -- C:\Users\user\Desktop\MBRCheck.exe
[2011/04/23 12:54:44 | 001,263,721 | ---- | M] () -- C:\Users\user\Desktop\tdsskiller.zip
[2011/04/16 09:23:55 | 000,268,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/04/07 21:52:39 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\CloneCD.lnk
========== Files Created - No Company Name ==========
[2011/05/02 19:19:49 | 001,006,778 | ---- | C] () -- C:\Users\user\Desktop\rkill.exe
[2011/05/02 18:42:47 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/02 18:42:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/02 18:42:47 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/02 18:42:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/02 18:42:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/02 18:41:51 | 004,335,422 | R--- | C] () -- C:\Users\user\Desktop\ComboFix.exe
[2011/05/02 18:36:53 | 000,039,605 | ---- | C] () -- C:\Users\user\Desktop\bootkit_remover.rar
[2011/05/01 20:11:03 | 000,625,664 | ---- | C] () -- C:\Users\user\Desktop\dds.scr
[2011/05/01 19:53:57 | 000,301,568 | ---- | C] () -- C:\Users\user\Desktop\fbf2usqd.exe
[2011/05/01 19:46:32 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/01 19:38:58 | 001,263,721 | ---- | C] () -- C:\Users\user\Desktop\tdsskiller.zip
[2011/05/01 19:38:58 | 000,879,028 | ---- | C] () -- C:\Users\user\Desktop\SecurityCheck.exe
[2011/05/01 19:38:58 | 000,301,809 | ---- | C] () -- C:\Users\user\Desktop\JavaRa.def
[2011/05/01 19:38:58 | 000,080,384 | ---- | C] () -- C:\Users\user\Desktop\MBRCheck.exe
[2011/04/23 16:39:45 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/07 21:52:39 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\CloneCD.lnk
[2011/02/26 18:28:31 | 000,003,584 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/04 20:18:29 | 000,001,940 | ---- | C] () -- C:\Users\user\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/10/18 18:13:03 | 000,000,120 | ---- | C] () -- C:\Users\user\AppData\Local\Yludexexexivux.dat
[2010/10/18 18:13:03 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\Bvugol.bin
[2010/09/28 22:24:58 | 000,118,784 | ---- | C] () -- C:\Windows\dsdxirmv.exe
[2010/09/22 21:30:51 | 000,000,166 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/09/17 15:23:04 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/09/17 15:22:59 | 000,024,187 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 05:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
========== LOP Check ==========
[2010/10/12 19:01:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Cakewalk
[2011/05/02 18:34:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Dropbox
[2010/11/15 20:28:35 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Megaupload
[2010/10/08 17:50:06 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Propellerhead Software
[2011/05/01 13:17:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent
[2011/02/27 18:41:28 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2011/05/02 18:47:06 | 000,026,608 | ---- | M] () -- C:\ComboFix.txt
[2011/05/02 18:34:01 | 1066,754,046 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/02 18:34:05 | 4285,652,990 | -HS- | M] () -- C:\pagefile.sys
[2011/05/02 19:42:20 | 000,068,108 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_02.05.2011_19.41.49_log.txt
< %systemroot%\Fonts\*.com >
[2009/07/13 22:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 22:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 22:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 22:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2009/06/10 13:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2009/07/13 21:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/09/17 13:44:16 | 000,000,221 | -HS- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
< %USERPROFILE%\Desktop\*.exe >
[2011/05/02 18:41:46 | 004,335,422 | R--- | M] () -- C:\Users\user\Desktop\ComboFix.exe
[2011/05/01 19:54:03 | 000,301,568 | ---- | M] () -- C:\Users\user\Desktop\fbf2usqd.exe
[2010/12/27 19:23:50 | 000,400,384 | ---- | M] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Users\user\Desktop\JavaRa.exe
[2011/04/23 12:55:42 | 000,080,384 | ---- | M] () -- C:\Users\user\Desktop\MBRCheck.exe
[2011/05/02 20:00:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2010/09/01 15:33:49 | 000,083,968 | ---- | M] (eSage Lab) -- C:\Users\user\Desktop\remover.exe
[2011/05/02 19:19:53 | 001,006,778 | ---- | M] () -- C:\Users\user\Desktop\rkill.exe
[2011/04/23 14:29:12 | 000,879,028 | ---- | M] () -- C:\Users\user\Desktop\SecurityCheck.exe
[2011/03/10 12:27:50 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\user\Desktop\TDSSKiller.exe
[2011/04/23 14:29:19 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\TFC.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
< %USERPROFILE%\*.exe >
< %systemroot%\ADDINS\*.* >
[2009/06/10 14:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. >
< %USERPROFILE%\Favorites\*.url /x >
[2010/09/17 14:27:15 | 000,000,402 | -HS- | M] () -- C:\Users\user\Favorites\desktop.ini
< %systemroot%\system32\*.bk >
< %systemroot%\*.te >
< %systemroot%\system32\system32\*.* >
< %ALLUSERSPROFILE%\*.dat /x >
[2011/04/30 20:42:52 | 000,000,166 | -HS- | M] () -- C:\ProgramData\.zreglib
< %systemroot%\system32\drivers\*.rmv >
< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
< dir /b "%systemroot%\*.exe" | find /i " " /c >
< %PROGRAMFILES%\Microsoft\*.* >
< %systemroot%\System32\Wbem\proquota.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.dat >
< %USERPROFILE%\Cookies\*.txt /x >
< %SystemRoot%\system32\fonts\*.* >
< %systemroot%\system32\winlog\*.* >
< %systemroot%\system32\Language\*.* >
< %systemroot%\system32\Settings\*.* >
< %systemroot%\system32\*.quo >
< %SYSTEMROOT%\AppPatch\*.exe >
< %SYSTEMROOT%\inf\*.exe >
< %SYSTEMROOT%\Installer\*.exe >
< %systemroot%\system32\config\*.bak2 >
< %systemroot%\system32\Computers\*.* >
< %SystemRoot%\system32\Sound\*.* >
< %SystemRoot%\system32\SpecialImg\*.* >
< %SystemRoot%\system32\code\*.* >
< %SystemRoot%\system32\draft\*.* >
< %SystemRoot%\system32\MSSSys\*.* >
< %ProgramFiles%\Javascript\*.* >
< %systemroot%\pchealth\helpctr\System\*.exe /s >
< %systemroot%\Web\*.exe >
< %systemroot%\system32\msn\*.* >
< %systemroot%\system32\*.tro >
< %AppData%\Microsoft\Installer\msupdates\*.* >
< %ProgramFiles%\Messenger\*.* >
< %systemroot%\system32\systhem32\*.* >
< %systemroot%\system\*.exe >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >
Broni
Posts: 56,041 +516
Update your Java version here: http://www.java.com/en/download/installed.jsp
Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.
======================================================================
Run OTL
=====================================================================
Last scans...
1. Download Security Check from HERE, and save it to your Desktop.
2. Download Temp File Cleaner (TFC)
3. Please run a free online scan with the ESET Online Scanner
Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.
======================================================================
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
Code::OTL [2010/12/11 20:03:27 | 000,001,919 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\sea rchplugins\bing-zugo.xml [2011/01/10 19:30:19 | 000,002,470 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\sea rchplugins\safesearch.xml O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found :Commands [purity] [emptytemp] [emptyflash] [Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- You will get a log that shows the results of the fix. Please post it.
=====================================================================
Last scans...
1. Download Security Check from HERE, and save it to your Desktop.
- Double-click SecurityCheck.exe
- Follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.
2. Download Temp File Cleaner (TFC)
- Double click on TFC.exe to run the program.
- Click on Start button to begin cleaning process.
- TFC will close all running programs, and it may ask you to restart computer.
3. Please run a free online scan with the ESET Online Scanner
- Disable your antivirus program
- Tick the box next to YES, I accept the Terms of Use
- Click Start
- IMPORTANT! UN-check Remove found threats
- Accept any security warnings from your browser.
- Check Scan archives
- Click Start
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, push List of found threats
- Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
- NOTE. If Eset won't find any threats, it won't produce any log.
OTL logfile created on: 5/3/2011 7:59:58 PM - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\user\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
12.00 Gb Total Physical Memory | 10.00 Gb Available Physical Memory | 84.00% Memory free
24.00 Gb Paging File | 22.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 418.45 Gb Free Space | 89.86% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 1544.55 Gb Free Space | 82.91% Space Free | Partition Type: NTFS
Drive G: | 38.57 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: FAT32
Computer Name: BIGDRU | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found --
PRC - [2011/05/02 20:00:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2011/04/30 22:16:23 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/04/14 05:08:12 | 000,023,328 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jp2launcher.exe
PRC - [2011/04/14 05:08:09 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\java.exe
PRC - [2011/01/26 22:40:24 | 023,361,424 | ---- | M] (Dropbox, Inc.) -- C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2010/11/23 19:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
PRC - [2010/07/31 08:27:36 | 000,235,624 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/04/08 04:20:00 | 001,868,176 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
PRC - [2010/04/07 04:20:00 | 006,837,648 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
PRC - [2009/09/25 22:59:18 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/06/17 04:44:11 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files (x86)\SlySoft\VirtualCloneDrive\VCDDaemon.exe
========== Modules (SafeList) ==========
MOD - [2011/05/02 20:00:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/11/23 19:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe -- (NIS)
SRV - [2010/07/31 08:27:36 | 000,235,624 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/04/08 04:20:00 | 001,868,176 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/10 00:30:17 | 000,174,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/11/30 22:24:00 | 000,382,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\symnets.sys -- (SymNetS)
DRV:64bit: - [2010/11/23 02:45:55 | 000,040,616 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/22 21:08:32 | 000,735,864 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/11/22 21:08:32 | 000,040,568 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/11/17 19:59:55 | 000,802,864 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2010/11/15 18:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/10/20 19:28:36 | 000,450,608 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\SymDS64.sys -- (SymDS)
DRV:64bit: - [2010/09/28 16:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/14 06:16:15 | 000,125,888 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2010/08/26 19:41:08 | 000,097,280 | ---- | M] (RME) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hdsp_64.sys -- (hdsp)
DRV:64bit: - [2010/06/21 15:07:36 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/09/25 22:58:32 | 000,178,688 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/09/25 22:58:24 | 000,073,728 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/08/09 14:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/07/15 20:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 07:56:08 | 000,712,704 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/02/15 17:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2011/04/15 13:29:04 | 001,127,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110430.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/03/30 21:00:19 | 001,828,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110503.021\EX64.SYS -- (NAVEX15)
DRV - [2011/03/30 21:00:19 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110503.021\ENG64.SYS -- (NAVENG)
DRV - [2011/03/14 11:58:28 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110502.001\IDSviA64.sys -- (IDSVia64)
DRV - [2011/01/08 02:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/09/22 21:00:01 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/09/14 06:16:15 | 000,125,888 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2007/02/15 17:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z005&form=ZGAPHP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6C FA 6E 1A A9 56 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: " "
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.2
FF - prefs.js..extensions.enabledItems: vshareus@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z005&form=ZGAADF&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011/01/10 18:50:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn\ [2011/01/10 00:30:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/30 22:16:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/30 12:03:46 | 000,000,000 | ---D | M]
[2010/09/22 20:10:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions
[2011/04/30 12:08:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\extensions
[2011/01/19 23:27:22 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2011/04/23 14:14:41 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/04/23 14:14:41 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\extensions\engine@conduit.com
[2010/12/11 20:03:32 | 000,000,000 | ---D | M] (vShare) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\extensions\vshareus@toolbar
[2010/12/11 20:03:27 | 000,001,919 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\searchplugins\bing-zugo.xml
[2011/03/20 16:24:25 | 000,000,863 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\searchplugins\conduit.xml
[2011/01/10 19:30:19 | 000,002,470 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\searchplugins\safesearch.xml
[2011/05/03 19:58:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/04/23 14:07:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/23 14:13:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/05/03 19:58:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) --
[2011/01/10 18:50:56 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPLGN
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KA44SO43.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2011/04/30 22:16:23 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2011/04/14 05:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/04/23 16:39:37 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011/04/23 13:36:48 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [HDSPTray1] C:\Windows\SysNative\hdsp32.exe (RME)
O4:64bit: - HKLM..\Run: [HDSPTray2] C:\Windows\SysNative\hdspmix.exe ()
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\SlySoft\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18:64bit: - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - Reg Error: Key error. File not found
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/05/03 19:58:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/05/02 20:00:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/02 18:47:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/05/02 18:42:47 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/02 18:42:47 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/02 18:42:47 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/02 18:41:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/02 18:37:18 | 000,083,968 | ---- | C] (eSage Lab) -- C:\Users\user\Desktop\remover.exe
[2011/05/01 19:47:29 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2011/05/01 19:46:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/01 19:46:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/01 19:46:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebyte Anti-Malware
[2011/05/01 19:46:29 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/05/01 19:46:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2011/05/01 19:38:58 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\user\Desktop\TDSSKiller.exe
[2011/05/01 19:38:58 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2011/05/01 19:38:58 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\TFC.exe
[2011/05/01 19:38:58 | 000,400,384 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Users\user\Desktop\JavaRa.exe
[2011/04/23 14:13:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011/04/23 14:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/04/23 13:10:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/23 13:09:02 | 000,000,000 | ---D | C] -- C:\Qoobox
========== Files - Modified Within 30 Days ==========
[2011/05/03 19:24:14 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/03 19:24:01 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/03 18:33:24 | 000,015,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/03 18:33:24 | 000,015,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/03 18:30:32 | 002,887,228 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/03 18:30:32 | 000,869,736 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/03 18:30:31 | 000,005,152 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/03 18:26:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/03 18:26:02 | 1066,754,046 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/02 20:00:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2011/05/02 19:19:53 | 001,006,778 | ---- | M] () -- C:\Users\user\Desktop\rkill.exe
[2011/05/02 18:41:46 | 004,335,422 | R--- | M] () -- C:\Users\user\Desktop\ComboFix.exe
[2011/05/02 18:36:54 | 000,039,605 | ---- | M] () -- C:\Users\user\Desktop\bootkit_remover.rar
[2011/05/01 20:11:08 | 000,625,664 | ---- | M] () -- C:\Users\user\Desktop\dds.scr
[2011/05/01 19:54:03 | 000,301,568 | ---- | M] () -- C:\Users\user\Desktop\fbf2usqd.exe
[2011/05/01 19:46:32 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/30 22:16:30 | 000,002,052 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/30 20:42:52 | 000,000,166 | -HS- | M] () -- C:\ProgramData\.zreglib
[2011/04/23 14:29:19 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\TFC.exe
[2011/04/23 14:29:12 | 000,879,028 | ---- | M] () -- C:\Users\user\Desktop\SecurityCheck.exe
[2011/04/23 13:36:48 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/04/23 12:55:42 | 000,080,384 | ---- | M] () -- C:\Users\user\Desktop\MBRCheck.exe
[2011/04/23 12:54:44 | 001,263,721 | ---- | M] () -- C:\Users\user\Desktop\tdsskiller.zip
[2011/04/16 09:23:55 | 000,268,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/04/07 21:52:39 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\CloneCD.lnk
========== Files Created - No Company Name ==========
[2011/05/02 19:19:49 | 001,006,778 | ---- | C] () -- C:\Users\user\Desktop\rkill.exe
[2011/05/02 18:42:47 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/02 18:42:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/02 18:42:47 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/02 18:42:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/02 18:42:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/02 18:41:51 | 004,335,422 | R--- | C] () -- C:\Users\user\Desktop\ComboFix.exe
[2011/05/02 18:36:53 | 000,039,605 | ---- | C] () -- C:\Users\user\Desktop\bootkit_remover.rar
[2011/05/01 20:11:03 | 000,625,664 | ---- | C] () -- C:\Users\user\Desktop\dds.scr
[2011/05/01 19:53:57 | 000,301,568 | ---- | C] () -- C:\Users\user\Desktop\fbf2usqd.exe
[2011/05/01 19:46:32 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/01 19:38:58 | 001,263,721 | ---- | C] () -- C:\Users\user\Desktop\tdsskiller.zip
[2011/05/01 19:38:58 | 000,879,028 | ---- | C] () -- C:\Users\user\Desktop\SecurityCheck.exe
[2011/05/01 19:38:58 | 000,301,809 | ---- | C] () -- C:\Users\user\Desktop\JavaRa.def
[2011/05/01 19:38:58 | 000,080,384 | ---- | C] () -- C:\Users\user\Desktop\MBRCheck.exe
[2011/04/23 16:39:45 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/07 21:52:39 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\CloneCD.lnk
[2011/02/26 18:28:31 | 000,003,584 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/04 20:18:29 | 000,001,940 | ---- | C] () -- C:\Users\user\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/10/18 18:13:03 | 000,000,120 | ---- | C] () -- C:\Users\user\AppData\Local\Yludexexexivux.dat
[2010/10/18 18:13:03 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\Bvugol.bin
[2010/09/28 22:24:58 | 000,118,784 | ---- | C] () -- C:\Windows\dsdxirmv.exe
[2010/09/22 21:30:51 | 000,000,166 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/09/17 15:23:04 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/09/17 15:22:59 | 000,024,187 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 05:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
========== LOP Check ==========
[2010/10/12 19:01:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Cakewalk
[2011/05/03 18:26:28 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Dropbox
[2010/11/15 20:28:35 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Megaupload
[2010/10/08 17:50:06 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Propellerhead Software
[2011/05/01 13:17:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent
[2011/02/27 18:41:28 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< :OTL >
< [2010/12/11 20:03:27 | 000,001,919 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\sea rchplugins\bing-zugo.xml >
Invalid Switch: 11 20:03:27 | 000,001,919 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\sea rchplugins\bing-zugo.xml
< [2011/01/10 19:30:19 | 000,002,470 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\sea rchplugins\safesearch.xml >
Invalid Switch: 10 19:30:19 | 000,002,470 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\sea rchplugins\safesearch.xml
< O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) >
Invalid Switch: gp.cab (Reg Error: Key error.)
< O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found >
< O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found >
< >
< :Commands >
< [purity] >
< [emptytemp] >
< [emptyflash] >
< [Reboot] >
< End of report >
Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Norton Internet Security
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 25
Out of date Java installed!
Adobe Flash Player 10.2.159.1
Adobe Reader 9.4.4
Out of date Adobe Reader installed!
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
``````````End of Log````````````
I ran TFC as well and ESET is scanning right now but nothing has been found so far
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\user\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
12.00 Gb Total Physical Memory | 10.00 Gb Available Physical Memory | 84.00% Memory free
24.00 Gb Paging File | 22.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 418.45 Gb Free Space | 89.86% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 1544.55 Gb Free Space | 82.91% Space Free | Partition Type: NTFS
Drive G: | 38.57 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: FAT32
Computer Name: BIGDRU | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found --
PRC - [2011/05/02 20:00:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2011/04/30 22:16:23 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/04/14 05:08:12 | 000,023,328 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jp2launcher.exe
PRC - [2011/04/14 05:08:09 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\java.exe
PRC - [2011/01/26 22:40:24 | 023,361,424 | ---- | M] (Dropbox, Inc.) -- C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2010/11/23 19:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
PRC - [2010/07/31 08:27:36 | 000,235,624 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/04/08 04:20:00 | 001,868,176 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
PRC - [2010/04/07 04:20:00 | 006,837,648 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
PRC - [2009/09/25 22:59:18 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/06/17 04:44:11 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files (x86)\SlySoft\VirtualCloneDrive\VCDDaemon.exe
========== Modules (SafeList) ==========
MOD - [2011/05/02 20:00:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/11/23 19:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe -- (NIS)
SRV - [2010/07/31 08:27:36 | 000,235,624 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/04/08 04:20:00 | 001,868,176 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/10 00:30:17 | 000,174,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/11/30 22:24:00 | 000,382,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\symnets.sys -- (SymNetS)
DRV:64bit: - [2010/11/23 02:45:55 | 000,040,616 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/22 21:08:32 | 000,735,864 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/11/22 21:08:32 | 000,040,568 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/11/17 19:59:55 | 000,802,864 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2010/11/15 18:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/10/20 19:28:36 | 000,450,608 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\SymDS64.sys -- (SymDS)
DRV:64bit: - [2010/09/28 16:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/14 06:16:15 | 000,125,888 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2010/08/26 19:41:08 | 000,097,280 | ---- | M] (RME) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hdsp_64.sys -- (hdsp)
DRV:64bit: - [2010/06/21 15:07:36 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/09/25 22:58:32 | 000,178,688 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/09/25 22:58:24 | 000,073,728 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/08/09 14:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/07/15 20:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 07:56:08 | 000,712,704 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/02/15 17:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2011/04/15 13:29:04 | 001,127,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110430.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/03/30 21:00:19 | 001,828,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110503.021\EX64.SYS -- (NAVEX15)
DRV - [2011/03/30 21:00:19 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110503.021\ENG64.SYS -- (NAVENG)
DRV - [2011/03/14 11:58:28 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110502.001\IDSviA64.sys -- (IDSVia64)
DRV - [2011/01/08 02:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/09/22 21:00:01 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/09/14 06:16:15 | 000,125,888 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2007/02/15 17:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z005&form=ZGAPHP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6C FA 6E 1A A9 56 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: " "
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.2
FF - prefs.js..extensions.enabledItems: vshareus@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z005&form=ZGAADF&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011/01/10 18:50:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn\ [2011/01/10 00:30:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/30 22:16:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/30 12:03:46 | 000,000,000 | ---D | M]
[2010/09/22 20:10:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions
[2011/04/30 12:08:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\extensions
[2011/01/19 23:27:22 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2011/04/23 14:14:41 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/04/23 14:14:41 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\extensions\engine@conduit.com
[2010/12/11 20:03:32 | 000,000,000 | ---D | M] (vShare) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\extensions\vshareus@toolbar
[2010/12/11 20:03:27 | 000,001,919 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\searchplugins\bing-zugo.xml
[2011/03/20 16:24:25 | 000,000,863 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\searchplugins\conduit.xml
[2011/01/10 19:30:19 | 000,002,470 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\searchplugins\safesearch.xml
[2011/05/03 19:58:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/04/23 14:07:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/23 14:13:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/05/03 19:58:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) --
[2011/01/10 18:50:56 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPLGN
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KA44SO43.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2011/04/30 22:16:23 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2011/04/14 05:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/04/23 16:39:37 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011/04/23 13:36:48 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [HDSPTray1] C:\Windows\SysNative\hdsp32.exe (RME)
O4:64bit: - HKLM..\Run: [HDSPTray2] C:\Windows\SysNative\hdspmix.exe ()
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\SlySoft\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18:64bit: - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - Reg Error: Key error. File not found
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/05/03 19:58:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/05/02 20:00:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/02 18:47:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/05/02 18:42:47 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/02 18:42:47 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/02 18:42:47 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/02 18:41:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/02 18:37:18 | 000,083,968 | ---- | C] (eSage Lab) -- C:\Users\user\Desktop\remover.exe
[2011/05/01 19:47:29 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2011/05/01 19:46:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/01 19:46:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/01 19:46:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebyte Anti-Malware
[2011/05/01 19:46:29 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/05/01 19:46:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2011/05/01 19:38:58 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\user\Desktop\TDSSKiller.exe
[2011/05/01 19:38:58 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2011/05/01 19:38:58 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\TFC.exe
[2011/05/01 19:38:58 | 000,400,384 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Users\user\Desktop\JavaRa.exe
[2011/04/23 14:13:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011/04/23 14:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/04/23 13:10:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/23 13:09:02 | 000,000,000 | ---D | C] -- C:\Qoobox
========== Files - Modified Within 30 Days ==========
[2011/05/03 19:24:14 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/03 19:24:01 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/03 18:33:24 | 000,015,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/03 18:33:24 | 000,015,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/03 18:30:32 | 002,887,228 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/03 18:30:32 | 000,869,736 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/03 18:30:31 | 000,005,152 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/03 18:26:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/03 18:26:02 | 1066,754,046 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/02 20:00:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2011/05/02 19:19:53 | 001,006,778 | ---- | M] () -- C:\Users\user\Desktop\rkill.exe
[2011/05/02 18:41:46 | 004,335,422 | R--- | M] () -- C:\Users\user\Desktop\ComboFix.exe
[2011/05/02 18:36:54 | 000,039,605 | ---- | M] () -- C:\Users\user\Desktop\bootkit_remover.rar
[2011/05/01 20:11:08 | 000,625,664 | ---- | M] () -- C:\Users\user\Desktop\dds.scr
[2011/05/01 19:54:03 | 000,301,568 | ---- | M] () -- C:\Users\user\Desktop\fbf2usqd.exe
[2011/05/01 19:46:32 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/30 22:16:30 | 000,002,052 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/30 20:42:52 | 000,000,166 | -HS- | M] () -- C:\ProgramData\.zreglib
[2011/04/23 14:29:19 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\TFC.exe
[2011/04/23 14:29:12 | 000,879,028 | ---- | M] () -- C:\Users\user\Desktop\SecurityCheck.exe
[2011/04/23 13:36:48 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/04/23 12:55:42 | 000,080,384 | ---- | M] () -- C:\Users\user\Desktop\MBRCheck.exe
[2011/04/23 12:54:44 | 001,263,721 | ---- | M] () -- C:\Users\user\Desktop\tdsskiller.zip
[2011/04/16 09:23:55 | 000,268,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/04/07 21:52:39 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\CloneCD.lnk
========== Files Created - No Company Name ==========
[2011/05/02 19:19:49 | 001,006,778 | ---- | C] () -- C:\Users\user\Desktop\rkill.exe
[2011/05/02 18:42:47 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/02 18:42:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/02 18:42:47 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/02 18:42:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/02 18:42:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/02 18:41:51 | 004,335,422 | R--- | C] () -- C:\Users\user\Desktop\ComboFix.exe
[2011/05/02 18:36:53 | 000,039,605 | ---- | C] () -- C:\Users\user\Desktop\bootkit_remover.rar
[2011/05/01 20:11:03 | 000,625,664 | ---- | C] () -- C:\Users\user\Desktop\dds.scr
[2011/05/01 19:53:57 | 000,301,568 | ---- | C] () -- C:\Users\user\Desktop\fbf2usqd.exe
[2011/05/01 19:46:32 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/01 19:38:58 | 001,263,721 | ---- | C] () -- C:\Users\user\Desktop\tdsskiller.zip
[2011/05/01 19:38:58 | 000,879,028 | ---- | C] () -- C:\Users\user\Desktop\SecurityCheck.exe
[2011/05/01 19:38:58 | 000,301,809 | ---- | C] () -- C:\Users\user\Desktop\JavaRa.def
[2011/05/01 19:38:58 | 000,080,384 | ---- | C] () -- C:\Users\user\Desktop\MBRCheck.exe
[2011/04/23 16:39:45 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/07 21:52:39 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\CloneCD.lnk
[2011/02/26 18:28:31 | 000,003,584 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/04 20:18:29 | 000,001,940 | ---- | C] () -- C:\Users\user\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/10/18 18:13:03 | 000,000,120 | ---- | C] () -- C:\Users\user\AppData\Local\Yludexexexivux.dat
[2010/10/18 18:13:03 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\Bvugol.bin
[2010/09/28 22:24:58 | 000,118,784 | ---- | C] () -- C:\Windows\dsdxirmv.exe
[2010/09/22 21:30:51 | 000,000,166 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/09/17 15:23:04 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/09/17 15:22:59 | 000,024,187 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 05:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
========== LOP Check ==========
[2010/10/12 19:01:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Cakewalk
[2011/05/03 18:26:28 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Dropbox
[2010/11/15 20:28:35 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Megaupload
[2010/10/08 17:50:06 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Propellerhead Software
[2011/05/01 13:17:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent
[2011/02/27 18:41:28 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< :OTL >
< [2010/12/11 20:03:27 | 000,001,919 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\sea rchplugins\bing-zugo.xml >
Invalid Switch: 11 20:03:27 | 000,001,919 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\sea rchplugins\bing-zugo.xml
< [2011/01/10 19:30:19 | 000,002,470 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\sea rchplugins\safesearch.xml >
Invalid Switch: 10 19:30:19 | 000,002,470 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\sea rchplugins\safesearch.xml
< O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) >
Invalid Switch: gp.cab (Reg Error: Key error.)
< O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found >
< O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found >
< >
< :Commands >
< [purity] >
< [emptytemp] >
< [emptyflash] >
< [Reboot] >
< End of report >
Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Norton Internet Security
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 25
Out of date Java installed!
Adobe Flash Player 10.2.159.1
Adobe Reader 9.4.4
Out of date Adobe Reader installed!
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
``````````End of Log````````````
I ran TFC as well and ESET is scanning right now but nothing has been found so far
Broni
Posts: 56,041 +516
OTL log is incorrect.
It looks like you clicked on "Scan" button, instead of "Fix" button.
Please, redo.
Update Adobe Reader
You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.
Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.
It looks like you clicked on "Scan" button, instead of "Fix" button.
Please, redo.
Update Adobe Reader
You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.
Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.
All processes killed
========== OTL ==========
File C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\sea rchplugins\bing-zugo.xml not found.
File C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\sea rchplugins\safesearch.xml not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: user
->Temp folder emptied: 4505 bytes
->Temporary Internet Files folder emptied: 152625 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 65711739 bytes
->Flash cache emptied: 1110 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1216 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 63.00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Public
User: user
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 05042011_191834
Files\Folders moved on Reboot...
C:\Users\user\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
I updated Adobe as well.
========== OTL ==========
File C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\sea rchplugins\bing-zugo.xml not found.
File C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ka44so43.default\sea rchplugins\safesearch.xml not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: user
->Temp folder emptied: 4505 bytes
->Temporary Internet Files folder emptied: 152625 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 65711739 bytes
->Flash cache emptied: 1110 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1216 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 63.00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Public
User: user
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 05042011_191834
Files\Folders moved on Reboot...
C:\Users\user\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
I updated Adobe as well.
Broni
Posts: 56,041 +516
Your computer is clean
1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:
Run OTL
2. Now, we'll remove all tools, we used during our cleaning process
Clean up with OTL:
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
3. Make sure, Windows Updates are current.
4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!
5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.
6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.
7. Run Temporary File Cleaner (TFC) weekly.
8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.
9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.
10. Run defrag at your convenience.
11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
12. Please, let me know, how your computer is doing.
1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Post resulting log.
2. Now, we'll remove all tools, we used during our cleaning process
Clean up with OTL:
- Double-click OTL.exe to start the program.
- Close all other programs apart from OTL as this step will require a reboot
- On the OTL main screen, press the CLEANUP button
- Say Yes to the prompt and then allow the program to reboot your computer.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
3. Make sure, Windows Updates are current.
4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!
5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.
6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.
7. Run Temporary File Cleaner (TFC) weekly.
8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.
9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.
10. Run defrag at your convenience.
11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
12. Please, let me know, how your computer is doing.
All processes killed
========== OTL ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: user
->Temp folder emptied: 5009 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 35409564 bytes
->Flash cache emptied: 456 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1216 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2019 bytes
Total Files Cleaned = 34.00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Public
User: user
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.22.3 log created on 05042011_202003
Files\Folders moved on Reboot...
C:\Users\user\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
I also removed the tools using OTL and checked for windows updates.
THANK YOU for your help it is GREATLY appreciated. Long gone are the days when a firewall and antivirus were enough to keep your computer clean. Now I know I can keep my computer clean with these extra few tools.
I also made a donation to you and your service was worth TEN times that amount!
Thanks again!
========== OTL ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: user
->Temp folder emptied: 5009 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 35409564 bytes
->Flash cache emptied: 456 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1216 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2019 bytes
Total Files Cleaned = 34.00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Public
User: user
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.22.3 log created on 05042011_202003
Files\Folders moved on Reboot...
C:\Users\user\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
I also removed the tools using OTL and checked for windows updates.
THANK YOU for your help it is GREATLY appreciated. Long gone are the days when a firewall and antivirus were enough to keep your computer clean. Now I know I can keep my computer clean with these extra few tools.
I also made a donation to you and your service was worth TEN times that amount!
Thanks again!
- Status
Similar threads
Latest posts
-
Worry your friends with this $9,420 flamethrower robot dog
- Tinderbox replied
-
Researchers have unlocked the "Holy Grail" of memory technology- DanteSmith replied
