Jump to content

ibeenthere

Members
  • Posts

    18
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thanks MrC, I will do this at a later date. I need a break from computers for a while, i'm bushed. Thank you, Roger PS I will also do the donation soon too.
  2. MrC, you have been a great help and I will finish up as you have instructed My wife has a laptop that has a bunch of pup files on it. Is there a quick fix for it through Malwarebytes Pro Or do I need to work with you on that? Roger
  3. You sure have spent a lot of time with me and it is really appreciated, Results of screen317's Security Check version 0.99.74 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! Norton 360 Premier Edition Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` SUPERAntiSpyware Malwarebytes Anti-Malware version 1.75.0.1300 CCleaner (remove only) Java 6 Update 31 Java 7 Update 3 Java version out of Date! Adobe Flash Player 11.2.202.235 Adobe Reader 10.1.8 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: ````````````````````End of Log``````````````````````
  4. Malware showed only one problem Rookit.Agent.WU and here is the log. Computer seems to be running fairly well. Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.org Database version: v2013.09.25.01 Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702Moses :: SHUTTLE [administrator] Protection: Enabled 9/26/2013 10:55:48 AMmbam-log-2013-09-26 (10-55-48).txt Scan type: Full scan (C:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 396898Time elapsed: 4 hour(s), 11 minute(s), 46 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 5HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7D9E1ADC-7DB1-4EAF-B6C7-7E062074E6BE} (PUP.BlekkoSearchBar) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hijackthis.exe (Security.Hijack) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\housecalllauncher.exe (Security.Hijack) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe (Security.Hijack) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spybotsd.exe (Security.Hijack) -> Quarantined and deleted successfully. Registry Values Detected: 1HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|pcreg (PUP.Optional.Chatzum) -> Data: C:\Program Files\wrapper_inst\service.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 1C:\Documents and Settings\Moses\Application Data\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully. Files Detected: 7C:\Program Files\WRAPPER_INST\service.exe (PUP.Optional.Chatzum) -> Quarantined and deleted successfully.C:\Documents and Settings\Moses\My Documents\Downloads\SoftonicDownloader_for_123-free-solitaire.exe (PUP.Optional.Softonic) -> Quarantined and deleted successfully.c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\rp840\a0270333.exe (Trojan.Agent.DF) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP840\A0271441.exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP848\A0275804.exe (Trojan.VB) -> Quarantined and deleted successfully.C:\Program Files\I Want This\Uninstall.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.C:\Documents and Settings\Moses\Application Data\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully. (end)
  5. # AdwCleaner v3.006 - Report created 04/10/2013 at 12:51:13 # Updated 01/10/2013 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Moses - SHUTTLE # Running from : C:\Documents and Settings\Moses\Desktop\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Found C:\Documents and Settings\All Users\Application Data\AGI Folder Found C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor Folder Found C:\Documents and Settings\All Users\Application Data\Babylon Folder Found C:\Documents and Settings\All Users\Application Data\blekko toolbars Folder Found C:\Documents and Settings\All Users\Application Data\ParetoLogic Folder Found C:\Documents and Settings\All Users\Application Data\Trymedia Folder Found C:\Documents and Settings\LocalService\Application Data\AGI Folder Found C:\Documents and Settings\Moses\Application Data\AGI Folder Found C:\Documents and Settings\Moses\Application Data\DriverCure Folder Found C:\Documents and Settings\Moses\Application Data\ParetoLogic Folder Found C:\Documents and Settings\Moses\Application Data\Uniblue\SpeedUpMyPC Folder Found C:\Documents and Settings\Moses\Local Settings\Application Data\Babylon Folder Found C:\Documents and Settings\Moses\Local Settings\Application Data\Conduit Folder Found C:\Program Files\AGI ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\AGI Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8} Key Found : HKCU\Software\ParetoLogic Key Found : HKCU\Software\Softonic Key Found : HKCU\Software\Uniblue\SpeedUpMyPC Key Found : HKCU\Software\YahooPartnerToolbar Key Found : HKLM\Software\AGI Key Found : HKLM\Software\Babylon Key Found : HKLM\SOFTWARE\Classes\agihelper.AGUtils Key Found : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4} Key Found : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL Key Found : HKLM\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} Key Found : HKLM\SOFTWARE\Classes\Prod.cap Key Found : HKLM\Software\Conduit Key Found : HKLM\Software\Freeze.com Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Anti-phishing Domain Advisor Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\I Want This Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor Key Found : HKLM\Software\ParetoLogic Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0BC6E3FA-78EF-4886-842C-5A1258C4455A}] ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Google Chrome v [ File : C:\Documents and Settings\Moses\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [4198 octets] - [04/10/2013 12:51:13] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4258 octets] ##########
  6. Adwcleaner came out clear and the log is as follows. # AdwCleaner v3.006 - Report created 04/10/2013 at 12:51:13# Updated 01/10/2013 by Xplode# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)# Username : Moses - SHUTTLE# Running from : C:\Documents and Settings\Moses\Desktop\AdwCleaner.exe# Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Found C:\Documents and Settings\All Users\Application Data\AGIFolder Found C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain AdvisorFolder Found C:\Documents and Settings\All Users\Application Data\BabylonFolder Found C:\Documents and Settings\All Users\Application Data\blekko toolbarsFolder Found C:\Documents and Settings\All Users\Application Data\ParetoLogicFolder Found C:\Documents and Settings\All Users\Application Data\TrymediaFolder Found C:\Documents and Settings\LocalService\Application Data\AGIFolder Found C:\Documents and Settings\Moses\Application Data\AGIFolder Found C:\Documents and Settings\Moses\Application Data\DriverCureFolder Found C:\Documents and Settings\Moses\Application Data\ParetoLogicFolder Found C:\Documents and Settings\Moses\Application Data\Uniblue\SpeedUpMyPCFolder Found C:\Documents and Settings\Moses\Local Settings\Application Data\BabylonFolder Found C:\Documents and Settings\Moses\Local Settings\Application Data\ConduitFolder Found C:\Program Files\AGI ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\AGIKey Found : HKCU\Software\ConduitKey Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}Key Found : HKCU\Software\ParetoLogicKey Found : HKCU\Software\SoftonicKey Found : HKCU\Software\Uniblue\SpeedUpMyPCKey Found : HKCU\Software\YahooPartnerToolbarKey Found : HKLM\Software\AGIKey Found : HKLM\Software\BabylonKey Found : HKLM\SOFTWARE\Classes\agihelper.AGUtilsKey Found : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}Key Found : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLLKey Found : HKLM\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}Key Found : HKLM\SOFTWARE\Classes\Prod.capKey Found : HKLM\Software\ConduitKey Found : HKLM\Software\Freeze.comKey Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Anti-phishing Domain AdvisorKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\I Want ThisKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain AdvisorKey Found : HKLM\Software\ParetoLogicValue Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0BC6E3FA-78EF-4886-842C-5A1258C4455A}] ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Google Chrome v [ File : C:\Documents and Settings\Moses\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [4198 octets] - [04/10/2013 12:51:13] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4258 octets] ##########
  7. ComboFix 13-10-04.02 - Moses 10/04/2013 11:28:08.3.2 - x86 MINIMAL Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2570 [GMT -5:00]Running from: c:\documents and settings\Moses\desktop\combofix.exeCommand switches used :: /nombrAV: Norton 360 Premier Edition *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton 360 Premier Edition *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\Moses\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences.---- Previous Run -------.c:\documents and settings\Moses\Application Data\Iqelcy\uzme.tukc:\documents and settings\Moses\Application Data\Izuty\yrpie.exec:\documents and settings\Moses\Application Data\Moseslog.datc:\documents and settings\Moses\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferencesc:\documents and settings\Moses\Local Settings\Temporary Internet Files\Sys5889.Data Repository.sysc:\documents and settings\Moses\System\win_qs8.jqxC:\install.exec:\program files\I Want This\I Want This.icoc:\program files\WinPCap\daemon_mgm.exec:\program files\WinPCap\npf_mgm.exec:\program files\WinPCap\rpcapd.exec:\windows\CoUPonprinter.ocxc:\windows\system32\Packet.dllc:\windows\system32\PowerToyReadme.htmc:\windows\system32\pthreadVC.dllc:\windows\system32\SET808.tmpc:\windows\system32\SET823.tmpc:\windows\system32\SET825.tmpc:\windows\system32\SET833.tmpc:\windows\system32\SETA73.tmpc:\windows\system32\SETA7F.tmpc:\windows\system32\WanPacket.dllc:\windows\system32\wpcap.dll..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Legacy_NPF-------\Service_NPF..((((((((((((((((((((((((( Files Created from 2013-09-04 to 2013-10-04 )))))))))))))))))))))))))))))))..2074-05-07 23:38 . 2006-11-22 01:48 203576 ------w- c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe2013-10-04 00:18 . 2013-10-04 01:45 -------- d-----w- C:\FRST2013-10-03 22:15 . 2013-10-03 23:46 -------- d-sh--w- c:\program files\Common Files\Windows Update Service02013-09-22 04:08 . 2011-08-01 20:56 40936 ----a-w- c:\windows\system32\drivers\point32.sys2013-09-22 04:07 . 2008-11-07 23:55 16928 ----a-w- c:\windows\system32\spmsgXP_2k3.dll2013-09-22 04:07 . 2011-08-01 20:56 45288 ----a-w- c:\windows\system32\drivers\dc3d.sys2013-09-22 04:07 . 2011-08-01 20:56 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll2013-09-22 04:06 . 2013-09-22 04:06 -------- d-----w- c:\program files\Microsoft IntelliPoint2013-09-18 05:15 . 2013-09-18 05:15 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files2013-09-18 05:15 . 2013-09-18 05:15 -------- d-----w- c:\documents and settings\Moses\Local Settings\Application Data\MFAData2013-09-18 05:15 . 2013-09-18 05:15 -------- d-----w- c:\documents and settings\Moses\Local Settings\Application Data\Avg20142013-09-18 05:15 . 2013-09-18 05:15 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData2013-09-18 05:09 . 2013-09-18 05:08 5402832 ----a-w- c:\documents and settings\All Users\Application Data\pclunst.exe2013-09-18 05:09 . 2013-09-18 05:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PC1Data2013-09-18 04:29 . 2013-09-18 04:29 -------- d-----w- c:\documents and settings\Moses\Application Data\QuickScan2013-09-18 04:24 . 2013-09-18 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee2013-09-17 21:17 . 2013-10-03 22:15 -------- d-sh--w- c:\program files\Common Files\Microsoft Webupdater02013-09-17 03:43 . 2013-09-18 06:03 -------- d-----w- c:\documents and settings\Moses\Application Data\tor2013-09-17 03:42 . 2013-09-18 06:20 -------- d-----w- c:\documents and settings\Moses\Application Data\Aryf2013-09-17 03:42 . 2013-09-18 04:00 -------- d-----w- c:\documents and settings\Moses\Application Data\Xiwie2013-09-15 19:46 . 2005-10-29 01:56 736129 ----a-w- c:\program files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe2013-09-15 19:46 . 2005-10-29 01:30 766832 ----a-w- c:\program files\Microsoft Games\Solitaire\Solitaire.exe2013-09-15 19:46 . 2005-10-29 01:55 705422 ----a-w- c:\program files\Microsoft Games\Shanghai\Shanghai.exe2013-09-15 19:46 . 2005-10-29 01:54 960385 ----a-w- c:\program files\Microsoft Games\Purble Place\PurblePlace.exe2013-09-15 19:45 . 2005-10-29 01:53 997774 ----a-w- c:\program files\Microsoft Games\Minesweeper\Minesweeper.exe2013-09-15 19:45 . 2005-10-29 01:56 731009 ----a-w- c:\program files\Microsoft Games\Hearts\Hearts.exe2013-09-15 19:44 . 2013-09-15 19:46 -------- d-----w- c:\documents and settings\Moses\Local Settings\Application Data\Microsoft Games2013-09-15 19:44 . 2005-10-29 01:52 732160 ----a-w- c:\program files\Microsoft Games\Freecell\Freecell.exe2013-09-15 19:42 . 2007-05-17 12:55 61440 ----a-w- c:\windows\system32\Vista.Emulation.dll2013-09-15 19:42 . 2013-09-15 19:42 -------- d-----w- c:\program files\Vista Games2013-09-15 18:18 . 2013-10-02 01:39 -------- d-----w- c:\documents and settings\Moses\Local Settings\Application Data\SySaver2013-09-14 16:19 . 2013-09-14 16:29 -------- d-----w- c:\windows\system32\MRT2013-09-14 05:12 . 2013-09-14 05:12 712264 ----a-w- c:\windows\is-JEM1A.exe2013-09-14 04:04 . 2013-09-14 04:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Kristanix Games2013-09-14 03:38 . 2013-09-14 03:38 -------- d-----w- c:\program files\Softgame Company2013-09-14 03:29 . 2013-09-14 03:30 -------- d-----w- c:\windows\Application Data2013-09-14 01:13 . 2013-09-26 20:27 -------- d-----w- c:\program files\wrapper_inst2013-09-14 00:14 . 2013-09-14 00:14 -------- d-----w- C:\5e6da590d1206310ac5c8b68b22f432013-09-14 00:07 . 2013-09-15 16:37 -------- d-----w- c:\windows\system32\drivers\N3602013-09-14 00:07 . 2013-09-14 00:07 -------- d-----w- c:\program files\Norton 360 Premier Edition2013-09-13 22:27 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys2013-09-13 22:27 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023.sys2013-09-13 21:24 . 2013-09-13 21:24 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll2013-09-13 21:24 . 2013-09-13 21:24 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll2013-09-13 21:24 . 2013-09-13 21:24 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll2013-09-13 21:24 . 2013-09-13 21:24 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll2013-09-13 21:24 . 2013-09-13 21:24 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll2013-09-13 21:23 . 2013-09-13 21:24 -------- d-----w- c:\program files\QuickTime2013-09-13 21:23 . 2013-09-13 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer2013-09-12 19:59 . 2013-09-12 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles2013-09-12 19:40 . 2008-10-23 07:09 453152 ----a-w- c:\windows\system32\nvudisp.exe2013-09-12 19:21 . 2013-09-12 19:21 -------- d-----w- c:\windows\system32\wbem\Repository2013-09-12 19:04 . 2013-09-12 19:14 -------- d-----w- c:\windows\NV59845980.TMP2013-09-12 18:56 . 2013-09-12 19:45 -------- d-----w- c:\windows\nview2013-09-12 18:56 . 2013-09-12 19:14 -------- d-----w- c:\windows\NV27966000.TMP2013-09-12 18:55 . 2008-10-21 04:16 453152 ----a-w- c:\windows\system32\NVUNINST.EXE2013-09-12 18:30 . 2013-09-12 18:34 1072544 ----a-w- c:\windows\system32\nvdrsdb0.bin2013-09-12 18:30 . 2013-09-12 18:34 1 ----a-w- c:\windows\system32\nvdrssel.bin2013-09-12 18:30 . 2013-09-12 18:30 1072544 ----a-w- c:\windows\system32\nvdrsdb1.bin2013-09-12 18:29 . 2013-01-31 11:22 892704 ----a-w- c:\windows\system32\nvdispgenco32.dll2013-09-12 18:29 . 2013-01-31 11:22 5967872 ----a-w- c:\windows\system32\nvopencl.dll2013-09-12 18:29 . 2013-01-31 11:22 2581792 ----a-w- c:\windows\system32\nvcuvid.dll2013-09-12 18:29 . 2013-01-31 11:22 1869088 ----a-w- c:\windows\system32\nvcuvenc.dll2013-09-12 18:29 . 2013-01-31 11:22 1010464 ----a-w- c:\windows\system32\nvdispco32.dll2013-09-12 18:29 . 2013-01-31 11:22 17551360 ----a-w- c:\windows\system32\nvcompiler.dll2013-09-12 18:15 . 2013-09-12 19:12 -------- d-----w- c:\program files\NVIDIA Corporation2013-09-12 18:05 . 2013-09-12 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA2013-09-04 17:48 . 2013-09-04 17:48 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache2013-09-04 17:47 . 2013-09-04 17:47 17408 ----a-w- c:\windows\system32\rpcnetp.dll2013-09-04 17:44 . 2013-09-04 17:44 17408 ----a-w- c:\windows\system32\rpcnetp.exe...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-10-04 16:01 . 2012-04-01 15:26 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-10-04 16:01 . 2012-02-12 01:50 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-10-04 03:40 . 2009-08-18 17:30 564632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll2013-10-04 03:39 . 2009-08-18 17:24 22240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2013-09-14 00:09 . 2012-02-01 23:43 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL2013-09-14 00:09 . 2012-02-01 23:43 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS2013-08-09 01:56 . 2004-08-11 23:00 386560 ----a-w- c:\windows\system32\themeui.dll2013-08-08 06:05 . 2004-08-11 23:00 920064 ----a-w- c:\windows\system32\wininet.dll2013-08-08 06:05 . 2004-08-11 23:00 43520 ------w- c:\windows\system32\licmgr10.dll2013-08-08 06:05 . 2004-08-11 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl2013-08-08 06:05 . 2004-08-11 23:00 18944 ----a-w- c:\windows\system32\corpol.dll2013-08-08 01:27 . 2004-08-11 23:00 1877760 ------w- c:\windows\system32\win32k.sys2013-08-08 00:02 . 2004-08-11 23:00 385024 ------w- c:\windows\system32\html.iec2013-08-05 13:30 . 2004-08-11 23:00 1289728 ----a-w- c:\windows\system32\ole32.dll2013-08-03 19:18 . 2006-10-19 02:47 1543680 ----a-w- c:\windows\system32\wmvdecod.dll2013-07-10 10:37 . 2004-08-11 23:00 406016 ----a-w- c:\windows\system32\usp10.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "mscoree.dll" [2009-11-07 297808].[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}][HKEY_CLASSES_ROOT\agihelper.AGUtils].[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]2009-11-07 06:07 297808 ----a-w- c:\windows\system32\mscoree.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2006-04-07 1343488]"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2013-04-11 90624].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-18 851968]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-23 13549568]"nwiz"="nwiz.exe" [2008-10-23 1630208]"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]"Launch LCDMon"="c:\program files\Common Files\Logitech\LCD Manager\LCDMon.exe" [2007-07-18 775952]"SigmatelSysTrayApp"="stsystra.exe" [2007-07-17 405504]"InstaLAN"="c:\program files\CenturyLink\Home Network Manager\HomeNetworkManager.exe" [2009-10-05 1144128]"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-10 16384]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-23 86016]"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2008-02-22 1245184]"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-06-17 296056]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"NVHotkey"="nvHotkey.dll" [2008-10-23 90112]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 0 (0x0).[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]2010-01-19 21:03 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\0autocheck autochk *.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver".[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Microsoft Games\\Halo 2\\halo2.exe"="c:\\WINDOWS\\system32\\ftp.exe"="c:\\Program Files\\Family Tree Maker 2009\\FTM.exe"="c:\\WINDOWS\\system32\\fxsclnt.exe"="c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="c:\\WINDOWS\\system32\\muzapp.exe"="c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"="c:\\Program Files\\Steam\\Steam.exe"="c:\\Program Files\\Steam\\steamapps\\common\\warhammer 40,000 space marine demo\\spacemarine.exe"="c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=.R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0604010.00E\symds.sys [9/14/2013 2:26 PM 340088]R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0604010.00E\symefa.sys [9/14/2013 2:26 PM 924320]R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [9/21/2013 11:07 PM 45288]S0 mweetla;mweetla;c:\windows\system32\drivers\kxhtd.sys --> c:\windows\system32\drivers\kxhtd.sys [?]S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20130924.001\BHDrvx86.sys [9/23/2013 11:37 PM 1097304]S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0604010.00E\ccsetx86.sys [9/14/2013 2:26 PM 132768]S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0604010.00E\ironx86.sys [9/14/2013 2:26 PM 149624]S2 AGCoreService;AG Core Services;"c:\program files\AGI\core\4.2.0.10754\AGCoreService.exe" --> c:\program files\AGI\core\4.2.0.10754\AGCoreService.exe [?]S2 AQFileRestoreSrv;AQFileRestoreSrv;"c:\program files\Avanquest\SystemSuite\AQFileRestoreSrv.exe" --> c:\program files\Avanquest\SystemSuite\AQFileRestoreSrv.exe [?]S2 gupdate1ca28cac94c7e3e;Google Update Service (gupdate1ca28cac94c7e3e);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]S2 HidCom;USB-HID -> COM Driver Service;c:\windows\system32\drivers\HidCom.sys [1/6/2008 8:11 PM 21016]S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/14/2013 12:12 AM 418376]S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/1/2012 4:52 PM 701512]S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [5/4/2011 4:04 PM 25824]S2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\6.4.1.14\ccsvchst.exe [9/14/2013 2:26 PM 138272]S2 pcregservice;pcregservice Service;c:\program files\wrapper_inst\file_to_run.exe [9/13/2013 8:13 PM 31344]S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [6/1/2011 11:42 AM 14088]S3 AQFileRestore;AQFileRestore;c:\windows\system32\DRIVERS\AQFileRestore.sys --> c:\windows\system32\DRIVERS\AQFileRestore.sys [?]S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/13/2013 9:07 PM 108120]S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20131003.001\IDSXpx86.sys [10/3/2013 5:36 PM 380832]S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 11:09 PM 267568]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/1/2012 4:51 PM 22856]S3 physX32;physX32;c:\windows\system32\drivers\physX32.sys [12/21/2007 5:25 AM 117888]S3 TFilter;TFilter;\??\c:\progra~1\Avanquest\SystemSuite\TFilter.sys --> c:\progra~1\Avanquest\SystemSuite\TFilter.sys [?].Contents of the 'Scheduled Tasks' folder.2013-09-27 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57].2013-10-04 c:\windows\Tasks\ConfigExec.job- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 04:09].2013-10-04 c:\windows\Tasks\DataUpload.job- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 04:09].2013-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-110049081-3069564722-2619245935-1005Core.job- c:\documents and settings\Moses\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-04 00:47].2013-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-110049081-3069564722-2619245935-1005UA.job- c:\documents and settings\Moses\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-04 00:47].2013-09-22 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job- c:\program files\Microsoft IntelliPoint\ipoint.exe [2011-08-01 20:56].2013-10-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-110049081-3069564722-2619245935-1005.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 23:21].2013-09-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-110049081-3069564722-2619245935-1005.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 23:21].2013-10-04 c:\windows\Tasks\ReclaimerUpdateFiles_Moses.job- c:\documents and settings\Moses\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-10 20:53].2013-10-04 c:\windows\Tasks\ReclaimerUpdateXML_Moses.job- c:\documents and settings\Moses\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-10 20:53].2013-10-04 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Moses.job- c:\documents and settings\Moses\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-10 20:53].2013-10-04 c:\windows\Tasks\User_Feed_Synchronization-{DB70761C-307A-4237-8C57-61685BA35B49}.job- c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]..------- Supplementary Scan -------.IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.htmlIE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmTrusted Zone: dell.comTCP: DhcpNameServer = 192.168.2.1.- - - - ORPHANS REMOVED - - - -.Toolbar-SITEguard - (no file)WebBrowser-{84A6AEA7-C34B-4246-9A00-05AD7A36BF00} - (no file)HKCU-Run-Windows Update Service - c:\program files\Common Files\Windows Update Service0\wfwhhydlr.exeAddRemove-{2857dbef-0b50-361c-8690-7d505747009f} - c:\program files\AGI\core\4.2.0.10754\InstallerGUI.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-10-04 11:41Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]"ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\6.4.1.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\6.4.1.14\diMaster.dll\" /prefetch:1".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-110049081-3069564722-2619245935-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]"??"=hex:97,21,e3,41,95,5a,56,1e,b4,71,58,2a,c4,8a,f1,5e,d5,08,2f,7c,6c,44,d8, 2a,cd,65,75,f6,bd,c9,18,ee,6a,2b,a1,58,c1,70,98,b4,b7,c9,d4,33,1f,12,ff,c1,\"??"=hex:a8,0a,85,e3,4a,c1,ca,14,f4,4b,cf,5c,5b,9e,80,82.[HKEY_USERS\S-1-5-21-110049081-3069564722-2619245935-1005\Software\SecuROM\License information*]"datasecu"=hex:6e,d3,5f,06,03,7a,fb,d8,87,52,47,f6,1f,0c,13,08,38,e5,05,4b,8c, f6,e7,18,32,6c,b7,0f,84,27,e4,55,3f,c1,69,0e,d4,f2,bd,de,d5,42,d2,02,67,6b,\"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@DACL=(02 0010)@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@DACL=(02 0010)@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@DACL=(02 0010)@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(308)c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dllc:\windows\System32\BCMLogon.dll.Completion time: 2013-10-04 11:43:48ComboFix-quarantined-files.txt 2013-10-04 16:43.Pre-Run: 91,203,444,736 bytes freePost-Run: 91,171,299,328 bytes free.- - End Of File - - 8D2A620FA4BD24573F5EAA76D94E10CA5CB90281D1A59B251F6603134774EEC3
  8. I ran the eset that took a very long time and it said there were 27 items found and removed however there is no log txt to be found in the eset file mentioned.
  9. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-10-2013 Ran by Moses at 2013-10-03 20:49:22 Run:1 Running from C:\FRST\Logs Boot Mode: Normal ============================================== Content of fixlist: ***************** IMEO\hijackthis.exe: [Debugger] kbqiypzy_.exe IMEO\housecalllauncher.exe: [Debugger] pghyfxdb_.exe IMEO\rstrui.exe: [Debugger] j_.exe IMEO\spybotsd.exe: [Debugger] sttezftc_.exe ***************** HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hijackthis.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\housecalllauncher.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rstrui.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spybotsd.exe => Key deleted successfully. ==== End of Fixlog ====
  10. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013 Ran by Moses (administrator) on SHUTTLE on 03-10-2013 19:18:23 Running from C:\Documents and Settings\Moses\My Documents\Downloads Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== () C:\WINDOWS\System32\WLTRYSVC.EXE (Dell Inc.) C:\WINDOWS\System32\bcmwltry.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (Affinegy, Inc.) C:\Program Files\CenturyLink\Home Network Manager\AffinegyService.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Memeo) C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Symantec Corporation) C:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\ccSvcHst.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe () C:\Program Files\wrapper_inst\file_to_run.exe (Memeo) C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Microsoft Corporation) C:\WINDOWS\system32\tcpsvcs.exe (SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SigmaTel, Inc.) C:\WINDOWS\system32\STacSV.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Symantec Corporation) C:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\ccSvcHst.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Dell Inc.) C:\WINDOWS\system32\WLTRAY.exe (Logitech Inc.) C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe (SigmaTel, Inc.) C:\WINDOWS\stsystra.exe (Logitech Inc.) C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe (Logitech Inc.) C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe (Logitech Inc.) C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\Quickset.exe (Logitech Inc.) C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe (RealNetworks, Inc.) C:\program files\real\realplayer\update\realsched.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (AWS Convergence Technologies, Inc.) C:\Program Files\AWS\WeatherBug\Weather.exe (Google Inc.) C:\Documents and Settings\Moses\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Moses\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Moses\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Moses\Local Settings\Application Data\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [851968 2007-07-17] (Synaptics, Inc.) HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [nwiz] - nwiz.exe /installquiet HKLM\...\Run: [broadcom Wireless Manager UI] - C:\WINDOWS\system32\WLTRAY.exe [1392640 2007-03-16] (Dell Inc.) HKLM\...\Run: [Launch LCDMon] - C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe [775952 2007-07-17] (Logitech Inc.) HKLM\...\Run: [sigmatelSysTrayApp] - C:\Windows\stsystra.exe [405504 2007-07-17] (SigmaTel, Inc.) HKLM\...\Run: [instaLAN] - C:\Program Files\CenturyLink\Home Network Manager\HomeNetworkManager.exe [1144128 2009-10-05] (Affinegy, Inc.) HKLM\...\Run: [dscactivate] - C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2007-10-09] ( ) HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [Dell QuickSet] - C:\Program Files\Dell\QuickSet\Quickset.exe [1245184 2008-02-22] (Dell Inc.) HKLM\...\Run: [iSUSPM Startup] - C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation) HKLM\...\Run: [TkBellExe] - C:\program files\real\realplayer\update\realsched.exe [296056 2012-06-17] (RealNetworks, Inc.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [NVHotkey] - rundll32.exe nvHotkey.dll,Start HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [intelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1821576 2011-08-01] (Microsoft Corporation) HKLM\...\Run: [Windows Update Service] - "C:\Program Files\Common Files\Windows Update Service0\wfwhhydlr.exe" Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.) HKLM\...\Policies\Explorer: [NoCDBurning] 0 HKCU\...\Run: [Weather] - C:\Program Files\AWS\WeatherBug\Weather.exe [1343488 2006-04-07] (AWS Convergence Technologies, Inc.) HKCU\...\Run: [showBatteryBar] - C:\Program Files\BatteryBar\ShowBatteryBar.exe [90624 2013-04-11] () HKCU\...\Run: [Windows Update Service] - "C:\Program Files\Common Files\Windows Update Service0\wfwhhydlr.exe" IMEO\hijackthis.exe: [Debugger] kbqiypzy_.exe IMEO\housecalllauncher.exe: [Debugger] pghyfxdb_.exe IMEO\rstrui.exe: [Debugger] j_.exe IMEO\spybotsd.exe: [Debugger] sttezftc_.exe BootExecute: autocheck autochk /r \??\C:autocheck autochk * ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: agihelper.AGUtils - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) SearchScopes: HKLM - DefaultScope {0BC6E3FA-78EF-4886-842C-5A1258C4455A} URL = http://search.imgag.com/?appid=wsdt&component=&c=GNWSO38311&sbs=2&sc=2&f=web&vernum=3.1.5.7619&uid=0&did=%7b6a7bcc30-2685-4654-aeb0-417ddedb49e2%7d&q={searchTerms} SearchScopes: HKLM - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} URL = http://search.imgag.com/?appid=wsdt&component=&c=GNWSO38311&sbs=2&sc=2&f=web&vernum=3.1.5.7619&uid=0&did=%7b6a7bcc30-2685-4654-aeb0-417ddedb49e2%7d&q={searchTerms} SearchScopes: HKLM - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS} SearchScopes: HKLM - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YKxdm003V4us&ptb=F5C214D8-D47B-41F8-924E-27CBB4ED328A&psa=&ind=2011080122&ptnrS=YKxdm003V4us&si=CKCdyKTOr6oCFQ7MKgodVTY89Q&st=sb&n=77dea5ba&searchfor={searchTerms} SearchScopes: HKCU - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} URL = http://search.imgag.com/?appid=wsdt&component=&c=GNWSO38311&sbs=2&sc=2&f=web&vernum=3.1.5.7619&uid=0&did=%7b6a7bcc30-2685-4654-aeb0-417ddedb49e2%7d&q={searchTerms} SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://blekkosearch.mystart.com/blekkotb_soc/?source=86adbc52&tbp=rbox&toolbarid=blekkotb_soc&u=20120505F50846F19A491EA75DEFAF8D&q={searchTerms} SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis SearchScopes: HKCU - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YKxdm003V4us&ptb=F5C214D8-D47B-41F8-924E-27CBB4ED328A&psa=&ind=2011080122&ptnrS=YKxdm003V4us&si=CKCdyKTOr6oCFQ7MKgodVTY89Q&st=sb&n=77dea5ba&searchfor={searchTerms} SearchScopes: HKCU - {E38984B5-F962-4D01-8CED-5C73AA668B9F} URL = https://startpage.com/do/metasearch.pl?query={searchTerms}&cat=web&pl=ie&language=english BHO: agihelper.AGUtils - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - No File BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation) BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\IPS\IPSBHO.DLL (Symantec Corporation) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - No Name - {84A6AEA7-C34B-4246-9A00-05AD7A36BF00} - No File Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: {01113300-3E00-11D2-8470-0060089874ED} http://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/viewers/ipixx.cab DPF: {15B782AF-55D8-11D1-B477-006097098764} http://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.support.microsoft.com/ActiveX/FixItClient.CAB DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemrequirementslab.com/sysreqlab2.cab DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} https://www.lojackforlaptops.com/ctmweb/testoc.cab DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} http://www.parallelgraphics.com/l2/bin/cortvrml.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://crucial.com/controls/cpcScanner.cab DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} http://fdl.msn.com/public/investor/v13/ticker.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Chrome: ======= CHR Extension: (Google Docs) - C:\DOCUME~1\Moses\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\DOCUME~1\Moses\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\DOCUME~1\Moses\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\DOCUME~1\Moses\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\DOCUME~1\Moses\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_1 CHR Extension: (The Simple Life) - C:\DOCUME~1\Moses\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\jjbgfbonmdidcihleedajlcaidfhffac\1_0 CHR Extension: (Norton Identity Protection) - C:\DOCUME~1\Moses\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.18.4_1 CHR Extension: (Chrome In-App Payments service) - C:\DOCUME~1\Moses\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1 CHR Extension: (Gmail) - C:\DOCUME~1\Moses\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\Exts\Chrome.crx CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Moses\Local Settings\Application Data\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-11] (SUPERAntiSpyware.com) R2 AffinegyService; C:\Program Files\CenturyLink\Home Network Manager\AffinegyService.exe [390464 2009-10-05] (Affinegy, Inc.) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [25824 2011-05-04] (Memeo) R2 N360; C:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\diMaster.dll [309688 2012-04-12] (Symantec Corporation) R2 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [475136 2008-02-22] (Dell Inc.) R2 pcregservice; C:\Program Files\wrapper_inst\file_to_run.exe [31344 2013-09-13] () R2 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2011-06-01] (Memeo) R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-13] (SupportSoft, Inc.) R2 STacSV; C:\WINDOWS\system32\STacSV.exe [94208 2007-07-17] (SigmaTel, Inc.) S3 Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [394704 2008-01-29] (Symantec, Inc.) R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [1253376 2007-03-16] (Dell Inc.) S2 AGCoreService; "C:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe" [x] S2 AQFileRestoreSrv; "C:\Program Files\Avanquest\SystemSuite\AQFileRestoreSrv.exe" [x] S2 gupdate1ca28cac94c7e3e; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [x] S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [x] R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" S2 MaxBackServiceInt; "C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe" [x] S2 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x] ==================== Drivers (Whitelisted) ==================== S3 AFGSp50; C:\Windows\System32\Drivers\AFGSp50.sys [27072 2009-09-25] (Printing Communications Assoc., Inc. (PCAUSA)) R1 APPDRV; C:\Windows\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) R3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [161792 2007-07-17] (Broadcom Corporation) R2 BASFND; C:\Program Files\Broadcom\BACS\BASFND.sys [10480 2007-06-20] (Broadcom Corporation) R3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl5.sys [604928 2007-03-16] (Broadcom Corporation) R1 BHDrvx86; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20130924.001\BHDrvx86.sys [1097304 2013-09-23] (Symantec Corporation) R3 btaudio; C:\Windows\System32\drivers\btaudio.sys [328237 2006-05-24] (Broadcom Corporation.) S3 BTDriver; C:\Windows\System32\DRIVERS\btport.sys [30427 2006-05-24] (Broadcom Corporation.) R3 BTKRNL; C:\Windows\System32\DRIVERS\btkrnl.sys [851434 2006-05-24] (Broadcom Corporation.) R2 BTSERIAL; C:\WINDOWS\system32\drivers\btserial.sys [23271 2006-05-24] (Broadcom Corporation.) S3 BTWDNDIS; C:\Windows\System32\DRIVERS\btwdndis.sys [148900 2006-05-24] (Broadcom Corporation.) S3 btwhid; C:\Windows\System32\DRIVERS\btwhid.sys [45683 2006-05-24] (Broadcom Corporation.) S3 btwmodem; C:\Windows\System32\DRIVERS\btwmodem.sys [30285 2006-05-24] (Broadcom Corporation.) R3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [66488 2006-05-24] (Broadcom Corporation.) R1 ccSet_N360; C:\Windows\system32\drivers\N360\0604010.00E\ccSetx86.sys [132768 2012-06-06] (Symantec Corporation) R1 Cdr4_xp; C:\Windows\System32\Drivers\Cdr4_xp.sys [9072 2009-10-20] (Sonic Solutions) R1 Cdralw2k; C:\Windows\System32\Drivers\Cdralw2k.sys [9200 2009-10-20] (Sonic Solutions) R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-09-24] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-09-13] (Symantec Corporation) S2 HidCom; C:\Windows\System32\DRIVERS\HidCom.sys [21016 2004-08-10] (Cypress Semiconductor) R3 IDSxpx86; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20131003.001\IDSxpx86.sys [380832 2013-09-13] (Symantec Corporation) S3 LHidUsbK; C:\Windows\System32\Drivers\LHidUsbK.Sys [36736 2006-03-28] (Logitech, Inc.) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) S3 MPE; C:\Windows\System32\DRIVERS\MPE.sys [15104 2004-07-09] (Microsoft Corporation) S3 MXOPSWD; C:\Windows\System32\DRIVERS\mxopswd.sys [15360 2005-04-06] (Maxtor Corp.) R3 NAVENG; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20131003.009\NAVENG.SYS [93272 2013-09-24] (Symantec Corporation) R3 NAVEX15; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20131003.009\NAVEX15.SYS [1612376 2013-09-24] (Symantec Corporation) S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) S3 NSNDIS5; C:\WINDOWS\system32\NSNDIS5.SYS [17280 2004-03-23] (Printing Communications Assoc., Inc. (PCAUSA)) R3 OEM02Afx; C:\WINDOWS\system32\Drivers\OEM02Afx.sys [141376 2007-06-07] (Creative Technology Ltd.) S3 RT25USBAP; C:\Windows\System32\DRIVERS\rt25usbap.sys [162816 2006-04-10] (Ralink Technology Inc.) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 ser2plms; C:\Windows\System32\DRIVERS\ser2plms.sys [42240 2004-07-22] (Prolific Technology Inc.) R1 SRTSP; C:\Windows\System32\Drivers\N360\0604010.00E\SRTSP.SYS [574112 2012-07-05] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360\0604010.00E\SRTSPX.SYS [32928 2012-07-05] (Symantec Corporation) R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1222840 2007-07-17] (SigmaTel, Inc.) R0 SymDS; C:\Windows\System32\drivers\N360\0604010.00E\SYMDS.SYS [340088 2011-08-16] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360\0604010.00E\SYMEFA.SYS [924320 2012-05-21] (Symantec Corporation) R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [141944 2013-09-13] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360\0604010.00E\Ironx86.SYS [149624 2011-11-16] (Symantec Corporation) R1 SYMTDI; C:\Windows\System32\Drivers\N360\0604010.00E\SYMTDI.SYS [388216 2011-11-16] (Symantec Corporation) S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [530944 2008-03-06] (eMPIA Technology, Inc.) S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [45696 2007-04-25] (eMPIA Technology, Inc.) S3 AFGMp50; System32\Drivers\AFGMp50.sys [x] S3 AQFileRestore; system32\DRIVERS\AQFileRestore.sys [x] S3 catchme; \??\C:\DOCUME~1\Moses\LOCALS~1\Temp\catchme.sys [x] S3 LMouKE; system32\DRIVERS\LMouKE.Sys [x] S0 mweetla; System32\drivers\kxhtd.sys [x] S3 neokdss; system32\Drivers\neokdss.sys [x] S3 rt2870; system32\DRIVERS\rt2870.sys [x] S3 SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys [x] U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) S3 TFilter; \??\C:\PROGRA~1\Avanquest\SystemSuite\TFilter.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-03 19:18 - 2013-10-03 19:18 - 00000000 ____D C:\FRST 2013-10-03 17:15 - 2013-10-03 18:46 - 00000000 __SHD C:\Program Files\Common Files\Windows Update Service0 2013-10-03 17:02 - 2013-10-03 17:02 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG 2013-10-03 17:02 - 2013-10-03 17:02 - 00000000 ____H C:\WINDOWS\system32\config\SYSTEM.tmp.LOG 2013-10-03 17:02 - 2013-10-03 17:02 - 00000000 ____H C:\WINDOWS\system32\config\SOFTWARE.tmp.LOG 2013-10-03 17:02 - 2013-10-03 17:02 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG 2013-10-03 17:02 - 2013-10-03 17:02 - 00000000 ____H C:\WINDOWS\system32\config\DEFAULT.tmp.LOG 2013-10-03 16:44 - 2013-10-03 17:16 - 00000000 ____D C:\ComboFix 2013-10-03 16:23 - 2013-10-03 16:24 - 05130107 ____R (Swearware) C:\Documents and Settings\Moses\Desktop\ComboFix.exe 2013-10-03 15:27 - 2013-10-03 15:27 - 00009216 _____ C:\Documents and Settings\Moses\Desktop\MAYO.wps 2013-10-03 12:33 - 2013-10-03 12:33 - 00000000 _RSHD C:\cmdcons 2013-10-03 12:33 - 2012-02-19 23:11 - 00000211 _____ C:\Boot.bak 2013-10-03 12:33 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr 2013-10-03 12:25 - 2011-06-26 01:45 - 00256000 _____ C:\WINDOWS\PEV.exe 2013-10-03 12:25 - 2010-11-07 12:20 - 00208896 _____ C:\WINDOWS\MBR.exe 2013-10-03 12:25 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe 2013-10-03 12:25 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe 2013-10-03 12:25 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe 2013-10-03 12:25 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe 2013-10-03 12:25 - 2000-08-30 19:00 - 00098816 _____ C:\WINDOWS\sed.exe 2013-10-03 12:25 - 2000-08-30 19:00 - 00080412 _____ C:\WINDOWS\grep.exe 2013-10-03 12:25 - 2000-08-30 19:00 - 00068096 _____ C:\WINDOWS\zip.exe 2013-10-02 22:15 - 2013-10-03 17:04 - 00000000 ____D C:\Qoobox 2013-10-02 22:13 - 2013-10-03 17:02 - 00000000 ____D C:\WINDOWS\erdnt 2013-10-02 17:24 - 2013-10-02 17:24 - 00110592 _____ C:\WINDOWS\Minidump\Mini100213-02.dmp 2013-10-02 11:22 - 2013-10-02 11:22 - 00012800 _____ C:\Documents and Settings\Moses\Desktop\Chicken-n-Slicks.wps 2013-10-02 00:11 - 2013-10-02 00:11 - 00110592 _____ C:\WINDOWS\Minidump\Mini100213-01.dmp 2013-10-01 22:26 - 2013-10-01 22:26 - 00110592 _____ C:\WINDOWS\Minidump\Mini100113-02.dmp 2013-10-01 21:04 - 2013-10-02 20:33 - 00000000 ____D C:\Documents and Settings\Moses\Desktop\mbar 2013-10-01 21:01 - 2013-10-01 21:03 - 12907592 _____ (Malwarebytes Corp.) C:\Documents and Settings\Moses\Desktop\mbar-1.07.0.1005.exe 2013-10-01 15:55 - 2013-10-01 15:55 - 00006600 _____ C:\Documents and Settings\Moses\Desktop\RKreport[0]_S_10012013_155516.txt 2013-10-01 15:50 - 2013-10-01 15:55 - 00000000 ____D C:\Documents and Settings\Moses\Desktop\RK_Quarantine 2013-10-01 15:50 - 2013-10-01 15:50 - 00948736 _____ C:\Documents and Settings\Moses\Desktop\RogueKiller.exe 2013-10-01 15:05 - 2013-10-01 15:12 - 00023133 _____ C:\Documents and Settings\Moses\Desktop\dds.txt 2013-10-01 15:05 - 2013-10-01 15:11 - 00025728 _____ C:\Documents and Settings\Moses\Desktop\attach.txt 2013-10-01 14:51 - 2013-10-01 14:51 - 00110592 _____ C:\WINDOWS\Minidump\Mini100113-01.dmp 2013-10-01 14:41 - 2013-10-01 14:41 - 00688992 ____R (Swearware) C:\Documents and Settings\Moses\Desktop\dds.com 2013-09-29 11:45 - 2013-09-29 11:45 - 00009216 _____ C:\Documents and Settings\Moses\Desktop\MALWARE.wps 2013-09-28 19:07 - 2013-09-28 19:07 - 00010240 _____ C:\Documents and Settings\Moses\Desktop\Christmas.wps 2013-09-28 01:12 - 2013-09-28 14:28 - 00000000 ____D C:\Documents and Settings\Moses\My Documents\Webshots 2013-09-28 01:11 - 2013-09-28 01:11 - 00000000 ____D C:\Documents and Settings\Moses\My Documents\WebShots Playlist 2013-09-28 01:10 - 2013-09-28 01:22 - 62821672 _____ (Webshots ) C:\Documents and Settings\Moses\My Documents\wallscreen-latest (1).exe 2013-09-28 00:56 - 2013-09-28 01:07 - 62821672 _____ (Webshots ) C:\Documents and Settings\Moses\My Documents\wallscreen-latest.exe 2013-09-24 19:42 - 2013-09-25 00:41 - 00000000 ____D C:\Documents and Settings\Moses\Desktop\Smoothie and Juice 2013-09-23 15:27 - 2013-09-23 15:27 - 00009728 _____ C:\Documents and Settings\Moses\Desktop\Chili 'Pie'.wps 2013-09-21 23:08 - 2013-09-22 02:20 - 00000290 _____ C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job 2013-09-21 23:08 - 2013-09-21 23:08 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_point32_01009.Wdf 2013-09-21 23:08 - 2013-09-21 23:08 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_dc3d_01009.Wdf 2013-09-21 23:08 - 2013-09-21 23:08 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Mouse 2013-09-21 23:08 - 2011-08-01 15:56 - 00040936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\point32.sys 2013-09-21 23:07 - 2013-09-21 23:07 - 00004259 _____ C:\WINDOWS\Wdf01009Inst.log 2013-09-21 23:07 - 2013-09-21 23:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallWdf01009$ 2013-09-21 23:07 - 2013-09-21 23:07 - 00000000 ____H C:\WINDOWS\system32\Drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf 2013-09-21 23:07 - 2011-08-01 15:56 - 01461992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdfcoinstaller01009.dll 2013-09-21 23:07 - 2011-08-01 15:56 - 00045288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dc3d.sys 2013-09-21 23:07 - 2008-11-07 18:55 - 00016928 _____ (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll 2013-09-21 23:06 - 2013-09-21 23:06 - 00000000 ____D C:\Program Files\Microsoft IntelliPoint 2013-09-19 01:15 - 2013-09-19 01:15 - 00019456 _____ C:\Documents and Settings\Moses\Desktop\Slow Cooker Beef Bourguignon.wps 2013-09-18 00:15 - 2013-09-18 00:15 - 00000000 ____D C:\Documents and Settings\Moses\Local Settings\Application Data\MFAData 2013-09-18 00:15 - 2013-09-18 00:15 - 00000000 ____D C:\Documents and Settings\Moses\Local Settings\Application Data\Avg2014 2013-09-18 00:15 - 2013-09-18 00:15 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData 2013-09-18 00:09 - 2013-09-18 00:34 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PC1Data 2013-09-18 00:09 - 2013-09-18 00:08 - 05402832 _____ (PC Cleaners) C:\Documents and Settings\All Users\Application Data\pclunst.exe 2013-09-17 23:29 - 2013-09-17 23:29 - 00000000 ____D C:\Documents and Settings\Moses\Application Data\QuickScan 2013-09-17 23:24 - 2013-09-17 23:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee 2013-09-17 16:17 - 2013-10-03 17:15 - 00000000 __SHD C:\Program Files\Common Files\Microsoft Webupdater0 2013-09-16 22:43 - 2013-09-18 01:03 - 00000000 ____D C:\Documents and Settings\Moses\Application Data\tor 2013-09-16 22:42 - 2013-09-18 01:20 - 00000000 ____D C:\Documents and Settings\Moses\Application Data\Aryf 2013-09-16 22:42 - 2013-09-17 23:00 - 00000000 ____D C:\Documents and Settings\Moses\Application Data\Xiwie 2013-09-15 14:44 - 2013-09-15 14:46 - 00000000 ____D C:\Documents and Settings\Moses\Start Menu\Programs\Vista Games 2013-09-15 14:44 - 2013-09-15 14:46 - 00000000 ____D C:\Documents and Settings\Moses\Local Settings\Application Data\Microsoft Games 2013-09-15 14:44 - 2013-09-15 14:44 - 00000000 ____D C:\Documents and Settings\Moses\My Documents\Microsoft Games 2013-09-15 14:42 - 2013-09-15 14:42 - 00000000 ____D C:\Program Files\Vista Games 2013-09-15 14:42 - 2007-05-17 07:55 - 00061440 _____ (Rafael & ZoRoNaX) C:\WINDOWS\system32\Vista.Emulation.dll 2013-09-15 13:18 - 2013-10-01 20:39 - 00000000 ____D C:\Documents and Settings\Moses\Local Settings\Application Data\SySaver 2013-09-15 01:45 - 2013-09-15 01:45 - 04663296 _____ C:\Documents and Settings\Moses\My Documents\Little Go Bipe.wps 2013-09-14 17:30 - 2013-09-14 17:30 - 00009728 _____ C:\Documents and Settings\Moses\Desktop\Dell DVD DRIVE.wps 2013-09-14 12:43 - 2013-09-14 12:43 - 00139192 _____ C:\WINDOWS\KB2870699-IE8.log 2013-09-14 12:38 - 2013-09-14 12:38 - 00132666 _____ C:\WINDOWS\KB2834886.log 2013-09-14 12:38 - 2013-09-14 12:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$ 2013-09-14 12:38 - 2013-09-14 12:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2758857$ 2013-09-14 12:28 - 2013-09-14 12:28 - 00129216 _____ C:\WINDOWS\KB2834904-v2.log 2013-09-14 12:28 - 2013-09-14 12:28 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$ 2013-09-14 12:28 - 2013-09-14 12:28 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2802968$ 2013-09-14 12:27 - 2013-09-14 12:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$ 2013-09-14 12:27 - 2013-09-14 12:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2780091$ 2013-09-14 12:25 - 2013-09-14 12:25 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876315$ 2013-09-14 12:25 - 2013-09-14 12:25 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$ 2013-09-14 12:20 - 2013-09-14 12:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$ 2013-09-14 12:13 - 2013-09-14 12:13 - 00131753 _____ C:\WINDOWS\KB2753842-v2.log 2013-09-14 12:13 - 2013-09-14 12:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$ 2013-09-14 12:13 - 2013-09-14 12:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2770660$ 2013-09-14 12:13 - 2013-09-14 12:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2753842-v2$ 2013-09-14 12:03 - 2013-09-14 12:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$ 2013-09-14 12:02 - 2013-09-14 12:02 - 00130837 _____ C:\WINDOWS\KB2807986.log 2013-09-14 12:02 - 2013-09-14 12:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2807986$ 2013-09-14 12:01 - 2013-09-14 12:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2820917$ 2013-09-14 12:00 - 2013-09-14 12:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2757638$ 2013-09-14 11:59 - 2013-09-14 11:59 - 00130600 _____ C:\WINDOWS\KB2820197.log 2013-09-14 11:59 - 2013-09-14 11:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2820197$ 2013-09-14 11:58 - 2013-09-14 11:58 - 00127218 _____ C:\WINDOWS\KB2863058.log 2013-09-14 11:58 - 2013-09-14 11:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$ 2013-09-14 11:58 - 2013-09-14 11:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2749655$ 2013-09-14 11:57 - 2013-09-14 11:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$ 2013-09-14 11:56 - 2013-09-14 11:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2727528$ 2013-09-14 11:44 - 2013-09-14 11:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2661254-v2$ 2013-09-14 11:43 - 2013-09-14 11:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2813345$ 2013-09-14 11:19 - 2013-09-14 11:29 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-09-14 11:10 - 2013-09-14 11:10 - 00013312 _____ C:\Documents and Settings\Moses\Desktop\BofA 09-16-12.wps 2013-09-14 00:12 - 2013-09-14 00:12 - 00712264 _____ C:\WINDOWS\is-JEM1A.exe 2013-09-14 00:12 - 2013-09-14 00:12 - 00011277 _____ C:\WINDOWS\is-JEM1A.msg 2013-09-14 00:12 - 2013-09-14 00:12 - 00000418 _____ C:\WINDOWS\is-JEM1A.lst 2013-09-13 23:04 - 2013-09-13 23:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Kristanix Games 2013-09-13 22:52 - 2013-09-13 22:52 - 00001168 _____ C:\WINDOWS\msvxdll.ini 2013-09-13 22:38 - 2013-09-13 22:38 - 00000000 ____D C:\Program Files\Softgame Company 2013-09-13 20:14 - 2013-10-02 22:17 - 00000368 _____ C:\WINDOWS\Tasks\At1.job 2013-09-13 20:14 - 2013-10-02 22:17 - 00000298 _____ C:\WINDOWS\Tasks\pcreg.job 2013-09-13 20:13 - 2013-09-26 15:27 - 00000000 ____D C:\Program Files\wrapper_inst 2013-09-13 19:14 - 2013-09-13 19:14 - 00000000 ____D C:\5e6da590d1206310ac5c8b68b22f43 2013-09-13 19:09 - 2013-09-15 11:35 - 00002004 _____ C:\Documents and Settings\All Users\Desktop\Norton 360 Premier Edition.LNK 2013-09-13 19:07 - 2013-09-15 11:37 - 00000000 ____D C:\WINDOWS\system32\Drivers\N360 2013-09-13 19:07 - 2013-09-15 11:35 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Norton 360 Premier Edition 2013-09-13 19:07 - 2013-09-13 19:07 - 00000000 ____D C:\Program Files\Norton 360 Premier Edition 2013-09-13 18:53 - 2013-09-13 19:06 - 00000779 _____ C:\Documents and Settings\Moses\Desktop\Norton Installation Files.lnk 2013-09-13 17:41 - 2013-09-14 12:39 - 00146067 _____ C:\WINDOWS\KB2758857.log 2013-09-13 17:36 - 2013-09-14 12:28 - 00144768 _____ C:\WINDOWS\KB2802968.log 2013-09-13 17:34 - 2013-09-14 12:27 - 00144909 _____ C:\WINDOWS\KB2780091.log 2013-09-13 17:34 - 2013-09-14 12:27 - 00142115 _____ C:\WINDOWS\KB2845187.log 2013-09-13 17:34 - 2013-09-14 12:25 - 00143548 _____ C:\WINDOWS\KB2876315.log 2013-09-13 17:34 - 2013-09-14 12:25 - 00142066 _____ C:\WINDOWS\KB2876217.log 2013-09-13 17:30 - 2013-09-14 12:21 - 00141543 _____ C:\WINDOWS\KB2864063.log 2013-09-13 17:29 - 2013-09-14 12:13 - 00141584 _____ C:\WINDOWS\KB2850869.log 2013-09-13 17:27 - 2013-09-14 12:03 - 00142715 _____ C:\WINDOWS\KB2859537.log 2013-09-13 17:27 - 2013-02-11 19:32 - 00012928 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usb8023x.sys 2013-09-13 17:27 - 2013-02-11 19:32 - 00012928 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usb8023.sys 2013-09-13 17:26 - 2013-09-14 12:01 - 00142899 _____ C:\WINDOWS\KB2820917.log 2013-09-13 17:26 - 2013-09-14 12:00 - 00142080 _____ C:\WINDOWS\KB2757638.log 2013-09-13 17:26 - 2013-09-14 11:59 - 00142372 _____ C:\WINDOWS\KB2749655.log 2013-09-13 17:25 - 2013-09-14 11:56 - 00140492 _____ C:\WINDOWS\KB2727528.log 2013-09-13 17:24 - 2013-09-14 11:44 - 00141302 _____ C:\WINDOWS\KB2661254-v2.log 2013-09-13 17:23 - 2013-09-14 11:43 - 00143370 _____ C:\WINDOWS\KB2813345.log 2013-09-13 16:23 - 2013-09-13 16:24 - 00000000 ____D C:\Program Files\QuickTime 2013-09-13 16:23 - 2013-09-13 16:23 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime 2013-09-13 16:23 - 2013-09-13 16:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer 2013-09-13 15:39 - 2013-09-25 00:59 - 00000000 ____D C:\Documents and Settings\Moses\Desktop\RECIPIES 2013-09-12 14:40 - 2013-10-03 18:45 - 00185449 _____ C:\WINDOWS\system32\nvapps.xml 2013-09-12 14:40 - 2008-10-23 02:09 - 00453152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvudisp.exe 2013-09-12 14:12 - 2013-09-20 09:24 - 00000000 ____D C:\Documents and Settings\Moses\Start Menu\Programs\Dell 2013-09-12 14:04 - 2013-09-12 14:14 - 00000000 ____D C:\WINDOWS\NV59845980.TMP 2013-09-12 13:56 - 2013-09-12 14:45 - 00000000 ____D C:\WINDOWS\nview 2013-09-12 13:56 - 2013-09-12 14:14 - 00000000 ____D C:\WINDOWS\NV27966000.TMP 2013-09-12 13:56 - 2008-10-23 02:09 - 00018477 _____ C:\WINDOWS\system32\nvdisp.nvu 2013-09-12 13:55 - 2008-10-20 23:16 - 00453152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NVUNINST.EXE 2013-09-12 13:33 - 2013-01-31 06:22 - 00015449 _____ C:\WINDOWS\system32\nvinfo.pb 2013-09-12 13:30 - 2013-09-12 13:34 - 01072544 _____ C:\WINDOWS\system32\nvdrsdb0.bin 2013-09-12 13:30 - 2013-09-12 13:34 - 00000001 _____ C:\WINDOWS\system32\nvdrssel.bin 2013-09-12 13:30 - 2013-09-12 13:30 - 01072544 _____ C:\WINDOWS\system32\nvdrsdb1.bin 2013-09-12 13:30 - 2013-09-12 13:30 - 00000000 _____ C:\WINDOWS\system32\nvdrswr.lk 2013-09-12 13:29 - 2013-01-31 06:22 - 17551360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll 2013-09-12 13:29 - 2013-01-31 06:22 - 05967872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll 2013-09-12 13:29 - 2013-01-31 06:22 - 02816504 _____ C:\WINDOWS\system32\nvdata.data 2013-09-12 13:29 - 2013-01-31 06:22 - 02581792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 2013-09-12 13:29 - 2013-01-31 06:22 - 01869088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvenc.dll 2013-09-12 13:29 - 2013-01-31 06:22 - 01010464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco32.dll 2013-09-12 13:29 - 2013-01-31 06:22 - 00892704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco32.dll 2013-09-12 13:15 - 2013-09-12 14:12 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2013-09-12 13:05 - 2013-09-12 13:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\NVIDIA 2013-09-12 11:36 - 2013-09-12 11:37 - 00008628 ____H C:\WINDOWS\system32\SafeGuard20.GID 2013-09-12 11:18 - 2013-09-12 11:18 - 00000000 _____ C:\WINDOWS\SafeGuard20.INI 2013-09-11 09:16 - 2013-10-03 18:45 - 00000412 _____ C:\WINDOWS\Tasks\RNUpgradeHelperLogonPrompt_Moses.job 2013-09-11 09:11 - 2013-10-02 09:19 - 00000406 _____ C:\WINDOWS\Tasks\ReclaimerUpdateFiles_Moses.job 2013-09-11 09:11 - 2013-10-02 09:19 - 00000402 _____ C:\WINDOWS\Tasks\ReclaimerUpdateXML_Moses.job 2013-09-04 12:48 - 2013-09-04 12:48 - 00000000 __SHD C:\Documents and Settings\LocalService\IETldCache 2013-09-04 12:47 - 2013-09-04 12:47 - 00017408 _____ C:\WINDOWS\system32\rpcnetp.dll 2013-09-04 12:44 - 2013-09-04 12:44 - 00017408 _____ C:\WINDOWS\system32\rpcnetp.exe ==================== One Month Modified Files and Folders ======= 2013-10-03 19:18 - 2013-10-03 19:18 - 00000000 ____D C:\FRST 2013-10-03 19:17 - 2008-04-07 16:10 - 00000422 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{DB70761C-307A-4237-8C57-61685BA35B49}.job 2013-10-03 18:53 - 2012-05-03 19:47 - 00000978 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-110049081-3069564722-2619245935-1005UA.job 2013-10-03 18:46 - 2013-10-03 17:15 - 00000000 __SHD C:\Program Files\Common Files\Windows Update Service0 2013-10-03 18:45 - 2013-09-12 14:40 - 00185449 _____ C:\WINDOWS\system32\nvapps.xml 2013-10-03 18:45 - 2013-09-11 09:16 - 00000412 _____ C:\WINDOWS\Tasks\RNUpgradeHelperLogonPrompt_Moses.job 2013-10-03 18:45 - 2007-12-21 05:35 - 00027839 _____ C:\WINDOWS\system32\nvModes.001 2013-10-03 18:45 - 2004-08-11 18:13 - 01564097 _____ C:\WINDOWS\WindowsUpdate.log 2013-10-03 18:45 - 2004-08-11 18:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2013-10-03 18:44 - 2004-08-11 18:09 - 00000159 _____ C:\WINDOWS\wiadebug.log 2013-10-03 18:44 - 2004-08-11 18:09 - 00000049 _____ C:\WINDOWS\wiaservc.log 2013-10-03 18:42 - 2012-01-13 22:21 - 00000616 ____H C:\WINDOWS\Tasks\ConfigExec.job 2013-10-03 18:42 - 2010-11-18 11:05 - 00000278 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-110049081-3069564722-2619245935-1005.job 2013-10-03 18:42 - 2004-08-11 18:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-10-03 18:40 - 2004-08-11 18:20 - 00032562 _____ C:\WINDOWS\SchedLgU.Txt 2013-10-03 17:21 - 2012-01-13 22:21 - 00000580 ____H C:\WINDOWS\Tasks\DataUpload.job 2013-10-03 17:16 - 2013-10-03 16:44 - 00000000 ____D C:\ComboFix 2013-10-03 17:15 - 2013-09-17 16:17 - 00000000 __SHD C:\Program Files\Common Files\Microsoft Webupdater0 2013-10-03 17:07 - 2004-08-11 18:00 - 00000242 _____ C:\WINDOWS\system.ini 2013-10-03 17:04 - 2013-10-02 22:15 - 00000000 ____D C:\Qoobox 2013-10-03 17:02 - 2013-10-03 17:02 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG 2013-10-03 17:02 - 2013-10-03 17:02 - 00000000 ____H C:\WINDOWS\system32\config\SYSTEM.tmp.LOG 2013-10-03 17:02 - 2013-10-03 17:02 - 00000000 ____H C:\WINDOWS\system32\config\SOFTWARE.tmp.LOG 2013-10-03 17:02 - 2013-10-03 17:02 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG 2013-10-03 17:02 - 2013-10-03 17:02 - 00000000 ____H C:\WINDOWS\system32\config\DEFAULT.tmp.LOG 2013-10-03 17:02 - 2013-10-02 22:13 - 00000000 ____D C:\WINDOWS\erdnt 2013-10-03 17:02 - 2008-01-03 18:09 - 00000178 ___SH C:\Documents and Settings\Moses\ntuser.ini 2013-10-03 17:02 - 2004-08-11 12:06 - 53477376 _____ C:\WINDOWS\system32\config\SOFTWARE.bak 2013-10-03 17:02 - 2004-08-11 12:06 - 08912896 _____ C:\WINDOWS\system32\config\SYSTEM.bak 2013-10-03 17:02 - 2004-08-11 12:06 - 00786432 _____ C:\WINDOWS\system32\config\DEFAULT.bak 2013-10-03 17:02 - 2004-08-11 12:06 - 00073728 _____ C:\WINDOWS\system32\config\SECURITY.bak 2013-10-03 17:02 - 2004-08-11 12:06 - 00028672 _____ C:\WINDOWS\system32\config\SAM.bak 2013-10-03 16:58 - 2008-01-03 18:09 - 00000000 ____D C:\Documents and Settings\Moses 2013-10-03 16:24 - 2013-10-03 16:23 - 05130107 ____R (Swearware) C:\Documents and Settings\Moses\Desktop\ComboFix.exe 2013-10-03 15:27 - 2013-10-03 15:27 - 00009216 _____ C:\Documents and Settings\Moses\Desktop\MAYO.wps 2013-10-03 15:27 - 2008-01-05 01:07 - 00039802 _____ C:\Documents and Settings\Moses\Application Data\wklnhst.dat 2013-10-03 15:27 - 2004-08-11 18:11 - 00000000 ____D C:\WINDOWS\system32\FxsTmp 2013-10-03 12:33 - 2013-10-03 12:33 - 00000000 _RSHD C:\cmdcons 2013-10-03 12:33 - 2004-08-11 18:00 - 00000327 __RSH C:\boot.ini 2013-10-02 22:17 - 2013-09-13 20:14 - 00000368 _____ C:\WINDOWS\Tasks\At1.job 2013-10-02 22:17 - 2013-09-13 20:14 - 00000298 _____ C:\WINDOWS\Tasks\pcreg.job 2013-10-02 20:42 - 2010-01-15 15:19 - 00000000 ____D C:\Documents and Settings\Moses\Local Settings\Application Data\Deployment 2013-10-02 20:34 - 2008-01-04 00:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB920872$ 2013-10-02 20:33 - 2013-10-01 21:04 - 00000000 ____D C:\Documents and Settings\Moses\Desktop\mbar 2013-10-02 17:34 - 2008-01-03 23:36 - 00000000 __SHD C:\WINDOWS\CSC 2013-10-02 17:24 - 2013-10-02 17:24 - 00110592 _____ C:\WINDOWS\Minidump\Mini100213-02.dmp 2013-10-02 17:24 - 2008-10-16 13:59 - 00000000 ____D C:\WINDOWS\Minidump 2013-10-02 15:53 - 2012-05-03 19:47 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-110049081-3069564722-2619245935-1005Core.job 2013-10-02 15:44 - 2011-03-08 22:10 - 00522696 _____ C:\WINDOWS\setupapi.log 2013-10-02 11:22 - 2013-10-02 11:22 - 00012800 _____ C:\Documents and Settings\Moses\Desktop\Chicken-n-Slicks.wps 2013-10-02 09:19 - 2013-09-11 09:11 - 00000406 _____ C:\WINDOWS\Tasks\ReclaimerUpdateFiles_Moses.job 2013-10-02 09:19 - 2013-09-11 09:11 - 00000402 _____ C:\WINDOWS\Tasks\ReclaimerUpdateXML_Moses.job 2013-10-02 00:11 - 2013-10-02 00:11 - 00110592 _____ C:\WINDOWS\Minidump\Mini100213-01.dmp 2013-10-01 22:26 - 2013-10-01 22:26 - 00110592 _____ C:\WINDOWS\Minidump\Mini100113-02.dmp 2013-10-01 21:03 - 2013-10-01 21:01 - 12907592 _____ (Malwarebytes Corp.) C:\Documents and Settings\Moses\Desktop\mbar-1.07.0.1005.exe 2013-10-01 20:39 - 2013-09-15 13:18 - 00000000 ____D C:\Documents and Settings\Moses\Local Settings\Application Data\SySaver 2013-10-01 15:55 - 2013-10-01 15:55 - 00006600 _____ C:\Documents and Settings\Moses\Desktop\RKreport[0]_S_10012013_155516.txt 2013-10-01 15:55 - 2013-10-01 15:50 - 00000000 ____D C:\Documents and Settings\Moses\Desktop\RK_Quarantine 2013-10-01 15:50 - 2013-10-01 15:50 - 00948736 _____ C:\Documents and Settings\Moses\Desktop\RogueKiller.exe 2013-10-01 15:12 - 2013-10-01 15:05 - 00023133 _____ C:\Documents and Settings\Moses\Desktop\dds.txt 2013-10-01 15:11 - 2013-10-01 15:05 - 00025728 _____ C:\Documents and Settings\Moses\Desktop\attach.txt 2013-10-01 14:51 - 2013-10-01 14:51 - 00110592 _____ C:\WINDOWS\Minidump\Mini100113-01.dmp 2013-10-01 14:41 - 2013-10-01 14:41 - 00688992 ____R (Swearware) C:\Documents and Settings\Moses\Desktop\dds.com 2013-09-29 14:17 - 2009-03-18 21:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Norton 2013-09-29 14:14 - 2010-03-10 20:41 - 00000000 ____D C:\Documents and Settings\All Users\Documents\Norton 2013-09-29 11:52 - 2007-12-21 05:35 - 00027839 _____ C:\WINDOWS\system32\nvModes.dat 2013-09-29 11:50 - 2009-05-29 14:30 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2013-09-29 11:45 - 2013-09-29 11:45 - 00009216 _____ C:\Documents and Settings\Moses\Desktop\MALWARE.wps 2013-09-28 19:07 - 2013-09-28 19:07 - 00010240 _____ C:\Documents and Settings\Moses\Desktop\Christmas.wps 2013-09-28 14:28 - 2013-09-28 01:12 - 00000000 ____D C:\Documents and Settings\Moses\My Documents\Webshots 2013-09-28 11:48 - 2009-05-18 21:29 - 00000000 ____D C:\Program Files\Common Files\Logishrd 2013-09-28 02:24 - 2009-12-25 16:40 - 00196608 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt 2013-09-28 01:22 - 2013-09-28 01:10 - 62821672 _____ (Webshots ) C:\Documents and Settings\Moses\My Documents\wallscreen-latest (1).exe 2013-09-28 01:11 - 2013-09-28 01:11 - 00000000 ____D C:\Documents and Settings\Moses\My Documents\WebShots Playlist 2013-09-28 01:11 - 2008-01-16 01:20 - 00000000 ____D C:\Program Files\Webshots 2013-09-28 01:07 - 2013-09-28 00:56 - 62821672 _____ (Webshots ) C:\Documents and Settings\Moses\My Documents\wallscreen-latest.exe 2013-09-28 01:06 - 2009-05-18 21:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\LogiShrd 2013-09-28 01:06 - 2007-12-21 06:17 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Logitech 2013-09-28 01:06 - 2007-12-21 06:14 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2013-09-28 01:05 - 2011-07-19 23:03 - 00014715 _____ C:\WINDOWS\LDPINST.LOG 2013-09-27 15:58 - 2008-04-26 15:35 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2013-09-26 15:29 - 2011-04-12 23:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2511455$ 2013-09-26 15:27 - 2013-09-13 20:13 - 00000000 ____D C:\Program Files\wrapper_inst 2013-09-26 14:17 - 2010-11-18 11:05 - 00000286 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-110049081-3069564722-2619245935-1005.job 2013-09-25 23:54 - 2011-02-14 00:01 - 00105386 _____ C:\WINDOWS\wmsetup.log 2013-09-25 00:59 - 2013-09-13 15:39 - 00000000 ____D C:\Documents and Settings\Moses\Desktop\RECIPIES 2013-09-25 00:41 - 2013-09-24 19:42 - 00000000 ____D C:\Documents and Settings\Moses\Desktop\Smoothie and Juice 2013-09-23 21:37 - 2009-04-20 03:08 - 00000703 _____ C:\WINDOWS\NewsRover.INI 2013-09-23 21:29 - 2009-03-22 00:40 - 00000000 ____D C:\Documents and Settings\Moses\Desktop\New Folder 2013-09-23 15:27 - 2013-09-23 15:27 - 00009728 _____ C:\Documents and Settings\Moses\Desktop\Chili 'Pie'.wps 2013-09-22 17:04 - 2008-01-05 00:16 - 00073728 _____ C:\Documents and Settings\Moses\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-09-22 10:09 - 2007-12-21 06:38 - 00122984 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2013-09-22 10:09 - 2004-08-11 18:06 - 00415064 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2013-09-22 02:20 - 2013-09-21 23:08 - 00000290 _____ C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job 2013-09-21 23:08 - 2013-09-21 23:08 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_point32_01009.Wdf 2013-09-21 23:08 - 2013-09-21 23:08 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_dc3d_01009.Wdf 2013-09-21 23:08 - 2013-09-21 23:08 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Mouse 2013-09-21 23:08 - 2011-03-01 10:45 - 00005356 _____ C:\WINDOWS\setupact.log 2013-09-21 23:08 - 2007-12-21 05:33 - 00000000 ____D C:\WINDOWS\system32\ReinstallBackups 2013-09-21 23:07 - 2013-09-21 23:07 - 00004259 _____ C:\WINDOWS\Wdf01009Inst.log 2013-09-21 23:07 - 2013-09-21 23:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallWdf01009$ 2013-09-21 23:07 - 2013-09-21 23:07 - 00000000 ____H C:\WINDOWS\system32\Drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf 2013-09-21 23:07 - 2011-03-01 10:45 - 00803126 _____ C:\WINDOWS\iis6.log 2013-09-21 23:07 - 2011-03-01 10:45 - 00739094 _____ C:\WINDOWS\FaxSetup.log 2013-09-21 23:07 - 2011-03-01 10:45 - 00354720 _____ C:\WINDOWS\ocgen.log 2013-09-21 23:07 - 2011-03-01 10:45 - 00338535 _____ C:\WINDOWS\tsoc.log 2013-09-21 23:07 - 2011-03-01 10:45 - 00247818 _____ C:\WINDOWS\comsetup.log 2013-09-21 23:07 - 2011-03-01 10:45 - 00226918 _____ C:\WINDOWS\msmqinst.log 2013-09-21 23:07 - 2011-03-01 10:45 - 00150043 _____ C:\WINDOWS\ntdtcsetup.log 2013-09-21 23:07 - 2011-03-01 10:45 - 00129960 _____ C:\WINDOWS\netfxocm.log 2013-09-21 23:07 - 2011-03-01 10:45 - 00051000 _____ C:\WINDOWS\MedCtrOC.log 2013-09-21 23:07 - 2011-03-01 10:45 - 00041040 _____ C:\WINDOWS\ocmsn.log 2013-09-21 23:07 - 2011-03-01 10:45 - 00037320 _____ C:\WINDOWS\tabletoc.log 2013-09-21 23:07 - 2011-03-01 10:45 - 00037080 _____ C:\WINDOWS\msgsocm.log 2013-09-21 23:07 - 2011-03-01 10:45 - 00001374 _____ C:\WINDOWS\imsins.log 2013-09-21 23:06 - 2013-09-21 23:06 - 00000000 ____D C:\Program Files\Microsoft IntelliPoint 2013-09-21 15:58 - 2008-01-28 17:47 - 00000000 ____D C:\Documents and Settings\Moses\Desktop\Folders 2013-09-20 22:20 - 2012-03-10 16:32 - 00000000 ____D C:\Documents and Settings\Moses\Application Data\Hoyle Puzzle and Board Games 2013-09-20 09:24 - 2013-09-12 14:12 - 00000000 ____D C:\Documents and Settings\Moses\Start Menu\Programs\Dell 2013-09-19 23:18 - 2010-11-28 22:04 - 00000000 ____D C:\Program Files\Common Files\Blizzard Entertainment 2013-09-19 20:59 - 2009-04-28 19:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Games 2013-09-19 20:48 - 2008-04-15 00:37 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Electronic Arts 2013-09-19 20:45 - 2008-04-05 14:26 - 00000000 ____D C:\Documents and Settings\Moses\Application Data\Microsoft Games 2013-09-19 20:45 - 2008-01-06 16:53 - 00000000 ____D C:\Documents and Settings\Moses\My Documents\My Games 2013-09-19 20:44 - 2008-02-20 22:43 - 00000000 ____D C:\Program Files\Microsoft Games 2013-09-19 20:42 - 2008-01-04 21:13 - 00000316 ____C C:\WINDOWS\SIERRA.INI 2013-09-19 20:42 - 2008-01-04 21:13 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Sierra 2013-09-19 20:42 - 2007-12-21 06:14 - 00000000 ____D C:\Program Files\Common Files\InstallShield 2013-09-19 13:11 - 2008-01-15 00:29 - 00000000 ____D C:\Program Files\yEnc32 2013-09-19 01:15 - 2013-09-19 01:15 - 00019456 _____ C:\Documents and Settings\Moses\Desktop\Slow Cooker Beef Bourguignon.wps 2013-09-18 03:43 - 2004-08-11 18:21 - 00000000 ____D C:\WINDOWS\Microsoft.NET 2013-09-18 01:21 - 2008-01-04 00:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB936357$ 2013-09-18 01:20 - 2013-09-16 22:42 - 00000000 ____D C:\Documents and Settings\Moses\Application Data\Aryf 2013-09-18 01:10 - 2008-12-30 03:53 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat 2013-09-18 01:03 - 2013-09-16 22:43 - 00000000 ____D C:\Documents and Settings\Moses\Application Data\tor 2013-09-18 00:34 - 2013-09-18 00:09 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PC1Data 2013-09-18 00:15 - 2013-09-18 00:15 - 00000000 ____D C:\Documents and Settings\Moses\Local Settings\Application Data\MFAData 2013-09-18 00:15 - 2013-09-18 00:15 - 00000000 ____D C:\Documents and Settings\Moses\Local Settings\Application Data\Avg2014 2013-09-18 00:15 - 2013-09-18 00:15 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData 2013-09-18 00:08 - 2013-09-18 00:09 - 05402832 _____ (PC Cleaners) C:\Documents and Settings\All Users\Application Data\pclunst.exe 2013-09-17 23:29 - 2013-09-17 23:29 - 00000000 ____D C:\Documents and Settings\Moses\Application Data\QuickScan 2013-09-17 23:24 - 2013-09-17 23:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee 2013-09-17 23:00 - 2013-09-16 22:42 - 00000000 ____D C:\Documents and Settings\Moses\Application Data\Xiwie 2013-09-15 23:37 - 2008-01-04 06:45 - 00000000 ____D C:\Documents and Settings\Moses\Application Data\WeatherBug 2013-09-15 14:46 - 2013-09-15 14:44 - 00000000 ____D C:\Documents and Settings\Moses\Start Menu\Programs\Vista Games 2013-09-15 14:46 - 2013-09-15 14:44 - 00000000 ____D C:\Documents and Settings\Moses\Local Settings\Application Data\Microsoft Games 2013-09-15 14:44 - 2013-09-15 14:44 - 00000000 ____D C:\Documents and Settings\Moses\My Documents\Microsoft Games 2013-09-15 14:42 - 2013-09-15 14:42 - 00000000 ____D C:\Program Files\Vista Games 2013-09-15 11:37 - 2013-09-13 19:07 - 00000000 ____D C:\WINDOWS\system32\Drivers\N360 2013-09-15 11:35 - 2013-09-13 19:09 - 00002004 _____ C:\Documents and Settings\All Users\Desktop\Norton 360 Premier Edition.LNK 2013-09-15 11:35 - 2013-09-13 19:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Norton 360 Premier Edition 2013-09-15 01:45 - 2013-09-15 01:45 - 04663296 _____ C:\Documents and Settings\Moses\My Documents\Little Go Bipe.wps 2013-09-14 17:30 - 2013-09-14 17:30 - 00009728 _____ C:\Documents and Settings\Moses\Desktop\Dell DVD DRIVE.wps 2013-09-14 14:01 - 2008-04-11 21:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-09-14 13:58 - 2009-12-10 03:40 - 00000000 ____D C:\Documents and Settings\Moses\Application Data\BatteryBar 2013-09-14 12:55 - 2004-08-11 18:07 - 00604440 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2013-09-14 12:43 - 2013-09-14 12:43 - 00139192 _____ C:\WINDOWS\KB2870699-IE8.log 2013-09-14 12:43 - 2011-03-01 10:45 - 00131654 _____ C:\WINDOWS\updspapi.log 2013-09-14 12:43 - 2011-03-01 10:45 - 00001374 _____ C:\WINDOWS\imsins.BAK 2013-09-14 12:39 - 2013-09-13 17:41 - 00146067 _____ C:\WINDOWS\KB2758857.log 2013-09-14 12:38 - 2013-09-14 12:38 - 00132666 _____ C:\WINDOWS\KB2834886.log 2013-09-14 12:38 - 2013-09-14 12:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$ 2013-09-14 12:38 - 2013-09-14 12:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2758857$ 2013-09-14 12:28 - 2013-09-14 12:28 - 00129216 _____ C:\WINDOWS\KB2834904-v2.log 2013-09-14 12:28 - 2013-09-14 12:28 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$ 2013-09-14 12:28 - 2013-09-14 12:28 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2802968$ 2013-09-14 12:28 - 2013-09-13 17:36 - 00144768 _____ C:\WINDOWS\KB2802968.log 2013-09-14 12:27 - 2013-09-14 12:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$ 2013-09-14 12:27 - 2013-09-14 12:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2780091$ 2013-09-14 12:27 - 2013-09-13 17:34 - 00144909 _____ C:\WINDOWS\KB2780091.log 2013-09-14 12:27 - 2013-09-13 17:34 - 00142115 _____ C:\WINDOWS\KB2845187.log 2013-09-14 12:25 - 2013-09-14 12:25 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876315$ 2013-09-14 12:25 - 2013-09-14 12:25 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$ 2013-09-14 12:25 - 2013-09-13 17:34 - 00143548 _____ C:\WINDOWS\KB2876315.log 2013-09-14 12:25 - 2013-09-13 17:34 - 00142066 _____ C:\WINDOWS\KB2876217.log 2013-09-14 12:21 - 2013-09-13 17:30 - 00141543 _____ C:\WINDOWS\KB2864063.log 2013-09-14 12:20 - 2013-09-14 12:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$ 2013-09-14 12:13 - 2013-09-14 12:13 - 00131753 _____ C:\WINDOWS\KB2753842-v2.log 2013-09-14 12:13 - 2013-09-14 12:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$ 2013-09-14 12:13 - 2013-09-14 12:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2770660$ 2013-09-14 12:13 - 2013-09-14 12:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2753842-v2$ 2013-09-14 12:13 - 2013-09-13 17:29 - 00141584 _____ C:\WINDOWS\KB2850869.log 2013-09-14 12:13 - 2007-12-21 06:04 - 00000000 ___HD C:\WINDOWS\$hf_mig$ 2013-09-14 12:03 - 2013-09-14 12:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$ 2013-09-14 12:03 - 2013-09-13 17:27 - 00142715 _____ C:\WINDOWS\KB2859537.log 2013-09-14 12:02 - 2013-09-14 12:02 - 00130837 _____ C:\WINDOWS\KB2807986.log 2013-09-14 12:02 - 2013-09-14 12:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2807986$ 2013-09-14 12:01 - 2013-09-14 12:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2820917$ 2013-09-14 12:01 - 2013-09-13 17:26 - 00142899 _____ C:\WINDOWS\KB2820917.log 2013-09-14 12:00 - 2013-09-14 12:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2757638$ 2013-09-14 12:00 - 2013-09-13 17:26 - 00142080 _____ C:\WINDOWS\KB2757638.log 2013-09-14 11:59 - 2013-09-14 11:59 - 00130600 _____ C:\WINDOWS\KB2820197.log 2013-09-14 11:59 - 2013-09-14 11:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2820197$ 2013-09-14 11:59 - 2013-09-13 17:26 - 00142372 _____ C:\WINDOWS\KB2749655.log 2013-09-14 11:58 - 2013-09-14 11:58 - 00127218 _____ C:\WINDOWS\KB2863058.log 2013-09-14 11:58 - 2013-09-14 11:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$ 2013-09-14 11:58 - 2013-09-14 11:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2749655$ 2013-09-14 11:58 - 2007-12-21 06:07 - 00875266 _____ C:\WINDOWS\system32\TZLog.log 2013-09-14 11:57 - 2013-09-14 11:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$ 2013-09-14 11:56 - 2013-09-14 11:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2727528$ 2013-09-14 11:56 - 2013-09-13 17:25 - 00140492 _____ C:\WINDOWS\KB2727528.log 2013-09-14 11:44 - 2013-09-14 11:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2661254-v2$ 2013-09-14 11:44 - 2013-09-13 17:24 - 00141302 _____ C:\WINDOWS\KB2661254-v2.log 2013-09-14 11:43 - 2013-09-14 11:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2813345$ 2013-09-14 11:43 - 2013-09-13 17:23 - 00143370 _____ C:\WINDOWS\KB2813345.log 2013-09-14 11:41 - 2010-06-03 16:51 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight 2013-09-14 11:31 - 2009-08-08 18:26 - 00000000 ____D C:\WINDOWS\system32\XPSViewer 2013-09-14 11:29 - 2013-09-14 11:19 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-09-14 11:10 - 2013-09-14 11:10 - 00013312 _____ C:\Documents and Settings\Moses\Desktop\BofA 09-16-12.wps 2013-09-14 10:36 - 2012-07-01 16:51 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-09-14 00:24 - 2008-01-03 18:42 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared 2013-09-14 00:12 - 2013-09-14 00:12 - 00712264 _____ C:\WINDOWS\is-JEM1A.exe 2013-09-14 00:12 - 2013-09-14 00:12 - 00011277 _____ C:\WINDOWS\is-JEM1A.msg 2013-09-14 00:12 - 2013-09-14 00:12 - 00000418 _____ C:\WINDOWS\is-JEM1A.lst 2013-09-14 00:12 - 2012-07-01 16:52 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware 2013-09-13 23:04 - 2013-09-13 23:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Kristanix Games 2013-09-13 22:52 - 2013-09-13 22:52 - 00001168 _____ C:\WINDOWS\msvxdll.ini 2013-09-13 22:38 - 2013-09-13 22:38 - 00000000 ____D C:\Program Files\Softgame Company 2013-09-13 22:20 - 2004-08-11 18:00 - 00000580 _____ C:\WINDOWS\win.ini 2013-09-13 19:14 - 2013-09-13 19:14 - 00000000 ____D C:\5e6da590d1206310ac5c8b68b22f43 2013-09-13 19:11 - 2010-03-10 20:41 - 00000000 ____D C:\Documents and Settings\Moses\Start Menu\Programs\Norton 2013-09-13 19:09 - 2012-02-01 18:43 - 00141944 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 2013-09-13 19:09 - 2012-02-01 18:43 - 00060872 _____ (Symantec Corporation) C:\WINDOWS\system32\S32EVNT1.DLL 2013-09-13 19:09 - 2012-02-01 18:43 - 00007468 _____ C:\WINDOWS\system32\Drivers\SYMEVENT.CAT 2013-09-13 19:09 - 2012-02-01 18:43 - 00000000 ____D C:\Program Files\Symantec 2013-09-13 19:07 - 2013-09-13 19:07 - 00000000 ____D C:\Program Files\Norton 360 Premier Edition 2013-09-13 19:06 - 2013-09-13 18:53 - 00000779 _____ C:\Documents and Settings\Moses\Desktop\Norton Installation Files.lnk 2013-09-13 18:39 - 2009-12-10 03:40 - 00000000 ____D C:\Program Files\BatteryBar 2013-09-13 16:24 - 2013-09-13 16:23 - 00000000 ____D C:\Program Files\QuickTime 2013-09-13 16:23 - 2013-09-13 16:23 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime 2013-09-13 16:23 - 2013-09-13 16:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer 2013-09-13 15:36 - 2011-06-16 16:02 - 00002377 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk 2013-09-13 15:36 - 2007-12-21 06:30 - 00000000 ____D C:\Program Files\Common Files\Adobe 2013-09-12 14:50 - 2008-01-06 22:09 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard 2013-09-12 14:45 - 2013-09-12 13:56 - 00000000 ____D C:\WINDOWS\nview 2013-09-12 14:45 - 2004-08-11 18:02 - 00000000 ____D C:\WINDOWS\Help 2013-09-12 14:22 - 2004-08-11 18:20 - 00000000 ____D C:\Documents and Settings\Administrator 2013-09-12 14:21 - 2004-08-11 18:20 - 00000000 __SHD C:\Documents and Settings\NetworkService 2013-09-12 14:21 - 2004-08-11 18:20 - 00000000 __SHD C:\Documents and Settings\LocalService 2013-09-12 14:21 - 2004-08-11 18:11 - 00000000 ____D C:\WINDOWS\Registration 2013-09-12 14:14 - 2013-09-12 14:04 - 00000000 ____D C:\WINDOWS\NV59845980.TMP 2013-09-12 14:14 - 2013-09-12 13:56 - 00000000 ____D C:\WINDOWS\NV27966000.TMP 2013-09-12 14:12 - 2013-09-12 13:15 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2013-09-12 13:34 - 2013-09-12 13:30 - 01072544 _____ C:\WINDOWS\system32\nvdrsdb0.bin 2013-09-12 13:34 - 2013-09-12 13:30 - 00000001 _____ C:\WINDOWS\system32\nvdrssel.bin 2013-09-12 13:30 - 2013-09-12 13:30 - 01072544 _____ C:\WINDOWS\system32\nvdrsdb1.bin 2013-09-12 13:30 - 2013-09-12 13:30 - 00000000 _____ C:\WINDOWS\system32\nvdrswr.lk 2013-09-12 13:14 - 2009-01-06 03:30 - 00000000 ____D C:\NVIDIA 2013-09-12 13:05 - 2013-09-12 13:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\NVIDIA 2013-09-12 11:37 - 2013-09-12 11:36 - 00008628 ____H C:\WINDOWS\system32\SafeGuard20.GID 2013-09-12 11:18 - 2013-09-12 11:18 - 00000000 _____ C:\WINDOWS\SafeGuard20.INI 2013-09-10 15:57 - 2012-05-03 19:54 - 00000000 ____D C:\Documents and Settings\Moses\Start Menu\Programs\Google Chrome 2013-09-04 12:48 - 2013-09-04 12:48 - 00000000 __SHD C:\Documents and Settings\LocalService\IETldCache 2013-09-04 12:47 - 2013-09-04 12:47 - 00017408 _____ C:\WINDOWS\system32\rpcnetp.dll 2013-09-04 12:44 - 2013-09-04 12:44 - 00017408 _____ C:\WINDOWS\system32\rpcnetp.exe Files to move or delete: ==================== C:\Windows\Tasks\At1.job ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================
  11. I ran Combofix and it went all the way through and restarted to my normal desktop with the blue box telling me it was preparing a log and after there is still no log. I really appreciate you taking your time to assist me. Maybe I have been doing something wrong or just a bad infection? There was a baloon popup in the lower right corner of my tool bar saying "pev,3xe-corrupt file" and "c:\\windows\prefetch\ CCSVCHST.EXE-2237-2237FED6.PF Corrupt and unreadable Run chkdsk utility" Thank you, Roger
  12. I ran Combofix, got the Microsoft program and it installed it then this window came up and it went no further and it has been over an hour. It did say earlier that c:\\windows\system 32\nview.dll was trying to keep Combofix from running.
  13. Malwarebytes Anti-Rootkit BETA 1.07.0.1005 www.malwarebytes.org Database version: v2013.07.26.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Moses :: SHUTTLE [administrator] 10/2/2013 7:37:27 PM mbar-log-2013-10-02 (19-37-27).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 256728 Time elapsed: 42 minute(s), 21 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 4 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\hijackthis.exe (Security.Hijack) -> Delete on reboot. HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\housecalllauncher.exe (Security.Hijack) -> Delete on reboot. HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\rstrui.exe (Security.Hijack) -> Delete on reboot. HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\spybotsd.exe (Security.Hijack) -> Delete on reboot. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_31 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.394000 GHz Memory total: 3219116032, free: 1839525888 Downloaded database version: v2013.10.02.01 Downloaded database version: v2013.09.30.01 Initializing... ====================== ------------ Kernel report ------------ 10/01/2013 21:11:01 ------------ Loaded modules ----------- \WINDOWS\system32\ntkrnlpa.exe \WINDOWS\system32\hal.dll \WINDOWS\system32\KDCOM.DLL \WINDOWS\system32\BOOTVID.dll ACPI.sys \WINDOWS\system32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys compbatt.sys \WINDOWS\system32\DRIVERS\BATTC.SYS pciide.sys \WINDOWS\system32\DRIVERS\PCIIDEX.SYS MountMgr.sys ftdisk.sys dmio.sys PartMgr.sys VolSnap.sys atapi.sys iaStor.sys disk.sys \WINDOWS\system32\DRIVERS\CLASSPNP.SYS fltmgr.sys SYMDS.SYS sr.sys SYMEFA.SYS DRVMCDB.SYS PxHelp20.sys KSecDD.sys WudfPf.sys Ntfs.sys NDIS.sys ohci1394.sys \WINDOWS\system32\DRIVERS\1394BUS.SYS Mup.sys \SystemRoot\system32\DRIVERS\nic1394.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\nv4_mini.sys \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\bcmwl5.sys \SystemRoot\system32\DRIVERS\physX32.sys \SystemRoot\system32\DRIVERS\b57xp32.sys \SystemRoot\system32\DRIVERS\sdbus.sys \SystemRoot\system32\DRIVERS\rimmptsk.sys \SystemRoot\system32\DRIVERS\rimsptsk.sys \SystemRoot\system32\DRIVERS\rixdptsk.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\imapi.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\redbook.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\System32\Drivers\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\btkrnl.sys \SystemRoot\system32\DRIVERS\audstub.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\psched.sys \SystemRoot\system32\DRIVERS\msgpc.sys \SystemRoot\system32\DRIVERS\ptilink.sys \SystemRoot\system32\DRIVERS\raspti.sys \SystemRoot\system32\DRIVERS\rdpdr.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\update.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\system32\drivers\btaudio.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\drivers\sthda.sys \??\C:\WINDOWS\system32\Drivers\OEM02Afx.sys \SystemRoot\System32\Drivers\i2omgmt.SYS \SystemRoot\system32\drivers\N360\0604010.00E\ccSetx86.sys \SystemRoot\System32\Drivers\N360\0604010.00E\SRTSP.SYS \SystemRoot\system32\drivers\N360\0604010.00E\Ironx86.SYS \SystemRoot\system32\drivers\N360\0604010.00E\SRTSPX.SYS \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20131001.004\NAVEX15.SYS \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20131001.004\NAVENG.SYS \SystemRoot\System32\Drivers\btwusb.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\dc3d.sys \SystemRoot\system32\DRIVERS\WDFLDR.SYS \SystemRoot\system32\DRIVERS\Wdf01000.sys \SystemRoot\system32\DRIVERS\point32.sys \SystemRoot\System32\Drivers\DLACDBHM.SYS \SystemRoot\System32\Drivers\Cdr4_xp.SYS \SystemRoot\System32\Drivers\Cdralw2k.SYS \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\Drivers\DLARTL_M.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\Drivers\mnmdd.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\ipsec.sys \SystemRoot\system32\DRIVERS\tcpip.sys \SystemRoot\System32\Drivers\N360\0604010.00E\SYMTDI.SYS \SystemRoot\system32\DRIVERS\ipnat.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\arp1394.sys \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20130928.002\IDSxpx86.sys \SystemRoot\system32\DRIVERS\netbt.sys \SystemRoot\System32\drivers\afd.sys \SystemRoot\system32\DRIVERS\netbios.sys \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\System32\Drivers\Fips.SYS \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20130924.001\BHDrvx86.sys \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS \SystemRoot\System32\Drivers\Cdfs.SYS \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\watchdog.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\drivers\dxgthk.sys \SystemRoot\System32\nv4_disp.dll \??\C:\WINDOWS\system32\drivers\mbam.sys \SystemRoot\System32\Drivers\DRVNDDM.SYS \SystemRoot\System32\DLA\DLADResM.SYS \SystemRoot\System32\DLA\DLAIFS_M.SYS \SystemRoot\System32\DLA\DLAOPIOM.SYS \SystemRoot\System32\DLA\DLAPoolM.SYS \SystemRoot\System32\DLA\DLABMFSM.SYS \SystemRoot\System32\DLA\DLABOIOM.SYS \SystemRoot\System32\DLA\DLAUDFAM.SYS \SystemRoot\System32\DLA\DLAUDF_M.SYS \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\DRIVERS\mrxdav.sys \??\C:\Program Files\Broadcom\BACS\BASFND.sys \??\C:\WINDOWS\system32\drivers\btserial.sys \SystemRoot\System32\Drivers\HTTP.sys \SystemRoot\system32\drivers\wdmaud.sys \SystemRoot\system32\drivers\sysaudio.sys \SystemRoot\system32\DRIVERS\srv.sys \SystemRoot\system32\drivers\npf.sys \SystemRoot\system32\DRIVERS\ipfltdrv.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys \WINDOWS\system32\ntdll.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff8aeb8ab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-0\ Lower Device Object: 0xffffffff8af65030 Lower Device Driver Name: \Driver\iaStor\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff8aeb8ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8aeba908, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8aeb8ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8af65030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\cxthsfs2.cty" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\1028_Dell_XPS_M1730.mrk" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\1028_Dell_XPS_M1730.mrk" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\netwlan5.img" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\gmreadme.txt" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ativmc20.cod" is compressed (flags = 1) Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 41AB2316 Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 160587 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 160650 Numsec = 378812700 Partition file system is NTFS Partition is bootable Partition 2 type is Extended with LBA (0xf) Partition is NOT ACTIVE. Partition starts at LBA: 378973350 Numsec = 5237190 Partition 3 type is Other (0xdb) Partition is NOT ACTIVE. Partition starts at LBA: 384210540 Numsec = 6506325 Disk Size: 200049647616 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-390701968-390721968)... Done! Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158} --> [Adware.GamePlayLab] --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_31 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.394000 GHz Memory total: 3219116032, free: 1647173632 Downloaded database version: v2013.10.02.01 Downloaded database version: v2013.09.30.01 Initializing... ======================================= ------------ Kernel report ------------ 10/01/2013 22:48:58 ------------ Loaded modules ----------- \WINDOWS\system32\ntkrnlpa.exe \WINDOWS\system32\hal.dll \WINDOWS\system32\KDCOM.DLL \WINDOWS\system32\BOOTVID.dll ACPI.sys \WINDOWS\system32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys compbatt.sys \WINDOWS\system32\DRIVERS\BATTC.SYS pciide.sys \WINDOWS\system32\DRIVERS\PCIIDEX.SYS MountMgr.sys ftdisk.sys dmio.sys PartMgr.sys VolSnap.sys atapi.sys iaStor.sys disk.sys \WINDOWS\system32\DRIVERS\CLASSPNP.SYS fltmgr.sys SYMDS.SYS sr.sys SYMEFA.SYS DRVMCDB.SYS PxHelp20.sys KSecDD.sys WudfPf.sys Ntfs.sys NDIS.sys ohci1394.sys \WINDOWS\system32\DRIVERS\1394BUS.SYS Mup.sys \SystemRoot\system32\DRIVERS\nic1394.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\nv4_mini.sys \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\bcmwl5.sys \SystemRoot\system32\DRIVERS\physX32.sys \SystemRoot\system32\DRIVERS\b57xp32.sys \SystemRoot\system32\DRIVERS\sdbus.sys \SystemRoot\system32\DRIVERS\rimmptsk.sys \SystemRoot\system32\DRIVERS\rimsptsk.sys \SystemRoot\system32\DRIVERS\rixdptsk.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\imapi.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\redbook.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\System32\Drivers\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\btkrnl.sys \SystemRoot\system32\DRIVERS\audstub.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\psched.sys \SystemRoot\system32\DRIVERS\msgpc.sys \SystemRoot\system32\DRIVERS\ptilink.sys \SystemRoot\system32\DRIVERS\raspti.sys \SystemRoot\system32\DRIVERS\rdpdr.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\update.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\system32\drivers\btaudio.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\drivers\sthda.sys \??\C:\WINDOWS\system32\Drivers\OEM02Afx.sys \SystemRoot\System32\Drivers\i2omgmt.SYS \SystemRoot\system32\drivers\N360\0604010.00E\ccSetx86.sys \SystemRoot\System32\Drivers\N360\0604010.00E\SRTSP.SYS \SystemRoot\system32\drivers\N360\0604010.00E\Ironx86.SYS \SystemRoot\system32\drivers\N360\0604010.00E\SRTSPX.SYS \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20131001.017\NAVEX15.SYS \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20131001.017\NAVENG.SYS \SystemRoot\System32\Drivers\btwusb.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\dc3d.sys \SystemRoot\system32\DRIVERS\WDFLDR.SYS \SystemRoot\system32\DRIVERS\Wdf01000.sys \SystemRoot\system32\DRIVERS\point32.sys \SystemRoot\System32\Drivers\DLACDBHM.SYS \SystemRoot\System32\Drivers\Cdr4_xp.SYS \SystemRoot\System32\Drivers\Cdralw2k.SYS \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\Drivers\DLARTL_M.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\Drivers\mnmdd.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\ipsec.sys \SystemRoot\system32\DRIVERS\tcpip.sys \SystemRoot\System32\Drivers\N360\0604010.00E\SYMTDI.SYS \SystemRoot\system32\DRIVERS\ipnat.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\arp1394.sys \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20131001.001\IDSxpx86.sys \SystemRoot\system32\DRIVERS\netbt.sys \SystemRoot\System32\drivers\afd.sys \SystemRoot\system32\DRIVERS\netbios.sys \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\System32\Drivers\Fips.SYS \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20130924.001\BHDrvx86.sys \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS \SystemRoot\System32\Drivers\Cdfs.SYS \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\watchdog.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\drivers\dxgthk.sys \SystemRoot\System32\nv4_disp.dll \??\C:\WINDOWS\system32\drivers\mbam.sys \SystemRoot\System32\Drivers\DRVNDDM.SYS \SystemRoot\System32\DLA\DLADResM.SYS \SystemRoot\System32\DLA\DLAIFS_M.SYS \SystemRoot\System32\DLA\DLAOPIOM.SYS \SystemRoot\System32\DLA\DLAPoolM.SYS \SystemRoot\System32\DLA\DLABMFSM.SYS \SystemRoot\System32\DLA\DLABOIOM.SYS \SystemRoot\System32\DLA\DLAUDFAM.SYS \SystemRoot\System32\DLA\DLAUDF_M.SYS \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\DRIVERS\mrxdav.sys \??\C:\Program Files\Broadcom\BACS\BASFND.sys \??\C:\WINDOWS\system32\drivers\btserial.sys \SystemRoot\System32\Drivers\HTTP.sys \SystemRoot\system32\drivers\wdmaud.sys \SystemRoot\system32\drivers\sysaudio.sys \SystemRoot\system32\DRIVERS\srv.sys \SystemRoot\system32\drivers\npf.sys \SystemRoot\system32\DRIVERS\ipfltdrv.sys \SystemRoot\system32\drivers\kmixer.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys \WINDOWS\system32\ntdll.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff8a9c0ab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-0\ Lower Device Object: 0xffffffff8af66030 Lower Device Driver Name: \Driver\iaStor\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff8a9c0ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8af578f0, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8a9c0ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8af66030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\cxthsfs2.cty" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\1028_Dell_XPS_M1730.mrk" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\1028_Dell_XPS_M1730.mrk" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\netwlan5.img" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\gmreadme.txt" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ativmc20.cod" is compressed (flags = 1) Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 41AB2316 Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 160587 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 160650 Numsec = 378812700 Partition file system is NTFS Partition is bootable Partition 2 type is Extended with LBA (0xf) Partition is NOT ACTIVE. Partition starts at LBA: 378973350 Numsec = 5237190 Partition 3 type is Other (0xdb) Partition is NOT ACTIVE. Partition starts at LBA: 384210540 Numsec = 6506325 Disk Size: 200049647616 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-390701968-390721968)... Done! Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158} --> [Adware.GamePlayLab] Scan Interrupted Scan was aborted. --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_31 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.394000 GHz Memory total: 3219116032, free: 2126794752 Initializing... ====================== ------------ Kernel report ------------ 10/02/2013 17:01:34 ------------ Loaded modules ----------- \WINDOWS\system32\ntkrnlpa.exe \WINDOWS\system32\hal.dll \WINDOWS\system32\KDCOM.DLL \WINDOWS\system32\BOOTVID.dll ACPI.sys \WINDOWS\system32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys compbatt.sys \WINDOWS\system32\DRIVERS\BATTC.SYS pciide.sys \WINDOWS\system32\DRIVERS\PCIIDEX.SYS MountMgr.sys ftdisk.sys dmio.sys PartMgr.sys VolSnap.sys atapi.sys iaStor.sys disk.sys \WINDOWS\system32\DRIVERS\CLASSPNP.SYS fltmgr.sys SYMDS.SYS sr.sys SYMEFA.SYS DRVMCDB.SYS PxHelp20.sys KSecDD.sys WudfPf.sys Ntfs.sys NDIS.sys ohci1394.sys \WINDOWS\system32\DRIVERS\1394BUS.SYS Mup.sys \SystemRoot\system32\DRIVERS\nic1394.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\nv4_mini.sys \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\bcmwl5.sys \SystemRoot\system32\DRIVERS\physX32.sys \SystemRoot\system32\DRIVERS\sdbus.sys \SystemRoot\system32\DRIVERS\rimmptsk.sys \SystemRoot\system32\DRIVERS\rimsptsk.sys \SystemRoot\system32\DRIVERS\rixdptsk.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\imapi.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\redbook.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\System32\Drivers\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\btkrnl.sys \SystemRoot\system32\DRIVERS\audstub.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\psched.sys \SystemRoot\system32\DRIVERS\msgpc.sys \SystemRoot\system32\DRIVERS\ptilink.sys \SystemRoot\system32\DRIVERS\raspti.sys \SystemRoot\system32\DRIVERS\rdpdr.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\update.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\system32\drivers\btaudio.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\drivers\sthda.sys \??\C:\WINDOWS\system32\Drivers\OEM02Afx.sys \SystemRoot\System32\Drivers\i2omgmt.SYS \SystemRoot\system32\drivers\N360\0604010.00E\ccSetx86.sys \SystemRoot\System32\Drivers\N360\0604010.00E\SRTSP.SYS \SystemRoot\system32\drivers\N360\0604010.00E\Ironx86.SYS \SystemRoot\system32\drivers\N360\0604010.00E\SRTSPX.SYS \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS \SystemRoot\System32\Drivers\btwusb.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\dc3d.sys \SystemRoot\system32\DRIVERS\WDFLDR.SYS \SystemRoot\system32\DRIVERS\Wdf01000.sys \SystemRoot\system32\DRIVERS\point32.sys \SystemRoot\System32\Drivers\DLACDBHM.SYS \SystemRoot\System32\Drivers\Cdr4_xp.SYS \SystemRoot\System32\Drivers\Cdralw2k.SYS \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\Drivers\DLARTL_M.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\Drivers\mnmdd.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\ipsec.sys \SystemRoot\system32\DRIVERS\tcpip.sys \SystemRoot\System32\Drivers\N360\0604010.00E\SYMTDI.SYS \SystemRoot\system32\DRIVERS\ipnat.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\arp1394.sys \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20131001.001\IDSxpx86.sys \SystemRoot\system32\DRIVERS\netbt.sys \SystemRoot\System32\drivers\afd.sys \SystemRoot\system32\DRIVERS\netbios.sys \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\System32\Drivers\Fips.SYS \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20130924.001\BHDrvx86.sys \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS \SystemRoot\System32\Drivers\Cdfs.SYS \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\watchdog.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\drivers\dxgthk.sys \SystemRoot\System32\nv4_disp.dll \??\C:\WINDOWS\system32\drivers\mbam.sys \SystemRoot\System32\Drivers\DRVNDDM.SYS \SystemRoot\System32\DLA\DLADResM.SYS \SystemRoot\System32\DLA\DLAIFS_M.SYS \SystemRoot\System32\DLA\DLAOPIOM.SYS \SystemRoot\System32\DLA\DLAPoolM.SYS \SystemRoot\System32\DLA\DLABMFSM.SYS \SystemRoot\System32\DLA\DLABOIOM.SYS \SystemRoot\System32\DLA\DLAUDFAM.SYS \SystemRoot\System32\DLA\DLAUDF_M.SYS \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\mrxdav.sys \SystemRoot\system32\drivers\wdmaud.sys \SystemRoot\system32\drivers\sysaudio.sys \??\C:\Program Files\Broadcom\BACS\BASFND.sys \??\C:\WINDOWS\system32\drivers\btserial.sys \SystemRoot\System32\Drivers\HTTP.sys \SystemRoot\system32\DRIVERS\srv.sys \SystemRoot\system32\drivers\npf.sys \SystemRoot\system32\DRIVERS\ipfltdrv.sys \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20131002.003\NAVEX15.SYS \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20131002.003\NAVENG.SYS \SystemRoot\system32\DRIVERS\b57xp32.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys \WINDOWS\system32\ntdll.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff8aebd030 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-0\ Lower Device Object: 0xffffffff8af50030 Lower Device Driver Name: \Driver\iaStor\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff8aebd030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8af6c8f0, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8aebd030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8af50030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\cxthsfs2.cty" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\1028_Dell_XPS_M1730.mrk" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\1028_Dell_XPS_M1730.mrk" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\netwlan5.img" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\gmreadme.txt" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ativmc20.cod" is compressed (flags = 1) Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 41AB2316 Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 160587 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 160650 Numsec = 378812700 Partition file system is NTFS Partition is bootable Partition 2 type is Extended with LBA (0xf) Partition is NOT ACTIVE. Partition starts at LBA: 378973350 Numsec = 5237190 Partition 3 type is Other (0xdb) Partition is NOT ACTIVE. Partition starts at LBA: 384210540 Numsec = 6506325 Disk Size: 200049647616 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-390701968-390721968)... Done! Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158} --> [Adware.GamePlayLab] --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_31 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.394000 GHz Memory total: 3219116032, free: 2232762368 Initializing... ====================== ------------ Kernel report ------------ 10/02/2013 17:41:55 ------------ Loaded modules ----------- \WINDOWS\system32\ntkrnlpa.exe \WINDOWS\system32\hal.dll \WINDOWS\system32\KDCOM.DLL \WINDOWS\system32\BOOTVID.dll ACPI.sys \WINDOWS\system32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys compbatt.sys \WINDOWS\system32\DRIVERS\BATTC.SYS pciide.sys \WINDOWS\system32\DRIVERS\PCIIDEX.SYS MountMgr.sys ftdisk.sys dmio.sys PartMgr.sys VolSnap.sys atapi.sys iaStor.sys disk.sys \WINDOWS\system32\DRIVERS\CLASSPNP.SYS fltmgr.sys SYMDS.SYS sr.sys SYMEFA.SYS DRVMCDB.SYS PxHelp20.sys KSecDD.sys WudfPf.sys Ntfs.sys NDIS.sys ohci1394.sys \WINDOWS\system32\DRIVERS\1394BUS.SYS Mup.sys \SystemRoot\system32\DRIVERS\nic1394.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\nv4_mini.sys \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\bcmwl5.sys \SystemRoot\system32\DRIVERS\physX32.sys \SystemRoot\system32\DRIVERS\b57xp32.sys \SystemRoot\system32\DRIVERS\sdbus.sys \SystemRoot\system32\DRIVERS\rimmptsk.sys \SystemRoot\system32\DRIVERS\rimsptsk.sys \SystemRoot\system32\DRIVERS\rixdptsk.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\imapi.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\redbook.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\System32\Drivers\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\btkrnl.sys \SystemRoot\system32\DRIVERS\audstub.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\psched.sys \SystemRoot\system32\DRIVERS\msgpc.sys \SystemRoot\system32\DRIVERS\ptilink.sys \SystemRoot\system32\DRIVERS\raspti.sys \SystemRoot\system32\DRIVERS\rdpdr.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\update.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\system32\drivers\btaudio.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\drivers\sthda.sys \??\C:\WINDOWS\system32\Drivers\OEM02Afx.sys \SystemRoot\System32\Drivers\i2omgmt.SYS \SystemRoot\system32\drivers\N360\0604010.00E\ccSetx86.sys \SystemRoot\system32\drivers\N360\0604010.00E\Ironx86.SYS \SystemRoot\System32\Drivers\DLACDBHM.SYS \SystemRoot\System32\Drivers\Cdr4_xp.SYS \SystemRoot\System32\Drivers\Cdralw2k.SYS \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\Drivers\DLARTL_M.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\Drivers\mnmdd.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\ipsec.sys \SystemRoot\system32\DRIVERS\tcpip.sys \SystemRoot\System32\Drivers\N360\0604010.00E\SYMTDI.SYS \SystemRoot\system32\DRIVERS\ipnat.sys \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20131001.001\IDSxpx86.sys \SystemRoot\system32\DRIVERS\netbt.sys \SystemRoot\System32\drivers\afd.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\drivers\N360\0604010.00E\SRTSPX.SYS \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\System32\Drivers\Fips.SYS \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20130924.001\BHDrvx86.sys \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\arp1394.sys \SystemRoot\System32\Drivers\btwusb.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\System32\Drivers\Cdfs.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\dc3d.sys \SystemRoot\system32\DRIVERS\WDFLDR.SYS \SystemRoot\system32\DRIVERS\Wdf01000.sys \SystemRoot\system32\DRIVERS\point32.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\watchdog.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\drivers\dxgthk.sys \SystemRoot\System32\nv4_disp.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\System32\Drivers\DRVNDDM.SYS \SystemRoot\System32\DLA\DLADResM.SYS \SystemRoot\System32\DLA\DLAIFS_M.SYS \SystemRoot\System32\DLA\DLAOPIOM.SYS \SystemRoot\System32\DLA\DLAPoolM.SYS \SystemRoot\System32\DLA\DLABMFSM.SYS \SystemRoot\System32\DLA\DLABOIOM.SYS \SystemRoot\System32\DLA\DLAUDFAM.SYS \SystemRoot\System32\DLA\DLAUDF_M.SYS \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\mrxdav.sys \SystemRoot\system32\drivers\wdmaud.sys \SystemRoot\system32\drivers\sysaudio.sys \??\C:\Program Files\Broadcom\BACS\BASFND.sys \??\C:\WINDOWS\system32\drivers\btserial.sys \SystemRoot\System32\Drivers\HTTP.sys \SystemRoot\system32\DRIVERS\srv.sys \SystemRoot\system32\drivers\npf.sys \SystemRoot\system32\DRIVERS\ipfltdrv.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys \WINDOWS\system32\ntdll.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff8afd25a8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-0\ Lower Device Object: 0xffffffff8af4f030 Lower Device Driver Name: \Driver\iaStor\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff8afd25a8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8aeb3908, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8afd25a8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8af4f030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\cxthsfs2.cty" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\1028_Dell_XPS_M1730.mrk" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\1028_Dell_XPS_M1730.mrk" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\netwlan5.img" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\gmreadme.txt" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ativmc20.cod" is compressed (flags = 1) Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 41AB2316 Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 160587 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 160650 Numsec = 378812700 Partition file system is NTFS Partition is bootable Partition 2 type is Extended with LBA (0xf) Partition is NOT ACTIVE. Partition starts at LBA: 378973350 Numsec = 5237190 Partition 3 type is Other (0xdb) Partition is NOT ACTIVE. Partition starts at LBA: 384210540 Numsec = 6506325 Disk Size: 200049647616 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-390701968-390721968)... Done! Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158} --> [Adware.GamePlayLab] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\hijackthis.exe --> [security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\housecalllauncher.exe --> [security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\rstrui.exe --> [security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\spybotsd.exe --> [security.Hijack] Scan finished Creating System Restore point... Cleaning up... Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_31 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.394000 GHz Memory total: 3219116032, free: 2608160768 ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_31 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.394000 GHz Memory total: 3219116032, free: 2236424192 ======================================= Initializing... ------------ Kernel report ------------ 10/02/2013 18:43:29 ------------ Loaded modules ----------- \WINDOWS\system32\ntkrnlpa.exe \WINDOWS\system32\hal.dll \WINDOWS\system32\KDCOM.DLL \WINDOWS\system32\BOOTVID.dll \WINDOWS\system32\drivers\CLASSPNP.SYS imofugc.sys ACPI.sys \WINDOWS\system32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys compbatt.sys \WINDOWS\system32\DRIVERS\BATTC.SYS pciide.sys \WINDOWS\system32\DRIVERS\PCIIDEX.SYS MountMgr.sys ftdisk.sys dmio.sys PartMgr.sys VolSnap.sys atapi.sys iaStor.sys disk.sys fltmgr.sys SYMDS.SYS sr.sys SYMEFA.SYS DRVMCDB.SYS PxHelp20.sys KSecDD.sys WudfPf.sys Ntfs.sys NDIS.sys ohci1394.sys \WINDOWS\system32\DRIVERS\1394BUS.SYS Mup.sys \SystemRoot\system32\DRIVERS\nic1394.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\nv4_mini.sys \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\bcmwl5.sys \SystemRoot\system32\DRIVERS\physX32.sys \SystemRoot\system32\DRIVERS\b57xp32.sys \SystemRoot\system32\DRIVERS\sdbus.sys \SystemRoot\system32\DRIVERS\rimmptsk.sys \SystemRoot\system32\DRIVERS\rimsptsk.sys \SystemRoot\system32\DRIVERS\rixdptsk.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\imapi.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\redbook.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\System32\Drivers\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\btkrnl.sys \SystemRoot\system32\DRIVERS\audstub.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\psched.sys \SystemRoot\system32\DRIVERS\msgpc.sys \SystemRoot\system32\DRIVERS\ptilink.sys \SystemRoot\system32\DRIVERS\raspti.sys \SystemRoot\system32\DRIVERS\rdpdr.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\update.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\system32\drivers\btaudio.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\drivers\sthda.sys \??\C:\WINDOWS\system32\Drivers\OEM02Afx.sys \SystemRoot\System32\Drivers\i2omgmt.SYS \SystemRoot\system32\drivers\N360\0604010.00E\ccSetx86.sys \SystemRoot\System32\Drivers\N360\0604010.00E\SRTSP.SYS \SystemRoot\System32\Drivers\btwusb.sys \SystemRoot\system32\drivers\N360\0604010.00E\Ironx86.SYS \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\drivers\N360\0604010.00E\SRTSPX.SYS \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20131002.003\NAVEX15.SYS \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20131002.003\NAVENG.SYS \SystemRoot\system32\DRIVERS\dc3d.sys \SystemRoot\system32\DRIVERS\WDFLDR.SYS \SystemRoot\system32\DRIVERS\Wdf01000.sys \SystemRoot\system32\DRIVERS\point32.sys \SystemRoot\System32\Drivers\DLACDBHM.SYS \SystemRoot\System32\Drivers\Cdr4_xp.SYS \SystemRoot\System32\Drivers\Cdralw2k.SYS \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\Drivers\DLARTL_M.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\Drivers\mnmdd.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\ipsec.sys \SystemRoot\system32\DRIVERS\tcpip.sys \SystemRoot\System32\Drivers\N360\0604010.00E\SYMTDI.SYS \SystemRoot\system32\DRIVERS\ipnat.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\arp1394.sys \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20131001.001\IDSxpx86.sys \SystemRoot\system32\DRIVERS\netbt.sys \SystemRoot\System32\drivers\afd.sys \SystemRoot\system32\DRIVERS\netbios.sys \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\System32\Drivers\Fips.SYS \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20130924.001\BHDrvx86.sys \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS \SystemRoot\System32\Drivers\Cdfs.SYS \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\watchdog.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\drivers\dxgthk.sys \SystemRoot\System32\nv4_disp.dll \SystemRoot\System32\Drivers\DRVNDDM.SYS \SystemRoot\System32\DLA\DLADResM.SYS \SystemRoot\System32\DLA\DLAIFS_M.SYS \SystemRoot\System32\DLA\DLAOPIOM.SYS \SystemRoot\System32\DLA\DLAPoolM.SYS \SystemRoot\System32\DLA\DLABMFSM.SYS \SystemRoot\System32\DLA\DLABOIOM.SYS \SystemRoot\System32\DLA\DLAUDFAM.SYS \SystemRoot\System32\DLA\DLAUDF_M.SYS \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\DRIVERS\mrxdav.sys \??\C:\Program Files\Broadcom\BACS\BASFND.sys \??\C:\WINDOWS\system32\drivers\btserial.sys \SystemRoot\System32\Drivers\HTTP.sys \SystemRoot\system32\drivers\wdmaud.sys \SystemRoot\system32\drivers\sysaudio.sys \SystemRoot\system32\DRIVERS\srv.sys \SystemRoot\system32\drivers\npf.sys \SystemRoot\system32\DRIVERS\ipfltdrv.sys \SystemRoot\system32\drivers\kmixer.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys \WINDOWS\system32\ntdll.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff8af61030 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-0\ Lower Device Object: 0xffffffff8a9c1030 Lower Device Driver Name: \Driver\iaStor\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff8af61030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8afb8198, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8af61030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8a9c1030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\cxthsfs2.cty" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\1028_Dell_XPS_M1730.mrk" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\1028_Dell_XPS_M1730.mrk" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\netwlan5.img" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\gmreadme.txt" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ativmc20.cod" is compressed (flags = 1) Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 41AB2316 Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 160587 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 160650 Numsec = 378812700 Partition file system is NTFS Partition is bootable Partition 2 type is Extended with LBA (0xf) Partition is NOT ACTIVE. Partition starts at LBA: 378973350 Numsec = 5237190 Partition 3 type is Other (0xdb) Partition is NOT ACTIVE. Partition starts at LBA: 384210540 Numsec = 6506325 Disk Size: 200049647616 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-390701968-390721968)... Done! Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\hijackthis.exe --> [security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\housecalllauncher.exe --> [security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\rstrui.exe --> [security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\spybotsd.exe --> [security.Hijack] Scan finished Creating System Restore point... Cleaning up... Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_31 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.395000 GHz Memory total: 3219116032, free: 2653536256 ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_31 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.395000 GHz Memory total: 3219116032, free: 2185707520 Host not found ======================================= Initializing... ------------ Kernel report ------------ 10/02/2013 19:37:04 ------------ Loaded modules ----------- \WINDOWS\system32\ntkrnlpa.exe \WINDOWS\system32\hal.dll \WINDOWS\system32\KDCOM.DLL \WINDOWS\system32\BOOTVID.dll \WINDOWS\system32\drivers\CLASSPNP.SYS imofugc.sys ACPI.sys \WINDOWS\system32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys compbatt.sys \WINDOWS\system32\DRIVERS\BATTC.SYS pciide.sys \WINDOWS\system32\DRIVERS\PCIIDEX.SYS MountMgr.sys ftdisk.sys dmio.sys PartMgr.sys VolSnap.sys atapi.sys iaStor.sys disk.sys fltmgr.sys SYMDS.SYS sr.sys SYMEFA.SYS DRVMCDB.SYS PxHelp20.sys KSecDD.sys WudfPf.sys Ntfs.sys NDIS.sys ohci1394.sys \WINDOWS\system32\DRIVERS\1394BUS.SYS Mup.sys \SystemRoot\system32\DRIVERS\nic1394.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\nv4_mini.sys \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\bcmwl5.sys \SystemRoot\system32\DRIVERS\physX32.sys \SystemRoot\system32\DRIVERS\b57xp32.sys \SystemRoot\system32\DRIVERS\sdbus.sys \SystemRoot\system32\DRIVERS\rimmptsk.sys \SystemRoot\system32\DRIVERS\rimsptsk.sys \SystemRoot\system32\DRIVERS\rixdptsk.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\imapi.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\redbook.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\System32\Drivers\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\btkrnl.sys \SystemRoot\system32\DRIVERS\audstub.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\psched.sys \SystemRoot\system32\DRIVERS\msgpc.sys \SystemRoot\system32\DRIVERS\ptilink.sys \SystemRoot\system32\DRIVERS\raspti.sys \SystemRoot\system32\DRIVERS\rdpdr.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\update.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\system32\drivers\btaudio.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\drivers\sthda.sys \??\C:\WINDOWS\system32\Drivers\OEM02Afx.sys \SystemRoot\System32\Drivers\i2omgmt.SYS \SystemRoot\system32\drivers\N360\0604010.00E\ccSetx86.sys \SystemRoot\system32\drivers\N360\0604010.00E\Ironx86.SYS \SystemRoot\System32\Drivers\DLACDBHM.SYS \SystemRoot\System32\Drivers\Cdr4_xp.SYS \SystemRoot\System32\Drivers\Cdralw2k.SYS \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\Drivers\DLARTL_M.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\Drivers\mnmdd.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\ipsec.sys \SystemRoot\system32\DRIVERS\tcpip.sys \SystemRoot\System32\Drivers\N360\0604010.00E\SYMTDI.SYS \SystemRoot\system32\DRIVERS\ipnat.sys \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20131001.001\IDSxpx86.sys \SystemRoot\system32\DRIVERS\netbt.sys \SystemRoot\System32\drivers\afd.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\drivers\N360\0604010.00E\SRTSPX.SYS \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\System32\Drivers\Fips.SYS \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20130924.001\BHDrvx86.sys \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\arp1394.sys \SystemRoot\System32\Drivers\btwusb.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\Drivers\Cdfs.SYS \SystemRoot\system32\DRIVERS\dc3d.sys \SystemRoot\system32\DRIVERS\WDFLDR.SYS \SystemRoot\system32\DRIVERS\Wdf01000.sys \SystemRoot\system32\DRIVERS\point32.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\watchdog.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\drivers\dxgthk.sys \SystemRoot\System32\nv4_disp.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\System32\Drivers\DRVNDDM.SYS \SystemRoot\System32\DLA\DLADResM.SYS \SystemRoot\System32\DLA\DLAIFS_M.SYS \SystemRoot\System32\DLA\DLAOPIOM.SYS \SystemRoot\System32\DLA\DLAPoolM.SYS \SystemRoot\System32\DLA\DLABMFSM.SYS \SystemRoot\System32\DLA\DLABOIOM.SYS \SystemRoot\System32\DLA\DLAUDFAM.SYS \SystemRoot\System32\DLA\DLAUDF_M.SYS \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\mrxdav.sys \??\C:\Program Files\Broadcom\BACS\BASFND.sys \??\C:\WINDOWS\system32\drivers\btserial.sys \SystemRoot\system32\drivers\wdmaud.sys \SystemRoot\system32\drivers\sysaudio.sys \SystemRoot\System32\Drivers\HTTP.sys \SystemRoot\system32\DRIVERS\srv.sys \SystemRoot\system32\drivers\npf.sys \SystemRoot\system32\DRIVERS\ipfltdrv.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys \WINDOWS\system32\ntdll.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff8af63030 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-0\ Lower Device Object: 0xffffffff8a9c0030 Lower Device Driver Name: \Driver\iaStor\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff8af63030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8af6b908, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8af63030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8a9c0030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\cxthsfs2.cty" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\1028_Dell_XPS_M1730.mrk" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\1028_Dell_XPS_M1730.mrk" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\netwlan5.img" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\gmreadme.txt" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ativmc20.cod" is compressed (flags = 1) Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 41AB2316 Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 160587 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 160650 Numsec = 378812700 Partition file system is NTFS Partition is bootable Partition 2 type is Extended with LBA (0xf) Partition is NOT ACTIVE. Partition starts at LBA: 378973350 Numsec = 5237190 Partition 3 type is Other (0xdb) Partition is NOT ACTIVE. Partition starts at LBA: 384210540 Numsec = 6506325 Disk Size: 200049647616 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-390701968-390721968)... Done! Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\hijackthis.exe --> [security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\housecalllauncher.exe --> [security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\rstrui.exe --> [security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\spybotsd.exe --> [security.Hijack] Scan finished Creating System Restore point... Cleaning up... Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_31 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.394000 GHz Memory total: 3219116032, free: 2610515968 =======================================
  14. The first time I ran MBAR there were the original 4 hijack files and another one. The second time I ran it there were the 4 hijack files again. Should I run MBAR again?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.