Solved Search Engine Redirecting

Status
Not open for further replies.
L

LozzaLay

Posts: 24   +0
Hi,

When I tried to use Google the other day, I found that everytime I clicked on a link I would be redirected to somewhere else. I tried sites that I had previously gone to, and I got redirected somewhere else.

I ran a MBAM scan, but it said that it found nothing. Here's the log:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

11/11/2010 8:21:53 PM
mbam-log-2010-11-11 (20-21-53).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 242031
Time elapsed: 1 hour(s), 50 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I've also tried a scan with a spybot program, and ESET, but they didn't pick up anything either. Can somebody please help me? I don't know what I should do.

Thanks
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Step 3: MBAM

Hey,

Thanks for the fast response. Ok, I've started following the steps and here is the latest MBAM log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

12/11/2010 5:10:02 PM
mbam-log-2010-11-12 (17-10-02).txt

Scan type: Quick scan
Objects scanned: 120655
Time elapsed: 11 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I'll keep following the step and post the other logs when they're done.
 
Reply 4: GMER

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-13 00:14:47
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST925082 rev.3.AA
Running: ti19lsjl.exe; Driver: C:\Users\Lauren\AppData\Local\Temp\axddikoc.sys


---- System - GMER 1.0.15 ----

SSDT 8FF99118 ZwAlertResumeThread
SSDT 87B22060 ZwAlertThread
SSDT 8FFB1110 ZwAllocateVirtualMemory
SSDT 87B817D8 ZwAlpcConnectPort
SSDT 908F9068 ZwAssignProcessToJobObject
SSDT 908F8448 ZwCreateMutant
SSDT 908FB0B8 ZwCreateSymbolicLinkObject
SSDT 91DFDC00 ZwCreateThread
SSDT 908E11A8 ZwDebugActiveProcess
SSDT 8FF50F00 ZwDuplicateObject
SSDT 8FFB4110 ZwFreeVirtualMemory
SSDT 908F1108 ZwImpersonateAnonymousToken
SSDT 908D3108 ZwImpersonateThread
SSDT 87B22028 ZwLoadDriver
SSDT 91FBDBD8 ZwMapViewOfSection
SSDT 8FFB8118 ZwOpenEvent
SSDT 908E6AD8 ZwOpenProcess
SSDT 908BF120 ZwOpenProcessToken
SSDT 8FF9E118 ZwOpenSection
SSDT 91FBD490 ZwOpenThread
SSDT 908FBB20 ZwProtectVirtualMemory
SSDT 91DECD58 ZwResumeThread
SSDT 8FFF0450 ZwSetContextThread
SSDT 908B9E00 ZwSetInformationProcess
SSDT 8FF3FCB0 ZwSetSystemInformation
SSDT 8FFBB678 ZwSuspendProcess
SSDT 8FF53F70 ZwSuspendThread
SSDT 8FE21DD8 ZwTerminateProcess
SSDT 91FFF710 ZwTerminateThread
SSDT 8FFE1D58 ZwUnmapViewOfSection
SSDT 8FFB3110 ZwWriteVirtualMemory
SSDT 908FB4D8 ZwCreateThreadEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 822EA880 8 Bytes [18, 91, F9, 8F, 60, 20, B2, ...] {SBB [ECX+0x20608ff9], DL; MOV DL, 0x87}
.text ntkrnlpa.exe!KeSetEvent + 131 822EA894 4 Bytes [10, 11, FB, 8F]
.text ntkrnlpa.exe!KeSetEvent + 13D 822EA8A0 4 Bytes [D8, 17, B8, 87]
.text ntkrnlpa.exe!KeSetEvent + 191 822EA8F4 4 Bytes [68, 90, 8F, 90]
.text ntkrnlpa.exe!KeSetEvent + 1F5 822EA958 4 Bytes [48, 84, 8F, 90]
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8E602340, 0x3D7A87, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[3308] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 7634B37C 4 Bytes [50, 26, 00, 10] {PUSH EAX; ADD ES:[EAX], DL}

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[3308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [738F7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7394A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [738FBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [738EF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [738F75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [738EE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73928395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [738FDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [738EFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [738EFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [738E71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7397CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7391C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [738ED968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [738E6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [738E687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [738F2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3308] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [100027E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[3308] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001B60] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[3308] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002B60] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[3308] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001167ccc5e7
Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001fe1f484ef
Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001fe1f484ef@0023d700293b 0x53 0x92 0x5B 0xD1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001fe1f484ef@00131771d3e5 0xD8 0xE3 0x1B 0xB1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\001167ccc5e7 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\001fe1f484ef (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\001fe1f484ef@0023d700293b 0x53 0x92 0x5B 0xD1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\001fe1f484ef@00131771d3e5 0xD8 0xE3 0x1B 0xB1 ...

---- EOF - GMER 1.0.15 ----
 
Step 5: DDS

DDS (Ver_10-11-10.01) - NTFSx86
Run by Lauren at 0:19:13.76 on Sat 13/11/2010
Internet Explorer: 8.0.6001.18975
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3066.1244 [GMT 10:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\PLFSetI.exe
C:\Windows\System32\rundll32.exe
C:\Users\Lauren\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Lauren\Program Files\DNA\btdna.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
E:\stuff\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.jcu.edu.au/
mStart Page = hxxp://en.au.acer.yahoo.com
mDefault_Page_URL = hxxp://en.au.acer.yahoo.com
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:5555
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.8.0.41\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [EPSON TX100 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiedp.exe /fu "c:\windows\temp\E_S29A0.tmp" /EF "HKCU"
uRun: [BitTorrent DNA] "c:\users\lauren\program files\dna\btdna.exe"
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [tuzwtuog] rundll32 "c:\windows\system32\trkwksz.dll",Xipgnwxyr
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"http://people.eku.edu/ritchisong/birdrespiration.html"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [eRecoveryService]
mRun: [ZPdtWzdVitaKey MC3000] "c:\program files\acer\acer bio protection\PdtWzd.exe" show
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Skytel] Skytel.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\lauren\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer\acer bio protection\PwdBank.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.8.0.41\CoIEPlg.dll
Notify: AWinNotifyVitaKey MC3000 - c:\program files\acer\acer bio protection\WinNotify.dll
LSA: Notification Packages = scecli c:\program files\acer\acer bio protection\PwdFilter

============= SERVICES / DRIVERS ===============

R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\drivers\AlfaFF.sys [2008-7-13 43184]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-2-3 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-2-3 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-2-3 482432]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20101111.001\IDSvix86.sys [2010-10-20 353840]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-4 16384]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-5-15 24576]
R2 IGBASVC;iGroupTec Service;c:\program files\acer\acer bio protection\BASVC.exe [2008-7-13 3435008]
R2 N360;Norton 360;c:\program files\norton 360\engine\3.8.0.41\ccSvcHst.exe [2010-2-3 117640]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-7 50424]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-4 131072]
R2 PenCommService;Livescribe Smartpen Service;c:\program files\common files\livescribe\pencomm\PenCommService.exe [2010-10-18 457728]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-5-11 1153368]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-3-28 210432]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-29 102448]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-5-15 81296]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-5-15 3658752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-4-21 43552]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\n360\0308000.029\symndisv.sys [2010-2-3 48688]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-5-10 38224]
S3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\drivers\PulseUsb.sys [2010-5-24 20480]

=============== Created Last 30 ================

2010-11-11 08:22:29 -------- d-----r- c:\program files\Norton Support
2010-11-09 08:04:38 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{48b1c0b1-2fe5-4b04-bd7d-d2b03ee5fc13}\mpengine.dll
2010-11-07 07:44:36 109056 --sha-r- c:\windows\system32\trkwksz.dll
2010-10-30 02:19:42 -------- d-----w- c:\progra~2\Livescribe
2010-10-30 02:09:15 -------- d-----w- c:\users\lauren\appdata\roaming\Temp
2010-10-28 13:28:37 -------- d-----w- c:\users\lauren\appdata\local\Livescribe
2010-10-28 13:28:32 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2010-10-28 13:28:32 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2010-10-28 13:20:17 -------- d-----w- c:\program files\common files\Livescribe
2010-10-28 13:20:01 -------- d-----w- c:\progra~2\Livescribe, Inc
2010-10-28 13:16:21 -------- d-----w- c:\users\lauren\appdata\roaming\Downloaded Installations
2010-10-27 04:58:16 -------- d-----w- c:\program files\Lame for Audacity
2010-10-27 04:26:35 -------- d-----w- c:\users\lauren\appdata\roaming\FileOpen
2010-10-27 04:26:35 -------- d-----w- c:\progra~2\FileOpen
2010-10-27 04:26:06 -------- d-----w- c:\program files\FileOpen
2010-10-27 03:30:47 -------- d-----w- c:\program files\Audacity
2010-10-16 03:18:04 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-16 03:18:02 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-16 03:16:46 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-16 03:16:44 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-16 03:16:43 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-16 03:16:42 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-16 03:16:39 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-16 03:16:08 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-16 03:16:00 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-10-16 03:16:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-16 03:14:50 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-16 03:14:45 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-16 03:14:41 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-16 03:14:34 531968 ----a-w- c:\windows\system32\comctl32.dll

==================== Find3M ====================

2010-11-11 12:20:14 952 --sha-w- c:\progra~2\KGyGaAvL.sys
2010-10-19 01:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-14 18:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-08 01:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 01:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-31 15:46:37 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-26 16:37:45 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
2008-09-10 07:39:54 14228264 ----a-w- c:\program files\iTunes.exe

============= FINISH: 0:20:13.13 ===============
 
Step 5: DDS - Attach log

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-10.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 13/07/2008 2:52:44 PM
System Uptime: 11/12/2010 8:40:59 PM (-692 hours ago)

Motherboard: Acer, Inc. | | Monserrat
Processor: Intel(R) Core(TM)2 Duo CPU T9400 @ 2.53GHz | U2E1 | 800/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 111 GiB total, 56.662 GiB free.
D: is FIXED (NTFS) - 233 GiB total, 13.949 GiB free.
E: is FIXED (NTFS) - 111 GiB total, 74.135 GiB free.
F: is CDROM (UDF)

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

2007 Microsoft Office system
AAC Decoder
ABBYY FineReader 6.0 Sprint
AC3Filter (remove only)
Acer Bio Protection
Acer Crystal Eye Webcam 2.0.8
Acer eDataSecurity Management
Acer Empowering Technology
Acer ePower Management
Acer eRecovery Management
Acer eSettings Management
Acer GridVista
Acer Mobility Center Plug-In
Acer ScreenSaver
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.6
Adobe Shockwave Player
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AuthenTec Fingerprint Sensor Minimum Install
AutoUpdate
Beatles Mad Day Screensaver
BitTorrent
Bonjour
Broadcom Gigabit Integrated Controller
Business Contact Manager for Outlook 2007 SP2
CCleaner
DC++ 0.7091
DivX Codec
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DNA
EndNote X2
Epson Easy Photo Print 2
EPSON Scan
EPSON Stylus SX100_TX100 Manual
EPSON TX100 Series Printer Uninstall
FileOpen Client
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GearDrvs
H.264 Decoder
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Matrix Storage Manager
InterVideo WinDVD 8
ISI ResearchSoft - Export Helper
iTunes
Java Auto Updater
Java(TM) 6 Update 22
JMicron JMB38X Flash Media Controller
KIMI RÄIKKÖNEN Screen Saver
LAME v3.98.2 for Audacity
Launch Manager
LightScribe 1.4.142.1
Livescribe Desktop
Livescribe Desktop Documentation
Livescribe Desktop Print Your Own Paper
Livescribe Desktop Vision Objects Elements
Livescribe Smartpen Driver
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
mIRC
MKV Splitter
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton 360
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NTI Shadow
NVIDIA Drivers
OGA Notifier 2.0.0048.0
QuickTime
Realtek High Definition Audio Driver
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype web features
Skype™ 4.1
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (KB2443839)
VC80CRTRedist - 8.0.50727.762
VLC media player 0.9.9
WIDCOMM Bluetooth Software 6.0.1.6300
Windows Driver Package - Livescribe (PulseUsb) DigitalPen (07/22/2009 2.1.6.0)
Windows Driver Package - Livescribe (PulseUsb) DigitalPen (08/03/2010 2.2.6.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Yahoo! Toolbar

==== End Of File ===========================
 
Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.
 
MBRCheck

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer, Inc.
BIOS Manufacturer: Acer
System Manufacturer: Acer, inc.
System Product Name: TravelMate 7730G
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 170):
0x8223E000 \SystemRoot\system32\ntkrnlpa.exe
0x8220B000 \SystemRoot\system32\hal.dll
0x80402000 \SystemRoot\system32\kdcom.dll
0x80409000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80479000 \SystemRoot\system32\PSHED.dll
0x8048A000 \SystemRoot\system32\BOOTVID.dll
0x80492000 \SystemRoot\system32\CLFS.SYS
0x804D3000 \SystemRoot\system32\CI.dll
0x80606000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80677000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80685000 \SystemRoot\system32\drivers\acpi.sys
0x806CB000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806D4000 \SystemRoot\system32\drivers\msisadrv.sys
0x806DC000 \SystemRoot\system32\drivers\pci.sys
0x80703000 \SystemRoot\System32\drivers\partmgr.sys
0x80712000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80715000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8071F000 \SystemRoot\system32\drivers\volmgr.sys
0x8072E000 \SystemRoot\System32\drivers\volmgrx.sys
0x80778000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x807A5000 \SystemRoot\System32\drivers\mountmgr.sys
0x807B5000 \SystemRoot\System32\Drivers\UBHelper.sys
0x8A204000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8A2D2000 \SystemRoot\system32\drivers\atapi.sys
0x8A2DA000 \SystemRoot\system32\drivers\ataport.SYS
0x8A2F8000 \SystemRoot\system32\drivers\fltmgr.sys
0x8A32A000 \SystemRoot\system32\drivers\fileinfo.sys
0x8A33A000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x8A343000 \SystemRoot\system32\drivers\N360\0308000.029\SYMEFA.SYS
0x8A392000 \SystemRoot\system32\Drivers\AlfaFF.sys
0x8A404000 \SystemRoot\system32\Drivers\ksecdd.sys
0x8A475000 \SystemRoot\system32\drivers\ndis.sys
0x8A580000 \SystemRoot\system32\drivers\msrpc.sys
0x8A5AB000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A607000 \SystemRoot\System32\drivers\tcpip.sys
0x8A6F1000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A802000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A912000 \SystemRoot\system32\drivers\volsnap.sys
0x8A94B000 \SystemRoot\System32\Drivers\spldr.sys
0x8A953000 \SystemRoot\System32\Drivers\mup.sys
0x8A962000 \SystemRoot\System32\drivers\ecache.sys
0x8A989000 \SystemRoot\system32\drivers\disk.sys
0x8A99A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A9BB000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A9D1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A9DC000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8A9E5000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8A9E9000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8E602000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8ED1C000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8EDBB000 \SystemRoot\System32\drivers\watchdog.sys
0x8EDC7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8A39B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8EDD2000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8F20C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F299000 \SystemRoot\system32\DRIVERS\jmcr.sys
0x8F2AD000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x8F404000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x8F78B000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
0x8F7C2000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8F7D5000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8F7DF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8F2D3000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8F7EA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F7EC000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F302000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8F7F7000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8F31A000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8F320000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8F32F000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F35E000 \SystemRoot\system32\DRIVERS\storport.sys
0x8F39F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F3AA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F3C1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8F3CC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8F3EF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8EDE1000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8A7DA000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8A7EF000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F400000 \SystemRoot\system32\DRIVERS\swenum.sys
0x807BD000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F200000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8A9F2000 \SystemRoot\system32\DRIVERS\umbus.sys
0x805B3000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8A5E6000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F800000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8FA0E000 \SystemRoot\system32\drivers\portcls.sys
0x8FA3B000 \SystemRoot\system32\drivers\drmk.sys
0x8FA60000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8FA9E000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8FC05000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8FCBA000 \SystemRoot\system32\drivers\modem.sys
0x8FCC7000 \SystemRoot\system32\drivers\nvhda32v.sys
0x8FCD5000 \SystemRoot\system32\DRIVERS\ATSwpDrv.sys
0x8FCF8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8FD0F000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8FD30000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8FD39000 \SystemRoot\System32\Drivers\Null.SYS
0x8FD40000 \SystemRoot\System32\Drivers\Beep.SYS
0x8FD47000 \SystemRoot\System32\drivers\vga.sys
0x8FD53000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8FD74000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8FD7C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8FD84000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8FD8F000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8FD9D000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8FDA6000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8FDBC000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMTDI.SYS
0x8FBA1000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x8FDF0000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMNDISV.SYS
0x8FBC6000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMFW.SYS
0x8FBDB000 \SystemRoot\system32\DRIVERS\smb.sys
0x90E09000 \SystemRoot\system32\drivers\afd.sys
0x90E51000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90E83000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90E99000 \SystemRoot\system32\DRIVERS\SymIMv.sys
0x90EA2000 \SystemRoot\system32\DRIVERS\netbios.sys
0x90EB0000 \SystemRoot\System32\Drivers\StarOpen.SYS
0x90EB6000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90EC9000 \SystemRoot\system32\drivers\N360\0308000.029\SRTSPX.SYS
0x90ED3000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90F0F000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90F19000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101111.001\IDSvix86.sys
0x90F74000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x90FD2000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x8A3D9000 \SystemRoot\System32\Drivers\dfsc.sys
0x91A02000 \SystemRoot\System32\Drivers\N360\0308000.029\ccHPx86.sys
0x91A7D000 \SystemRoot\System32\Drivers\N360\0308000.029\BHDrvx86.sys
0x91ABF000 \SystemRoot\system32\DRIVERS\udfs.sys
0x91AFA000 \SystemRoot\System32\Drivers\crashdmp.sys
0x91B07000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x9C270000 \SystemRoot\System32\win32k.sys
0x91BD5000 \SystemRoot\System32\drivers\Dxapi.sys
0x91BDF000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9C490000 \SystemRoot\System32\TSDDD.dll
0x8A70C000 \SystemRoot\system32\drivers\luafv.sys
0x9C4B0000 \SystemRoot\System32\cdd.dll
0x8A727000 \SystemRoot\system32\drivers\spsys.sys
0x91BEE000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA0808000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA0832000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA083C000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA084F000 \SystemRoot\system32\drivers\HTTP.sys
0xA08BC000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA08D9000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA08F2000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA0907000 \SystemRoot\system32\drivers\mrxdav.sys
0xA0928000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA0947000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA0980000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA0998000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA2202000 \SystemRoot\System32\DRIVERS\srv.sys
0xA2250000 \??\C:\Windows\system32\drivers\int15.sys
0xA2261000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA2265000 \SystemRoot\system32\drivers\peauth.sys
0xA2343000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
0xA234C000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
0xA235E000 \SystemRoot\system32\drivers\regi.sys
0xA2360000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA236A000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA2376000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA237E000 \SystemRoot\System32\Drivers\N360\0308000.029\SRTSP.SYS
0xAA364000 \??\C:\Users\Lauren\AppData\Local\Temp\axddikoc.sys
0xAA3C0000 \??\C:\Users\Lauren\AppData\Local\Temp\mbr.sys
0xAA200000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101112.002\NAVEX15.SYS
0xAA34E000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101112.002\NAVENG.SYS
0xAA3DB000 \SystemRoot\system32\DRIVERS\sscdwh.sys
0xAA3F8000 \SystemRoot\system32\DRIVERS\sscdcm.sys
0xA23D1000 \SystemRoot\System32\Drivers\fastfat.SYS
0x778A0000 \Windows\System32\ntdll.dll

Processes (total 91):
0 System Idle Process
4 System
484 C:\Windows\System32\smss.exe
552 csrss.exe
604 C:\Windows\System32\wininit.exe
612 csrss.exe
648 C:\Windows\System32\services.exe
680 C:\Windows\System32\lsass.exe
688 C:\Windows\System32\lsm.exe
816 C:\Windows\System32\svchost.exe
860 C:\Windows\System32\nvvsvc.exe
884 C:\Windows\System32\svchost.exe
924 C:\Windows\System32\svchost.exe
976 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\svchost.exe
1096 C:\Windows\System32\audiodg.exe
1116 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\SLsvc.exe
1180 C:\Windows\System32\svchost.exe
1284 C:\Windows\System32\winlogon.exe
1360 C:\Windows\System32\svchost.exe
1548 C:\Windows\System32\rundll32.exe
1620 C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
1788 C:\Windows\System32\spoolsv.exe
1828 C:\Windows\System32\svchost.exe
2000 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2028 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
124 C:\Program Files\Bonjour\mDNSResponder.exe
228 C:\Windows\System32\svchost.exe
300 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
348 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
676 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
1172 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
596 C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
1868 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
1916 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
280 C:\ACER\Mobility Center\MobilityService.exe
2084 C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
2140 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
2160 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2236 C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe
2292 C:\Windows\System32\svchost.exe
2360 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
2412 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2440 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2464 C:\Windows\System32\svchost.exe
2508 C:\Windows\System32\svchost.exe
2548 C:\Windows\System32\SearchIndexer.exe
2584 C:\Windows\System32\drivers\XAudio.exe
2748 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
3112 unsecapp.exe
3120 WmiPrvSE.exe
3144 dllhost.exe
3472 C:\Windows\System32\svchost.exe
3844 C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
2884 C:\Windows\System32\taskeng.exe
1196 C:\Windows\System32\dwm.exe
3308 C:\Windows\explorer.exe
452 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
1400 C:\Windows\RtHDVCpl.exe
1680 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3696 C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
3692 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
520 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
2172 C:\Windows\PLFSetI.exe
4388 C:\Windows\System32\rundll32.exe
4412 C:\Users\Lauren\AppData\Local\Temp\RtkBtMnt.exe
4420 C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
4456 C:\Program Files\iTunes\iTunesHelper.exe
4472 C:\Program Files\Common Files\Java\Java Update\jusched.exe
4484 C:\Program Files\Windows Sidebar\sidebar.exe
4560 C:\Program Files\Windows Sidebar\sidebar.exe
4776 C:\Users\Lauren\Program Files\DNA\btdna.exe
4832 C:\Windows\System32\wbem\unsecapp.exe
4880 C:\Windows\System32\rundll32.exe
4932 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
5032 C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
5228 C:\Program Files\iPod\bin\iPodService.exe
1204 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4188 C:\Program Files\Windows Mail\WinMail.exe
5928 C:\Windows\System32\taskeng.exe
4960 C:\Windows\System32\mobsync.exe
2200 taskeng.exe
2888 C:\Windows\System32\VSSVC.exe
3832 C:\Windows\System32\svchost.exe
5884 C:\Windows\System32\SearchProtocolHost.exe
3244 C:\Windows\System32\SearchFilterHost.exe
6032 dllhost.exe
1068 dllhost.exe
4536 E:\stuff\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000001e`5c500000 (NTFS)

PhysicalDrive0 Model Number: ST9250827AS, Rev: 3.AAA
PhysicalDrive1 Model Number: ST9250827AS, Rev: 3.AAA

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Acer MBR code detected
SHA1: 32C70BE973F8E85AEDC1594C905FB8D402DF20D6
232 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: B8E2175818464D3FFEB1C1B647995AD0F49BFDB5


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
 
That looks good :)

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ComboFix

ComboFix 10-11-12.01 - Lauren 13/11/2010 13:13:55.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3066.1147 [GMT 10:00]
Running from: e:\stuff\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Acer\Acer Bio Protection\PwdFilter.dll

.
((((((((((((((((((((((((( Files Created from 2010-10-13 to 2010-11-13 )))))))))))))))))))))))))))))))
.

2010-11-13 03:27 . 2010-11-13 03:33 -------- d-----w- c:\users\Lauren\AppData\Local\temp
2010-11-13 03:27 . 2010-11-13 03:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-13 00:49 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AE729071-7A95-484F-BE06-6D5B09AF76FB}\mpengine.dll
2010-11-11 08:22 . 2010-11-11 08:22 -------- d-----r- c:\program files\Norton Support
2010-11-11 06:33 . 2010-11-11 06:33 -------- d-----w- c:\program files\Common Files\Java
2010-11-07 07:44 . 2010-11-07 07:44 109056 --sha-r- c:\windows\system32\trkwksz.dll
2010-10-30 02:19 . 2010-10-30 02:19 -------- d-----w- c:\programdata\Livescribe
2010-10-28 13:28 . 2010-10-28 13:32 -------- d-----w- c:\users\Lauren\AppData\Local\Livescribe
2010-10-28 13:28 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2010-10-28 13:28 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2010-10-28 13:20 . 2010-10-30 02:19 -------- d-----w- c:\program files\Common Files\Livescribe
2010-10-28 13:16 . 2010-10-28 13:16 -------- d-----w- c:\users\Lauren\AppData\Roaming\Downloaded Installations
2010-10-27 04:58 . 2010-10-27 04:58 -------- d-----w- c:\program files\Lame for Audacity
2010-10-27 04:26 . 2010-10-27 04:26 -------- d-----w- c:\users\Lauren\AppData\Roaming\FileOpen
2010-10-27 04:26 . 2010-10-27 04:26 -------- d-----w- c:\programdata\FileOpen
2010-10-27 04:26 . 2010-10-27 04:26 -------- d-----w- c:\program files\FileOpen
2010-10-27 03:30 . 2010-10-27 03:30 -------- d-----w- c:\program files\Audacity
2010-10-27 03:26 . 2010-10-27 03:26 -------- d-----w- c:\users\Lauren\AppData\Roaming\Syntrillium
2010-10-16 03:18 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-16 03:18 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-16 03:16 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-16 03:16 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-16 03:16 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-16 03:16 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-16 03:16 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-16 03:16 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-16 03:16 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-16 03:16 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-16 03:14 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-16 03:14 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-16 03:14 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-16 03:14 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-11 12:20 . 2009-05-11 06:30 952 --sha-w- c:\programdata\KGyGaAvL.sys
2010-10-19 01:41 . 2010-02-21 16:40 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-04 10:07 . 2010-10-04 10:07 9524240 ----a-w- c:\users\Public\LDWin_Update_17_29661.exe
2010-09-14 18:50 . 2010-05-31 01:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-08 01:17 . 2010-09-08 01:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 01:17 . 2010-09-08 01:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-17 14:11 . 2010-09-15 01:47 128000 ----a-w- c:\windows\system32\spoolsv.exe
2008-09-10 07:39 . 2009-02-12 22:08 14228264 ----a-w- c:\program files\iTunes.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 06:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"BitTorrent DNA"="c:\users\Lauren\Program Files\DNA\btdna.exe" [2009-10-07 323392]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]
"tuzwtuog"="c:\windows\system32\trkwksz.dll" [2010-11-07 109056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-21 6037504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-23 397312]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 526896]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-07-08 858632]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-21 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-21 92704]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-07-13 3625984]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"Skytel"="Skytel.exe" [2008-04-21 1826816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-23 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\users\Lauren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-13 723496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-07-13 05:08 2938880 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
R3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\DRIVERS\PulseUsb.sys [2010-05-23 20480]
R3 SmartpenBus;Smartpen Enumerator;c:\windows\system32\DRIVERS\SmartpenBus.sys [x]
R3 SmartpenCom;Smartpen Communications;c:\windows\system32\DRIVERS\SmartpenCom.sys [x]
S0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2008-07-13 43184]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2009-08-22 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2009-08-22 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2009-08-22 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101112.001\IDSvix86.sys [2010-10-19 353840]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2008-07-13 3435008]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2009-08-22 117640]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-07 50424]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
S2 PenCommService;Livescribe Smartpen Service;c:\program files\Common Files\Livescribe\PenComm\PenCommService.exe [2010-10-18 457728]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-21 81296]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-04-21 43552]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [2009-08-22 48688]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2010-11-13 c:\windows\Tasks\User_Feed_Synchronization-{7F5CCD73-BC79-44E7-A722-80D8A7E7FA7C}.job
- c:\windows\system32\msfeedssync.exe [2010-10-16 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.jcu.edu.au/
mStart Page = hxxp://en.au.acer.yahoo.com
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-eRecoveryService - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-13 13:33
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\TMP0000003FA9E098AC53B9EC62 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3908)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\System32\NLSData0009.dll
c:\windows\System32\SyncCenter.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2010-11-13 13:39:11 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-13 03:39

Pre-Run: 60,728,655,872 bytes free
Post-Run: 60,372,389,888 bytes free

- - End Of File - - 358B4CF86461F6877D82AA42C6C58AD4
 
Running from: e:\stuff\ComboFix.exe
Click to expand...
My instructions CLEARLY say to run Combofix from the desktop.
Please, move Combofix to appropriate location.

========================================================================

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\windows\system32\trkwksz.dll
c:\windows\TEMP\TMP0000003FA9E098AC53B9EC62

DDS::
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:5555


Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tuzwtuog"=-


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Combo Fix

ComboFix 10-11-12.01 - Lauren 14/11/2010 10:51:39.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3066.1774 [GMT 10:00]
Running from: C:\Users\Lauren\Desktop\ComboFix.exe
Command switches used :: C:\Users\Lauren\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\trkwksz.dll"
"c:\windows\TEMP\TMP0000003FA9E098AC53B9EC62"
.

((((((((((((((((((((((((( Files Created from 2010-10-14 to 2010-11-14 )))))))))))))))))))))))))))))))
.

2010-11-14 01:04:07 . 2010-11-14 01:04:17 -------- d-----w- C:\Users\Lauren\AppData\Local\temp
2010-11-14 01:04:07 . 2010-11-14 01:04:07 -------- d-----w- C:\Users\Default\AppData\Local\temp
2010-11-13 00:49:44 . 2010-10-07 23:21:31 6146896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AE729071-7A95-484F-BE06-6D5B09AF76FB}\mpengine.dll
2010-11-11 08:22:29 . 2010-11-11 08:22:30 -------- d-----r- C:\Program Files\Norton Support
2010-11-11 06:33:15 . 2010-11-11 06:33:15 -------- d-----w- C:\Program Files\Common Files\Java
2010-11-07 07:44:36 . 2010-11-07 07:44:36 109056 --sha-r- C:\Windows\system32\trkwksz.dll
2010-10-30 02:19:42 . 2010-10-30 02:19:42 -------- d-----w- C:\ProgramData\Livescribe
2010-10-28 13:28:37 . 2010-10-28 13:32:12 -------- d-----w- C:\Users\Lauren\AppData\Local\Livescribe
2010-10-28 13:28:32 . 2009-07-14 17:45:07 445008 ----a-w- C:\Windows\system32\drivers\Wdf01000.sys
2010-10-28 13:28:32 . 2009-07-14 17:45:07 38480 ----a-w- C:\Windows\system32\drivers\WdfLdr.sys
2010-10-28 13:20:17 . 2010-10-30 02:19:41 -------- d-----w- C:\Program Files\Common Files\Livescribe
2010-10-28 13:16:21 . 2010-10-28 13:16:21 -------- d-----w- C:\Users\Lauren\AppData\Roaming\Downloaded Installations
2010-10-27 04:58:16 . 2010-10-27 04:58:16 -------- d-----w- C:\Program Files\Lame for Audacity
2010-10-27 04:26:35 . 2010-10-27 04:26:40 -------- d-----w- C:\Users\Lauren\AppData\Roaming\FileOpen
2010-10-27 04:26:35 . 2010-10-27 04:26:35 -------- d-----w- C:\ProgramData\FileOpen
2010-10-27 04:26:06 . 2010-10-27 04:26:06 -------- d-----w- C:\Program Files\FileOpen
2010-10-27 03:30:47 . 2010-10-27 03:30:49 -------- d-----w- C:\Program Files\Audacity
2010-10-27 03:26:23 . 2010-10-27 03:26:23 -------- d-----w- C:\Users\Lauren\AppData\Roaming\Syntrillium
2010-10-16 03:18:04 . 2010-09-13 13:56:02 168960 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2010-10-16 03:18:02 . 2010-09-13 13:56:41 8147456 ----a-w- C:\Windows\system32\wmploc.DLL
2010-10-16 03:16:46 . 2010-09-06 16:20:29 125952 ----a-w- C:\Windows\system32\srvsvc.dll
2010-10-16 03:16:44 . 2010-09-06 13:45:19 102400 ----a-w- C:\Windows\system32\drivers\srvnet.sys
2010-10-16 03:16:43 . 2010-09-06 13:45:38 304128 ----a-w- C:\Windows\system32\drivers\srv.sys
2010-10-16 03:16:42 . 2010-09-06 13:45:22 145408 ----a-w- C:\Windows\system32\drivers\srv2.sys
2010-10-16 03:16:39 . 2010-09-06 16:19:06 17920 ----a-w- C:\Windows\system32\netevent.dll
2010-10-16 03:16:08 . 2010-08-10 15:53:15 274944 ----a-w- C:\Windows\system32\schannel.dll
2010-10-16 03:16:00 . 2010-06-28 17:00:21 1316864 ----a-w- C:\Windows\system32\ole32.dll
2010-10-16 03:16:00 . 2010-06-28 14:54:38 339968 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
2010-10-16 03:14:50 . 2010-08-31 13:27:38 2038272 ----a-w- C:\Windows\system32\win32k.sys
2010-10-16 03:14:45 . 2010-05-04 19:13:07 231424 ----a-w- C:\Windows\system32\msshsq.dll
2010-10-16 03:14:41 . 2010-08-20 16:05:07 867328 ----a-w- C:\Windows\system32\wmpmde.dll
2010-10-16 03:14:34 . 2010-08-31 15:44:31 531968 ----a-w- C:\Windows\system32\comctl32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-11 12:20:14 . 2009-05-11 06:30:34 952 --sha-w- C:\ProgramData\KGyGaAvL.sys
2010-10-19 01:41:44 . 2010-02-21 16:40:44 222080 ------w- C:\Windows\system32\MpSigStub.exe
2010-10-04 10:07:35 . 2010-10-04 10:07:28 9524240 ----a-w- C:\Users\Public\LDWin_Update_17_29661.exe
2010-09-14 18:50:37 . 2010-05-31 01:29:45 472808 ----a-w- C:\Windows\system32\deployJava1.dll
2010-09-08 01:17:46 . 2010-09-08 01:17:46 94208 ----a-w- C:\Windows\system32\QuickTimeVR.qtx
2010-09-08 01:17:46 . 2010-09-08 01:17:46 69632 ----a-w- C:\Windows\system32\QuickTime.qts
2010-08-17 14:11:37 . 2010-09-15 01:47:06 128000 ----a-w- C:\Windows\system32\spoolsv.exe
2008-09-10 07:39:54 . 2009-02-12 22:08:43 14228264 ----a-w- C:\Program Files\iTunes.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 06:38:12 121392 ----a-w- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2009-04-11 06:28:03 1233920]
"BitTorrent DNA"="C:\Users\Lauren\Program Files\DNA\btdna.exe" [2009-10-07 09:19:04 323392]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 01:02:04 2356088]
 
ComboFix 10-11-12.01 - Lauren 14/11/2010 12:53:57.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3066.1832 [GMT 10:00]
Running from: c:\users\Lauren\Desktop\ComboFix.exe
Command switches used :: c:\users\Lauren\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\trkwksz.dll"
"c:\windows\TEMP\TMP0000003FA9E098AC53B9EC62"
.

((((((((((((((((((((((((( Files Created from 2010-10-14 to 2010-11-14 )))))))))))))))))))))))))))))))
.

2010-11-14 03:06 . 2010-11-14 03:06 -------- d-----w- c:\users\Lauren\AppData\Local\temp
2010-11-14 03:06 . 2010-11-14 03:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-13 00:49 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AE729071-7A95-484F-BE06-6D5B09AF76FB}\mpengine.dll
2010-11-11 08:22 . 2010-11-11 08:22 -------- d-----r- c:\program files\Norton Support
2010-11-11 06:33 . 2010-11-11 06:33 -------- d-----w- c:\program files\Common Files\Java
2010-11-07 07:44 . 2010-11-07 07:44 109056 --sha-r- c:\windows\system32\trkwksz.dll
2010-10-30 02:19 . 2010-10-30 02:19 -------- d-----w- c:\programdata\Livescribe
2010-10-28 13:28 . 2010-10-28 13:32 -------- d-----w- c:\users\Lauren\AppData\Local\Livescribe
2010-10-28 13:28 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2010-10-28 13:28 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2010-10-28 13:20 . 2010-10-30 02:19 -------- d-----w- c:\program files\Common Files\Livescribe
2010-10-28 13:16 . 2010-10-28 13:16 -------- d-----w- c:\users\Lauren\AppData\Roaming\Downloaded Installations
2010-10-27 04:58 . 2010-10-27 04:58 -------- d-----w- c:\program files\Lame for Audacity
2010-10-27 04:26 . 2010-10-27 04:26 -------- d-----w- c:\users\Lauren\AppData\Roaming\FileOpen
2010-10-27 04:26 . 2010-10-27 04:26 -------- d-----w- c:\programdata\FileOpen
2010-10-27 04:26 . 2010-10-27 04:26 -------- d-----w- c:\program files\FileOpen
2010-10-27 03:30 . 2010-10-27 03:30 -------- d-----w- c:\program files\Audacity
2010-10-27 03:26 . 2010-10-27 03:26 -------- d-----w- c:\users\Lauren\AppData\Roaming\Syntrillium
2010-10-16 03:18 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-16 03:18 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-16 03:16 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-16 03:16 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-16 03:16 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-16 03:16 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-16 03:16 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-16 03:16 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-16 03:16 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-16 03:16 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-16 03:14 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-16 03:14 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-16 03:14 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-16 03:14 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-11 12:20 . 2009-05-11 06:30 952 --sha-w- c:\programdata\KGyGaAvL.sys
2010-10-19 01:41 . 2010-02-21 16:40 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-04 10:07 . 2010-10-04 10:07 9524240 ----a-w- c:\users\Public\LDWin_Update_17_29661.exe
2010-09-14 18:50 . 2010-05-31 01:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-08 01:17 . 2010-09-08 01:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 01:17 . 2010-09-08 01:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-17 14:11 . 2010-09-15 01:47 128000 ----a-w- c:\windows\system32\spoolsv.exe
2008-09-10 07:39 . 2009-02-12 22:08 14228264 ----a-w- c:\program files\iTunes.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 06:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"BitTorrent DNA"="c:\users\Lauren\Program Files\DNA\btdna.exe" [2009-10-07 323392]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-21 6037504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-23 397312]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 526896]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-07-08 858632]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-21 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-21 92704]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-07-13 3625984]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"Skytel"="Skytel.exe" [2008-04-21 1826816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-23 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\users\Lauren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-13 723496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-07-13 05:08 2938880 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2008-07-13 3435008]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
R3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\DRIVERS\PulseUsb.sys [2010-05-23 20480]
R3 SmartpenBus;Smartpen Enumerator;c:\windows\system32\DRIVERS\SmartpenBus.sys [x]
R3 SmartpenCom;Smartpen Communications;c:\windows\system32\DRIVERS\SmartpenCom.sys [x]
S0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2008-07-13 43184]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2009-08-22 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2009-08-22 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2009-08-22 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101112.001\IDSvix86.sys [2010-10-19 353840]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2009-08-22 117640]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-07 50424]
S2 PenCommService;Livescribe Smartpen Service;c:\program files\Common Files\Livescribe\PenComm\PenCommService.exe [2010-10-18 457728]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-21 81296]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-04-21 43552]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [2009-08-22 48688]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2010-11-14 c:\windows\Tasks\User_Feed_Synchronization-{7F5CCD73-BC79-44E7-A722-80D8A7E7FA7C}.job
- c:\windows\system32\msfeedssync.exe [2010-10-16 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.jcu.edu.au/
mStart Page = hxxp://en.au.acer.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-14 13:06
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4924)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btmmhook.dll
c:\windows\System32\SysHook.dll
c:\windows\System32\NLSLexicons0009.dll
.
Completion time: 2010-11-14 13:10:17
ComboFix-quarantined-files.txt 2010-11-14 03:10
ComboFix2.txt 2010-11-13 03:39

Pre-Run: 63,457,038,336 bytes free
Post-Run: 63,233,892,352 bytes free

- - End Of File - - 95ECAED50634EC6978CDABC925A0E636
 
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\windows\system32\trkwksz.dll


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
ComboFix 10-11-12.01 - Lauren 14/11/2010 14:30:54.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3066.1791 [GMT 10:00]
Running from: c:\users\Lauren\Desktop\ComboFix.exe
Command switches used :: c:\users\Lauren\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\trkwksz.dll"
.

((((((((((((((((((((((((( Files Created from 2010-10-14 to 2010-11-14 )))))))))))))))))))))))))))))))
.

2010-11-14 04:44 . 2010-11-14 04:44 -------- d-----w- c:\users\Lauren\AppData\Local\temp
2010-11-14 04:44 . 2010-11-14 04:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-13 00:49 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AE729071-7A95-484F-BE06-6D5B09AF76FB}\mpengine.dll
2010-11-11 08:22 . 2010-11-11 08:22 -------- d-----r- c:\program files\Norton Support
2010-11-11 06:33 . 2010-11-11 06:33 -------- d-----w- c:\program files\Common Files\Java
2010-11-07 07:44 . 2010-11-07 07:44 109056 --sha-r- c:\windows\system32\trkwksz.dll
2010-10-30 02:19 . 2010-10-30 02:19 -------- d-----w- c:\programdata\Livescribe
2010-10-28 13:28 . 2010-10-28 13:32 -------- d-----w- c:\users\Lauren\AppData\Local\Livescribe
2010-10-28 13:28 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2010-10-28 13:28 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2010-10-28 13:20 . 2010-10-30 02:19 -------- d-----w- c:\program files\Common Files\Livescribe
2010-10-28 13:16 . 2010-10-28 13:16 -------- d-----w- c:\users\Lauren\AppData\Roaming\Downloaded Installations
2010-10-27 04:58 . 2010-10-27 04:58 -------- d-----w- c:\program files\Lame for Audacity
2010-10-27 04:26 . 2010-10-27 04:26 -------- d-----w- c:\users\Lauren\AppData\Roaming\FileOpen
2010-10-27 04:26 . 2010-10-27 04:26 -------- d-----w- c:\programdata\FileOpen
2010-10-27 04:26 . 2010-10-27 04:26 -------- d-----w- c:\program files\FileOpen
2010-10-27 03:30 . 2010-10-27 03:30 -------- d-----w- c:\program files\Audacity
2010-10-27 03:26 . 2010-10-27 03:26 -------- d-----w- c:\users\Lauren\AppData\Roaming\Syntrillium
2010-10-16 03:18 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-16 03:18 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-16 03:16 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-16 03:16 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-16 03:16 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-16 03:16 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-16 03:16 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-16 03:16 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-16 03:16 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-16 03:16 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-16 03:14 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-16 03:14 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-16 03:14 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-16 03:14 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-11 12:20 . 2009-05-11 06:30 952 --sha-w- c:\programdata\KGyGaAvL.sys
2010-10-19 01:41 . 2010-02-21 16:40 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-04 10:07 . 2010-10-04 10:07 9524240 ----a-w- c:\users\Public\LDWin_Update_17_29661.exe
2010-09-14 18:50 . 2010-05-31 01:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-08 01:17 . 2010-09-08 01:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 01:17 . 2010-09-08 01:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-17 14:11 . 2010-09-15 01:47 128000 ----a-w- c:\windows\system32\spoolsv.exe
2008-09-10 07:39 . 2009-02-12 22:08 14228264 ----a-w- c:\program files\iTunes.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 06:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"BitTorrent DNA"="c:\users\Lauren\Program Files\DNA\btdna.exe" [2009-10-07 323392]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-21 6037504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-23 397312]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 526896]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-07-08 858632]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-21 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-21 92704]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-07-13 3625984]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"Skytel"="Skytel.exe" [2008-04-21 1826816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-23 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\users\Lauren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-13 723496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-07-13 05:08 2938880 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2008-07-13 3435008]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
R3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\DRIVERS\PulseUsb.sys [2010-05-23 20480]
R3 SmartpenBus;Smartpen Enumerator;c:\windows\system32\DRIVERS\SmartpenBus.sys [x]
R3 SmartpenCom;Smartpen Communications;c:\windows\system32\DRIVERS\SmartpenCom.sys [x]
S0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2008-07-13 43184]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2009-08-22 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2009-08-22 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2009-08-22 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101112.001\IDSvix86.sys [2010-10-19 353840]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2009-08-22 117640]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-07 50424]
S2 PenCommService;Livescribe Smartpen Service;c:\program files\Common Files\Livescribe\PenComm\PenCommService.exe [2010-10-18 457728]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-21 81296]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-04-21 43552]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [2009-08-22 48688]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2010-11-14 c:\windows\Tasks\User_Feed_Synchronization-{7F5CCD73-BC79-44E7-A722-80D8A7E7FA7C}.job
- c:\windows\system32\msfeedssync.exe [2010-10-16 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.jcu.edu.au/
mStart Page = hxxp://en.au.acer.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-14 14:44
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2512)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btmmhook.dll
c:\windows\System32\SysHook.dll
c:\windows\System32\NLSData0009.dll
.
Completion time: 2010-11-14 14:47:38
ComboFix-quarantined-files.txt 2010-11-14 04:47
ComboFix2.txt 2010-11-14 03:10
ComboFix3.txt 2010-11-13 03:39

Pre-Run: 63,361,454,080 bytes free
Post-Run: 63,332,827,136 bytes free

- - End Of File - - 30178DC94BBE94C512468DC0D283BCC1
 
For some reason, we can't get rid of that stubborn file.

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
TDSSKiller log

2010/11/15 11:53:00.0605 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
2010/11/15 11:53:00.0605 ================================================================================
2010/11/15 11:53:00.0605 SystemInfo:
2010/11/15 11:53:00.0605
2010/11/15 11:53:00.0605 OS Version: 6.0.6002 ServicePack: 2.0
2010/11/15 11:53:00.0605 Product type: Workstation
2010/11/15 11:53:00.0605 ComputerName: LAURENS-LAPTOP
2010/11/15 11:53:00.0605 UserName: Lauren
2010/11/15 11:53:00.0605 Windows directory: C:\Windows
2010/11/15 11:53:00.0605 System windows directory: C:\Windows
2010/11/15 11:53:00.0605 Processor architecture: Intel x86
2010/11/15 11:53:00.0605 Number of processors: 2
2010/11/15 11:53:00.0605 Page size: 0x1000
2010/11/15 11:53:00.0605 Boot type: Normal boot
2010/11/15 11:53:00.0605 ================================================================================
2010/11/15 11:53:01.0978 Initialize success
2010/11/15 11:53:04.0911 ================================================================================
2010/11/15 11:53:04.0911 Scan started
2010/11/15 11:53:04.0911 Mode: Manual;
2010/11/15 11:53:04.0911 ================================================================================
2010/11/15 11:53:05.0738 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/11/15 11:53:05.0909 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/11/15 11:53:06.0081 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/11/15 11:53:06.0252 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/11/15 11:53:06.0362 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/11/15 11:53:06.0596 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/11/15 11:53:06.0783 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/11/15 11:53:06.0908 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/11/15 11:53:07.0064 AlfaFF (8d59617a9c3dbf4650aa44f4e9215744) C:\Windows\system32\Drivers\AlfaFF.sys
2010/11/15 11:53:07.0235 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/11/15 11:53:07.0391 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/11/15 11:53:07.0516 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/11/15 11:53:07.0688 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/11/15 11:53:07.0859 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2010/11/15 11:53:08.0156 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/11/15 11:53:08.0327 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/11/15 11:53:08.0499 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/11/15 11:53:08.0592 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2010/11/15 11:53:08.0717 ATSWPDRV (5e19f7b730c6a32e83174e2d6fee4389) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
2010/11/15 11:53:08.0982 b57nd60x (7d0f2bfa273831124fa08526af48af18) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/11/15 11:53:09.0248 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/11/15 11:53:09.0513 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\Windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys
2010/11/15 11:53:09.0731 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/11/15 11:53:09.0996 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/11/15 11:53:10.0152 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/11/15 11:53:10.0215 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/11/15 11:53:10.0371 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/11/15 11:53:10.0433 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/11/15 11:53:10.0480 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/11/15 11:53:10.0527 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/11/15 11:53:10.0636 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/11/15 11:53:10.0745 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/11/15 11:53:10.0854 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2010/11/15 11:53:10.0979 BthPort (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2010/11/15 11:53:11.0120 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2010/11/15 11:53:11.0276 btwaudio (3ea1a20dc0ca1ad23e7aa8c37a91bcd1) C:\Windows\system32\drivers\btwaudio.sys
2010/11/15 11:53:11.0447 btwavdt (195872e48a7fb01f8bc9b800f70f4054) C:\Windows\system32\drivers\btwavdt.sys
2010/11/15 11:53:11.0541 btwrchid (0724e7d6c9b6a289eddda33fa8176e80) C:\Windows\system32\DRIVERS\btwrchid.sys
2010/11/15 11:53:11.0962 ccHP (8973ff34b83572d867b5b928905ad5ac) C:\Windows\System32\Drivers\N360\0308000.029\ccHPx86.sys
2010/11/15 11:53:12.0118 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/11/15 11:53:12.0336 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/11/15 11:53:12.0461 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2010/11/15 11:53:12.0602 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/11/15 11:53:12.0804 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/11/15 11:53:12.0929 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/11/15 11:53:13.0070 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/11/15 11:53:13.0319 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/11/15 11:53:13.0444 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/11/15 11:53:13.0631 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/11/15 11:53:13.0818 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/11/15 11:53:13.0912 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
2010/11/15 11:53:14.0099 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/11/15 11:53:14.0208 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
2010/11/15 11:53:14.0427 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/11/15 11:53:14.0676 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/11/15 11:53:14.0848 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/11/15 11:53:15.0066 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/11/15 11:53:15.0269 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/11/15 11:53:15.0472 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2010/11/15 11:53:15.0737 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/11/15 11:53:15.0924 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/11/15 11:53:16.0080 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/11/15 11:53:16.0205 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/11/15 11:53:16.0346 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/11/15 11:53:16.0439 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/11/15 11:53:16.0611 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/11/15 11:53:16.0736 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/11/15 11:53:16.0798 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/11/15 11:53:16.0923 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/11/15 11:53:17.0063 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/11/15 11:53:17.0235 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/11/15 11:53:17.0375 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/11/15 11:53:17.0453 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/11/15 11:53:17.0547 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/11/15 11:53:17.0640 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/11/15 11:53:17.0765 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2010/11/15 11:53:17.0937 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/11/15 11:53:18.0062 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2010/11/15 11:53:18.0171 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/11/15 11:53:18.0280 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/11/15 11:53:18.0374 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/11/15 11:53:18.0561 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
2010/11/15 11:53:18.0639 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/11/15 11:53:18.0842 IDSVix86 (ee90168d5578359fe9a295b8611330c0) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101112.001\IDSvix86.sys
2010/11/15 11:53:19.0029 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/11/15 11:53:19.0107 int15 (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Windows\system32\drivers\int15.sys
2010/11/15 11:53:19.0310 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
2010/11/15 11:53:19.0450 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/11/15 11:53:19.0528 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/11/15 11:53:19.0653 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/11/15 11:53:19.0746 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/11/15 11:53:19.0793 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/11/15 11:53:19.0887 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/11/15 11:53:19.0965 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/11/15 11:53:20.0043 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/11/15 11:53:20.0090 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/11/15 11:53:20.0199 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/11/15 11:53:20.0324 JMCR (858c550ebbd243826a2193262c1b54a3) C:\Windows\system32\DRIVERS\jmcr.sys
2010/11/15 11:53:20.0355 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/11/15 11:53:20.0464 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2010/11/15 11:53:20.0651 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/11/15 11:53:20.0870 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/11/15 11:53:20.0994 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/11/15 11:53:21.0104 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/11/15 11:53:21.0228 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/11/15 11:53:21.0306 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/11/15 11:53:21.0416 MBAMSwissArmy (c7dd7d9739785bd3a6b8499eec1dee7e) C:\Windows\system32\drivers\mbamswissarmy.sys
2010/11/15 11:53:21.0634 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/11/15 11:53:21.0728 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/11/15 11:53:21.0899 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/11/15 11:53:22.0008 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/11/15 11:53:22.0118 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/11/15 11:53:22.0227 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/11/15 11:53:22.0398 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
2010/11/15 11:53:22.0476 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/11/15 11:53:22.0648 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/11/15 11:53:22.0726 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/11/15 11:53:22.0804 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/11/15 11:53:22.0898 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/11/15 11:53:23.0038 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/11/15 11:53:23.0116 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/11/15 11:53:23.0256 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/11/15 11:53:23.0366 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2010/11/15 11:53:23.0428 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/11/15 11:53:23.0522 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/11/15 11:53:23.0662 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/11/15 11:53:23.0818 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/11/15 11:53:23.0880 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/11/15 11:53:23.0990 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/11/15 11:53:24.0099 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/11/15 11:53:24.0239 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/11/15 11:53:24.0426 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/11/15 11:53:24.0536 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/11/15 11:53:24.0754 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/11/15 11:53:24.0926 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101114.003\NAVENG.SYS
2010/11/15 11:53:25.0035 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101114.003\NAVEX15.SYS
2010/11/15 11:53:25.0284 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/11/15 11:53:25.0409 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/11/15 11:53:25.0503 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/11/15 11:53:25.0612 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/11/15 11:53:25.0752 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/11/15 11:53:25.0815 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/11/15 11:53:25.0908 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/11/15 11:53:26.0220 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
2010/11/15 11:53:26.0392 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/11/15 11:53:26.0564 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/11/15 11:53:26.0642 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/11/15 11:53:26.0766 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/11/15 11:53:26.0954 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2010/11/15 11:53:27.0032 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/11/15 11:53:27.0188 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/11/15 11:53:27.0297 NVHDA (f972dc046c374a9e02f2dfbe74ebb203) C:\Windows\system32\drivers\nvhda32v.sys
2010/11/15 11:53:27.0640 nvlddmkm (0a19680ca54d262534f8a2f4cf79e271) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/11/15 11:53:27.0874 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/11/15 11:53:27.0968 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/11/15 11:53:28.0124 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/11/15 11:53:28.0342 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2010/11/15 11:53:28.0545 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/11/15 11:53:28.0670 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/11/15 11:53:28.0748 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/11/15 11:53:28.0857 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/11/15 11:53:28.0982 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2010/11/15 11:53:29.0091 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/11/15 11:53:29.0231 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/11/15 11:53:29.0512 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/11/15 11:53:29.0652 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/11/15 11:53:29.0808 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/11/15 11:53:29.0933 PSDFilter (ab94285ff6c6bc5433407d8d182a4bb4) C:\Windows\system32\DRIVERS\psdfilter.sys
2010/11/15 11:53:29.0996 PSDNServ (2aaf9a5d7a63d26bfaea853c5f2292bc) C:\Windows\system32\DRIVERS\PSDNServ.sys
2010/11/15 11:53:30.0089 psdvdisk (0eb8cec99855beae5b0d02c2302619ef) C:\Windows\system32\DRIVERS\PSDVdisk.sys
2010/11/15 11:53:30.0261 PulseUsb (82749a87e49fdc46e6d1b9627507dd75) C:\Windows\system32\DRIVERS\PulseUsb.sys
2010/11/15 11:53:30.0370 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/11/15 11:53:30.0557 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/11/15 11:53:30.0651 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/11/15 11:53:30.0713 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/11/15 11:53:30.0776 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/11/15 11:53:30.0900 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/11/15 11:53:30.0978 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/11/15 11:53:31.0088 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/11/15 11:53:31.0181 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/11/15 11:53:31.0337 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2010/11/15 11:53:31.0493 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/11/15 11:53:31.0618 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/11/15 11:53:31.0743 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
2010/11/15 11:53:31.0852 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/11/15 11:53:32.0039 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/11/15 11:53:32.0133 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/11/15 11:53:32.0351 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2010/11/15 11:53:32.0445 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/11/15 11:53:32.0585 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/11/15 11:53:32.0679 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/11/15 11:53:32.0757 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/11/15 11:53:32.0913 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2010/11/15 11:53:32.0975 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/11/15 11:53:33.0084 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2010/11/15 11:53:33.0225 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/11/15 11:53:33.0334 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/11/15 11:53:33.0459 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/11/15 11:53:33.0584 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/11/15 11:53:34.0005 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/11/15 11:53:34.0208 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/11/15 11:53:34.0535 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\Windows\System32\Drivers\N360\0308000.029\SRTSP.SYS
2010/11/15 11:53:34.0785 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\Windows\system32\drivers\N360\0308000.029\SRTSPX.SYS
2010/11/15 11:53:35.0003 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2010/11/15 11:53:35.0159 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2010/11/15 11:53:35.0424 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2010/11/15 11:53:35.0612 sscdbus (92b69020fc480219683d429dca068d71) C:\Windows\system32\DRIVERS\sscdbus.sys
2010/11/15 11:53:35.0736 sscdmdfl (77a2869d40cc84af711c321f9b0c7a78) C:\Windows\system32\DRIVERS\sscdmdfl.sys
2010/11/15 11:53:35.0908 sscdmdm (b4255635195a8413fcde7af5b7c4e382) C:\Windows\system32\DRIVERS\sscdmdm.sys
2010/11/15 11:53:36.0142 StarOpen (306521935042fc0a6988d528643619b3) C:\Windows\system32\drivers\StarOpen.sys
2010/11/15 11:53:36.0298 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/11/15 11:53:36.0392 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/11/15 11:53:36.0641 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\Windows\system32\drivers\N360\0308000.029\SYMEFA.SYS
2010/11/15 11:53:36.0860 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\Windows\system32\Drivers\SYMEVENT.SYS
2010/11/15 11:53:37.0094 SYMFW (1e825026436c4eac3e1a11d1e9c33f2c) C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS
2010/11/15 11:53:37.0265 SymIM (34f1c9d5dcc19df1e824d6b73767b8af) C:\Windows\system32\DRIVERS\SymIMv.sys
2010/11/15 11:53:37.0468 SYMNDISV (dcbf73da96cce94933c8cc6eded3c98b) C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS
2010/11/15 11:53:37.0718 SYMTDI (e4fa8bbb96e314e9508865de1a767538) C:\Windows\System32\Drivers\N360\0308000.029\SYMTDI.SYS
2010/11/15 11:53:37.0874 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/11/15 11:53:37.0967 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/11/15 11:53:38.0139 SynTP (bf7aa84d5af0faa0978c840e63b17dbf) C:\Windows\system32\DRIVERS\SynTP.sys
2010/11/15 11:53:38.0326 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/11/15 11:53:38.0482 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/11/15 11:53:38.0576 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/11/15 11:53:38.0716 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/11/15 11:53:38.0794 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/11/15 11:53:38.0872 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/11/15 11:53:38.0997 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/11/15 11:53:39.0122 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/11/15 11:53:39.0246 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/11/15 11:53:39.0309 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/11/15 11:53:39.0402 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/11/15 11:53:39.0558 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
2010/11/15 11:53:39.0652 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/11/15 11:53:39.0824 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/11/15 11:53:39.0917 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/11/15 11:53:40.0058 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/11/15 11:53:40.0136 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/11/15 11:53:40.0214 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/11/15 11:53:40.0401 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2010/11/15 11:53:40.0541 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/11/15 11:53:40.0635 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/11/15 11:53:40.0728 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/11/15 11:53:40.0838 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/11/15 11:53:40.0931 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/11/15 11:53:41.0087 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/11/15 11:53:41.0212 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/11/15 11:53:41.0337 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/11/15 11:53:41.0430 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/11/15 11:53:41.0571 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2010/11/15 11:53:41.0742 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/11/15 11:53:41.0820 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/11/15 11:53:41.0914 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/11/15 11:53:42.0039 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/11/15 11:53:42.0164 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/11/15 11:53:42.0257 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/11/15 11:53:42.0398 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/11/15 11:53:42.0507 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/11/15 11:53:42.0647 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/11/15 11:53:42.0741 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/11/15 11:53:42.0897 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/15 11:53:42.0975 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/15 11:53:43.0100 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/11/15 11:53:43.0224 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/11/15 11:53:43.0474 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/11/15 11:53:43.0661 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/11/15 11:53:43.0880 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/11/15 11:53:44.0004 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/11/15 11:53:44.0192 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/11/15 11:53:44.0379 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2010/11/15 11:53:45.0190 ================================================================================
2010/11/15 11:53:45.0190 Scan finished
2010/11/15 11:53:45.0190 ================================================================================
 
OK. Nothing there...

Please download The Avenger by Swandog46 to your Desktop.
- Right click on the Avenger.zip folder and select Extract All...
- Follow the prompts and extract the avenger folder to your desktop

Double click on avenger.exe.
Click OK in pop-up window.

Avenger window will open.

Click on Execute button.
Click OK in two consecutive pop-up windows.

Your computer will re-boot now.

Upon re-boot, Notepad window will open.
Select all text, copy it, and paste it into next reply.

NOTE. If the log doesn't open on reboot, open Avenger again, and go File>Open Log File.
 
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Completed script processing.

*******************

Finished! Terminate.
 
1. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Code: 
Begin copying here:
Drivers to delete:

Files to delete:
c:\windows\system32\trkwksz.dll

Folders to delete:

Registry Keys to delete:

Registry values to delete:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools


2. Now, open the Avenger folder and start The Avenger program by clicking on its icon.

* Right click on the window under Input script here:, and select Paste.
* You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
* Click on Execute
* Answer "Yes" twice when prompted.


3. The Avenger will automatically do the following:

* It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
* On reboot, it will briefly open a black command window on your desktop, this is normal.
* After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
* The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

4. Please copy/paste the content of c:\avenger.txt into your reply
 
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6002, Service Pack 2)
Tue Nov 16 11:59:46 2010

11:59:31: Error: Invalid registry syntax in command:
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry value deletion mode)


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\windows\system32\trkwksz.dll" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
 
Very good :)

How is redirection issue?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Status
Not open for further replies.

Similar threads

BBrown2022
  • Locked
Inactive Windows .DLL Files & Drivers overwritten
Replies
8
Views
2K
Broni
Broni
L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni
C
Solved Malware \ProductData + possibly more, on two devices
Replies
4
Views
8K
Broni
Broni

Latest posts

Back