Jump to content

neicey145

Members
 View Profile  See their activity

  • Posts

    14

  • Joined

  • Last visited

 Content Type 

Everything posted by neicey145

  1. neicey145
    Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 7940 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 10/14/2011 1:38:19 PM mbam-log-2011-10-14 (13-38-19).txt Scan type: Quick scan Objects scanned: 206895 Time elapsed: 22 minute(s), 5 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) The computer will run fine for a while. The problem occurs if I leave it sitting idle for too long, it becomes non responsive when I try to click on something.
  2. neicey145
    Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 7940 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 10/13/2011 8:00:26 PM mbam-log-2011-10-13 (20-00-26).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 363760 Time elapsed: 4 hour(s), 32 minute(s), 47 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 37 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\AppID\activex.DLL (Adware.180Solutions) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: c:\WINDOWS\system32\localservice32 (Trojan.Tracur) -> Quarantined and deleted successfully. Files Infected: c:\program files\9EA86\lvvm.exe (Backdoor.Bot) -> Quarantined and deleted successfully. c:\program files\internet explorer\52C0\695.exe (Backdoor.Bot) -> Quarantined and deleted successfully. c:\qoobox\quarantine\c\documents and settings\all users\application data\nd17714jfdeh17714\nd17714jfdeh17714.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\qoobox\quarantine\c\documents and settings\hp_administrator\application data\conhost.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully. c:\Qoobox\quarantine\C\documents and settings\networkservice\application data\Remote\czn3.dll.vir (Spyware.Password) -> Quarantined and deleted successfully. c:\qoobox\quarantine\c\documents and settings\networkservice\local settings\application data\microsoft\nvvsvc.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully. c:\qoobox\quarantine\c\program files\internet explorer\lvvm.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully. c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP1\A0005045.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully. c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP1\A0005052.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully. c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\rp1\a0005205.exe (Backdoor.Bot) -> Quarantined and deleted successfully. c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\rp2\a0009255.exe (Backdoor.Bot) -> Quarantined and deleted successfully. c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\rp2\a0009231.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP2\A0010555.dll (Spyware.Password) -> Quarantined and deleted successfully. c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\rp2\a0010545.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\rp2\a0010554.exe (Backdoor.Bot) -> Quarantined and deleted successfully. c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP2\A0010556.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\rp2\a0010558.exe (Backdoor.Bot) -> Quarantined and deleted successfully. c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\rp2\a0011590.exe (Backdoor.Bot) -> Quarantined and deleted successfully. c:\documents and settings\administrator\start menu\programs\startup\apnae.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\default user\start menu\programs\startup\muedmy.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\system32\form.txt (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\system32\root.pfx (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\system32\spc.pfx (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\system32\localservice32\48.music.mp3.kwd (Trojan.Tracur) -> Quarantined and deleted successfully. c:\WINDOWS\system32\localservice32\49.music.snd.kwd (Trojan.Tracur) -> Quarantined and deleted successfully. c:\WINDOWS\system32\localservice32\50.crack.zip (Trojan.Tracur) -> Quarantined and deleted successfully. c:\WINDOWS\system32\localservice32\50.crack.zip.kwd (Trojan.Tracur) -> Quarantined and deleted successfully. c:\WINDOWS\system32\localservice32\51.keygen.zip (Trojan.Tracur) -> Quarantined and deleted successfully. c:\WINDOWS\system32\localservice32\51.keygen.zip.kwd (Trojan.Tracur) -> Quarantined and deleted successfully. c:\WINDOWS\system32\localservice32\52.keymaker.zip (Trojan.Tracur) -> Quarantined and deleted successfully. c:\WINDOWS\system32\localservice32\52.keymaker.zip.kwd (Trojan.Tracur) -> Quarantined and deleted successfully. c:\WINDOWS\system32\localservice32\53.serial.zip (Trojan.Tracur) -> Quarantined and deleted successfully. c:\WINDOWS\system32\localservice32\53.serial.zip.kwd (Trojan.Tracur) -> Quarantined and deleted successfully. c:\WINDOWS\system32\localservice32\54.setup.zip (Trojan.Tracur) -> Quarantined and deleted successfully. c:\WINDOWS\system32\localservice32\54.setup.zip.kwd (Trojan.Tracur) -> Quarantined and deleted successfully. c:\WINDOWS\system32\localservice32\55.unpack.zip (Trojan.Tracur) -> Quarantined and deleted successfully. c:\WINDOWS\system32\localservice32\55.unpack.zip.kwd (Trojan.Tracur) -> Quarantined and deleted successfully. Now that my internet is connecting on normal mode, I haven't noticed anything other problems.
  3. neicey145
    Yes it found somethings? Do you want me to post the log?
  4. neicey145
    After I deleted the AVG folder I was able to connect in Normal mode. I'm also able to run Malwarebytes now. Does this mean my system is clean now or is there something else I have to do next? I really appreciate you for taking time out to help me.
  5. neicey145
    I removed the Norton 360, no change. The reason I had both was because my Norton Subscrition ended and I wanted to try the AVG before I decided if I wanted to pay for a new subscription. When I ran the combofix the first time, I was having problems disabling AVG. I then tried removing it, it's not showing up in the add/remove list anymore, but the icon is still on my desktop. When you open it, it says no active components. When I try to uninstall it from the start menu it gave me an access denied error.
  6. neicey145
    ComboFix 11-10-12.04 - HP_Administrator 10/12/2011 18:23:18.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.348 [GMT -5:00] Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Norton 360 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2011-09-12 to 2011-10-12 ))))))))))))))))))))))))))))))) . . 2011-10-12 06:52 . 2011-10-12 06:52 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe 2011-10-12 03:43 . 2011-10-12 03:43 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE 2011-10-11 22:01 . 2011-10-11 22:01 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Threat Expert 2011-10-11 21:35 . 2011-10-11 21:57 -------- d-----w- c:\program files\9EA86 2011-10-10 03:37 . 2011-10-10 03:37 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE 2011-10-10 03:37 . 2011-10-10 03:37 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo! 2011-10-10 03:36 . 2011-10-10 03:36 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo! 2011-10-10 03:36 . 2011-10-10 03:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2011-10-07 10:00 . 2011-07-08 12:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-10-07 10:00 . 2011-10-07 10:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-10-07 10:00 . 2011-07-08 12:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-07 08:59 . 2009-10-08 16:31 767952 ----a-w- c:\windows\BDTSupport.dll 2011-10-07 08:59 . 2010-01-21 23:21 165840 ----a-w- c:\windows\PCTBDRes.dll 2011-10-07 08:59 . 2010-01-21 23:21 149456 ----a-w- c:\windows\SGDetectionTool.dll 2011-10-07 08:59 . 2009-10-08 16:31 1636304 ----a-w- c:\windows\PCTBDCore.dll 2011-10-07 08:58 . 2009-09-24 13:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2011-10-07 08:57 . 2009-10-06 21:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2011-10-07 08:57 . 2009-09-23 21:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2011-10-07 08:57 . 2009-09-03 14:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2011-10-07 08:57 . 2011-10-07 09:09 -------- d-----w- c:\program files\Spyware Doctor2 2011-10-07 08:57 . 2011-10-07 09:00 -------- d-----w- c:\program files\Common Files\PC Tools 2011-10-07 08:57 . 2011-10-07 08:57 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\PC Tools 2011-10-07 08:57 . 2011-10-07 08:57 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2011-10-07 08:49 . 2011-10-07 08:49 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes 2011-10-07 08:49 . 2011-10-07 08:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-10-07 04:17 . 2011-10-07 04:17 -------- d-----w- C:\!KillBox 2011-10-06 02:57 . 2011-10-06 03:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2011-10-06 02:57 . 2011-10-06 02:57 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-10-06 02:45 . 2011-10-06 02:52 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Sammsoft 2011-10-05 00:06 . 2011-10-05 00:06 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2011-10-04 23:55 . 2011-10-04 23:55 1324 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\d3d9caps.tmp 2011-10-04 20:05 . 2011-10-04 20:05 -------- d-----w- c:\windows\system32\wbem\Repository 2011-09-19 17:16 . 2011-09-19 17:16 -------- d-----w- c:\program files\iPod 2011-09-19 17:15 . 2011-09-19 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2011-09-19 17:10 . 2011-09-19 17:10 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll 2011-09-19 17:10 . 2011-09-19 17:10 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll 2011-09-19 17:10 . 2011-09-19 17:10 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll 2011-09-19 17:10 . 2011-09-19 17:10 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll 2011-09-19 17:10 . 2011-09-19 17:10 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll 2011-09-19 17:10 . 2011-09-19 17:10 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll 2011-09-19 17:10 . 2011-09-19 17:10 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll 2011-09-19 17:02 . 2011-09-19 17:02 -------- d-----w- c:\program files\Bonjour . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-12 17:39 . 2004-08-03 21:59 57600 ----a-w- c:\windows\system32\drivers\redbook.sys 2011-08-25 20:03 . 2011-08-03 05:12 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-08-02 22:28 . 2010-10-04 13:09 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL 2011-08-02 22:28 . 2010-10-04 13:09 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2011-07-15 13:29 . 2004-08-10 04:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2007-08-29 00:44 . 2007-08-29 00:44 774144 ----a-w- c:\program files\RngInterstitial.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-10-11_23.20.15 ))))))))))))))))))))))))))))))))))))))))) . + 2011-10-12 23:17 . 2011-10-12 23:17 16384 c:\windows\Temp\Perflib_Perfdata_350.dat + 2009-03-22 17:18 . 2011-10-12 07:40 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat - 2009-03-22 17:18 . 2011-10-11 21:31 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-03-07 180269] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888] "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184] "HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856] "DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112] "Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544] "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584] . c:\documents and settings\Administrator\Start Menu\Programs\Startup\ apnae.exe [2011-10-9 204288] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2005-06-07 05:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-01-26 20:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\DISC\\DISCover.exe"= "c:\\Program Files\\DISC\\DiscStreamHub.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"= "c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2/22/2011 8:13 AM 22992] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [3/16/2011 4:03 PM 32592] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [10/7/2011 3:57 AM 207280] R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SymDS.sys [8/2/2011 5:27 PM 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SymEFA.sys [8/2/2011 5:27 PM 744568] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 6:41 AM 248656] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [4/5/2011 12:59 AM 297168] R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110616.003\BHDrvx86.sys [6/16/2011 7:52 PM 810616] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.sys [8/2/2011 5:27 PM 136312] R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor2\BDT\BDTUpdateService.exe [10/7/2011 3:59 AM 112592] S2 N360;Norton 360;c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [8/2/2011 5:27 PM 130008] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [4/14/2011 9:28 PM 134480] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2/10/2011 7:53 AM 24144] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2/10/2011 7:53 AM 27216] S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110701.051\IDSXpx86.sys [7/1/2011 10:27 PM 355256] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor2\pctsAuxs.exe [10/7/2011 3:57 AM 358600] S4 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [8/18/2011 1:33 AM 7390560] S4 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll . Contents of the 'Scheduled Tasks' folder . 2011-10-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 18:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.msn.com uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105 IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm Trusted Zone: att.net Trusted Zone: sbcglobal.net Trusted Zone: yahoo.com\clientapps Trusted Zone: trymedia.com TCP: DhcpNameServer = 192.168.1.254 DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://games.king.com/ctl/kingcomie.cab . - - - - ORPHANS REMOVED - - - - . HKLM-Run-695.exe - c:\program files\Internet Explorer\52C0\695.exe SafeBoot-78284782.sys AddRemove-Malwarebytes' Anti-Malware_is1 - c:\program files\Malwarebytes' Anti-Malware3\unins000.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-10-12 18:48 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(920) c:\windows\system32\Ati2evxx.dll c:\windows\system32\midimap.dll . - - - - - - - > 'explorer.exe'(2044) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2011-10-12 18:53:36 ComboFix-quarantined-files.txt 2011-10-12 23:53 ComboFix2.txt 2011-10-11 23:37 . Pre-Run: 112,747,286,528 bytes free Post-Run: 113,426,436,096 bytes free . - - End Of File - - 160E63DE9952133F8BDBC14D815EAABA
  7. neicey145
    Yes
  8. neicey145
    17:39:29.0953 0404 TDSS rootkit removing tool 2.6.8.0 Oct 12 2011 07:30:54 17:39:30.0296 0404 ============================================================ 17:39:30.0296 0404 Current date / time: 2011/10/12 17:39:30.0296 17:39:30.0296 0404 SystemInfo: 17:39:30.0296 0404 17:39:30.0296 0404 OS Version: 5.1.2600 ServicePack: 3.0 17:39:30.0296 0404 Product type: Workstation 17:39:30.0296 0404 ComputerName: NEICEY 17:39:30.0296 0404 UserName: HP_Administrator 17:39:30.0296 0404 Windows directory: C:\WINDOWS 17:39:30.0296 0404 System windows directory: C:\WINDOWS 17:39:30.0296 0404 Processor architecture: Intel x86 17:39:30.0296 0404 Number of processors: 1 17:39:30.0296 0404 Page size: 0x1000 17:39:30.0296 0404 Boot type: Safe boot with network 17:39:30.0296 0404 ============================================================ 17:39:32.0312 0404 Initialize success 17:39:36.0359 0248 ============================================================ 17:39:36.0359 0248 Scan started 17:39:36.0359 0248 Mode: Manual; 17:39:36.0359 0248 ============================================================ 17:39:38.0359 0248 Abiosdsk - ok 17:39:38.0453 0248 abp480n5 - ok 17:39:38.0640 0248 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 17:39:38.0703 0248 ACPI - ok 17:39:38.0921 0248 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 17:39:38.0921 0248 ACPIEC - ok 17:39:38.0984 0248 adpu160m - ok 17:39:39.0078 0248 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 17:39:39.0078 0248 aec - ok 17:39:39.0203 0248 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys 17:39:39.0218 0248 AFD - ok 17:39:39.0312 0248 AgereSoftModem (51a66c689ad9b9a953f75496209ae520) C:\WINDOWS\system32\DRIVERS\AGRSM.sys 17:39:39.0359 0248 AgereSoftModem - ok 17:39:39.0562 0248 Aha154x - ok 17:39:39.0734 0248 aic78u2 - ok 17:39:39.0796 0248 aic78xx - ok 17:39:39.0984 0248 ALCXWDM (7f26d024355cbadb60838f53dfb171ec) C:\WINDOWS\system32\drivers\ALCXWDM.SYS 17:39:40.0093 0248 ALCXWDM - ok 17:39:40.0187 0248 AliIde - ok 17:39:40.0312 0248 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys 17:39:40.0312 0248 AmdK8 - ok 17:39:40.0515 0248 amsint - ok 17:39:40.0765 0248 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys 17:39:40.0765 0248 aracpi - ok 17:39:40.0828 0248 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys 17:39:40.0828 0248 arhidfltr - ok 17:39:40.0937 0248 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys 17:39:40.0937 0248 arkbcfltr - ok 17:39:41.0062 0248 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys 17:39:41.0062 0248 armoucfltr - ok 17:39:41.0171 0248 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 17:39:41.0171 0248 Arp1394 - ok 17:39:41.0234 0248 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys 17:39:41.0234 0248 ARPolicy - ok 17:39:41.0312 0248 asc - ok 17:39:41.0468 0248 asc3350p - ok 17:39:41.0546 0248 asc3550 - ok 17:39:41.0796 0248 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 17:39:41.0796 0248 AsyncMac - ok 17:39:41.0953 0248 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 17:39:41.0953 0248 atapi - ok 17:39:42.0015 0248 Atdisk - ok 17:39:42.0140 0248 ati2mtag (7a6cf9f411a9c5bd5c442a1cd46af401) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 17:39:42.0171 0248 ati2mtag - ok 17:39:42.0343 0248 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 17:39:42.0359 0248 Atmarpc - ok 17:39:42.0531 0248 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 17:39:42.0531 0248 audstub - ok 17:39:42.0703 0248 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 17:39:42.0703 0248 AVGIDSDriver - ok 17:39:42.0828 0248 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys 17:39:42.0828 0248 AVGIDSEH - ok 17:39:42.0984 0248 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 17:39:43.0000 0248 AVGIDSFilter - ok 17:39:43.0078 0248 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 17:39:43.0078 0248 AVGIDSShim - ok 17:39:43.0265 0248 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys 17:39:43.0281 0248 Avgldx86 - ok 17:39:43.0343 0248 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 17:39:43.0343 0248 Avgmfx86 - ok 17:39:43.0531 0248 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys 17:39:43.0531 0248 Avgrkx86 - ok 17:39:43.0625 0248 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys 17:39:43.0625 0248 Avgtdix - ok 17:39:43.0734 0248 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 17:39:43.0734 0248 Beep - ok 17:39:43.0953 0248 BHDrvx86 (ad73b4cd214de82d003fdadbaeab6410) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110616.003\BHDrvx86.sys 17:39:44.0031 0248 BHDrvx86 - ok 17:39:44.0140 0248 catchme - ok 17:39:44.0328 0248 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 17:39:44.0328 0248 cbidf2k - ok 17:39:44.0406 0248 cd20xrnt - ok 17:39:44.0484 0248 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 17:39:44.0484 0248 Cdaudio - ok 17:39:44.0609 0248 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 17:39:44.0625 0248 Cdfs - ok 17:39:44.0781 0248 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys 17:39:44.0781 0248 Cdrom - ok 17:39:44.0953 0248 Changer - ok 17:39:45.0093 0248 CmdIde - ok 17:39:45.0312 0248 Cpqarray - ok 17:39:45.0390 0248 dac2w2k - ok 17:39:45.0468 0248 dac960nt - ok 17:39:45.0640 0248 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 17:39:45.0640 0248 Disk - ok 17:39:45.0953 0248 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 17:39:46.0046 0248 dmboot - ok 17:39:46.0281 0248 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 17:39:46.0281 0248 dmio - ok 17:39:46.0375 0248 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 17:39:46.0375 0248 dmload - ok 17:39:46.0578 0248 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 17:39:46.0578 0248 DMusic - ok 17:39:46.0734 0248 dpti2o - ok 17:39:46.0812 0248 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 17:39:46.0812 0248 drmkaud - ok 17:39:47.0046 0248 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 17:39:47.0062 0248 eeCtrl - ok 17:39:47.0359 0248 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 17:39:47.0375 0248 Fastfat - ok 17:39:47.0500 0248 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 17:39:47.0500 0248 Fdc - ok 17:39:47.0578 0248 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 17:39:47.0578 0248 Fips - ok 17:39:47.0687 0248 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 17:39:47.0703 0248 Flpydisk - ok 17:39:48.0015 0248 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 17:39:48.0046 0248 FltMgr - ok 17:39:48.0296 0248 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 17:39:48.0296 0248 Fs_Rec - ok 17:39:48.0375 0248 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 17:39:48.0406 0248 Ftdisk - ok 17:39:48.0546 0248 ftsata2 - ok 17:39:48.0796 0248 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 17:39:48.0796 0248 GEARAspiWDM - ok 17:39:48.0937 0248 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 17:39:48.0937 0248 Gpc - ok 17:39:49.0218 0248 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 17:39:49.0218 0248 HidUsb - ok 17:39:49.0375 0248 hpn - ok 17:39:49.0578 0248 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 17:39:49.0593 0248 HTTP - ok 17:39:49.0718 0248 i2omgmt - ok 17:39:49.0781 0248 i2omp - ok 17:39:49.0906 0248 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 17:39:49.0906 0248 i8042prt - ok 17:39:50.0046 0248 iaStor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\DRIVERS\iaStor.sys 17:39:50.0093 0248 iaStor - ok 17:39:50.0375 0248 IDSxpx86 (b9ba869eb7b66c5740e904a79f9245b4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110701.051\IDSxpx86.sys 17:39:50.0390 0248 IDSxpx86 - ok 17:39:50.0671 0248 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 17:39:50.0671 0248 Imapi - ok 17:39:50.0765 0248 ini910u - ok 17:39:50.0906 0248 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 17:39:50.0906 0248 IntelIde - ok 17:39:51.0156 0248 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 17:39:51.0156 0248 intelppm - ok 17:39:51.0250 0248 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 17:39:51.0250 0248 Ip6Fw - ok 17:39:51.0328 0248 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 17:39:51.0328 0248 IpFilterDriver - ok 17:39:51.0468 0248 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 17:39:51.0468 0248 IpInIp - ok 17:39:51.0718 0248 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 17:39:51.0718 0248 IpNat - ok 17:39:51.0859 0248 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 17:39:51.0859 0248 IPSec - ok 17:39:51.0984 0248 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 17:39:51.0984 0248 IRENUM - ok 17:39:52.0218 0248 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 17:39:52.0218 0248 isapnp - ok 17:39:52.0406 0248 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 17:39:52.0406 0248 Kbdclass - ok 17:39:52.0500 0248 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 17:39:52.0500 0248 kbdhid - ok 17:39:52.0750 0248 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 17:39:52.0828 0248 kmixer - ok 17:39:52.0953 0248 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 17:39:52.0953 0248 KSecDD - ok 17:39:53.0171 0248 lbrtfdc - ok 17:39:53.0500 0248 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys 17:39:53.0500 0248 MCSTRM - ok 17:39:53.0656 0248 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys 17:39:53.0656 0248 MHNDRV - ok 17:39:53.0734 0248 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 17:39:53.0734 0248 mnmdd - ok 17:39:53.0953 0248 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 17:39:53.0953 0248 Modem - ok 17:39:54.0031 0248 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 17:39:54.0031 0248 Mouclass - ok 17:39:54.0109 0248 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 17:39:54.0109 0248 MountMgr - ok 17:39:54.0187 0248 mraid35x - ok 17:39:54.0375 0248 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 17:39:54.0375 0248 MRxDAV - ok 17:39:54.0531 0248 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 17:39:54.0562 0248 MRxSmb - ok 17:39:54.0859 0248 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 17:39:54.0859 0248 Msfs - ok 17:39:54.0984 0248 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 17:39:54.0984 0248 MSKSSRV - ok 17:39:55.0093 0248 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 17:39:55.0093 0248 MSPCLOCK - ok 17:39:55.0281 0248 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 17:39:55.0281 0248 MSPQM - ok 17:39:55.0437 0248 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 17:39:55.0437 0248 mssmbios - ok 17:39:55.0593 0248 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 17:39:55.0593 0248 Mup - ok 17:39:55.0890 0248 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110702.002\NAVENG.SYS 17:39:55.0906 0248 NAVENG - ok 17:39:56.0046 0248 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110702.002\NAVEX15.SYS 17:39:56.0109 0248 NAVEX15 - ok 17:39:56.0328 0248 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 17:39:56.0343 0248 NDIS - ok 17:39:56.0453 0248 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 17:39:56.0453 0248 NdisTapi - ok 17:39:56.0531 0248 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 17:39:56.0531 0248 Ndisuio - ok 17:39:56.0687 0248 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 17:39:56.0703 0248 NdisWan - ok 17:39:56.0937 0248 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 17:39:56.0937 0248 NDProxy - ok 17:39:57.0062 0248 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 17:39:57.0062 0248 NetBIOS - ok 17:39:57.0171 0248 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 17:39:57.0171 0248 NetBT - ok 17:39:57.0468 0248 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 17:39:57.0500 0248 NIC1394 - ok 17:39:57.0687 0248 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 17:39:57.0687 0248 Npfs - ok 17:39:57.0765 0248 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 17:39:57.0796 0248 Ntfs - ok 17:39:58.0031 0248 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 17:39:58.0031 0248 Null - ok 17:39:58.0093 0248 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 17:39:58.0093 0248 NwlnkFlt - ok 17:39:58.0171 0248 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 17:39:58.0171 0248 NwlnkFwd - ok 17:39:58.0265 0248 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 17:39:58.0281 0248 ohci1394 - ok 17:39:58.0546 0248 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 17:39:58.0562 0248 Parport - ok 17:39:58.0625 0248 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 17:39:58.0625 0248 PartMgr - ok 17:39:58.0875 0248 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 17:39:58.0875 0248 ParVdm - ok 17:39:59.0062 0248 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 17:39:59.0062 0248 PCI - ok 17:39:59.0140 0248 PCIDump - ok 17:39:59.0218 0248 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 17:39:59.0218 0248 PCIIde - ok 17:39:59.0328 0248 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 17:39:59.0328 0248 Pcmcia - ok 17:39:59.0500 0248 PCTCore (167b2fea66dde6925766d1a81a1affc0) C:\WINDOWS\system32\drivers\PCTCore.sys 17:39:59.0515 0248 PCTCore - ok 17:39:59.0828 0248 PDCOMP - ok 17:39:59.0968 0248 PDFRAME - ok 17:40:00.0078 0248 PDRELI - ok 17:40:00.0156 0248 PDRFRAME - ok 17:40:00.0234 0248 perc2 - ok 17:40:00.0281 0248 perc2hib - ok 17:40:00.0484 0248 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 17:40:00.0484 0248 PptpMiniport - ok 17:40:00.0718 0248 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 17:40:00.0718 0248 Processor - ok 17:40:01.0031 0248 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys 17:40:01.0031 0248 Ps2 - ok 17:40:01.0234 0248 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 17:40:01.0250 0248 PSched - ok 17:40:01.0375 0248 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 17:40:01.0390 0248 Ptilink - ok 17:40:01.0468 0248 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 17:40:01.0468 0248 PxHelp20 - ok 17:40:01.0531 0248 ql1080 - ok 17:40:01.0593 0248 Ql10wnt - ok 17:40:01.0703 0248 ql12160 - ok 17:40:01.0765 0248 ql1240 - ok 17:40:01.0843 0248 ql1280 - ok 17:40:01.0906 0248 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 17:40:01.0906 0248 RasAcd - ok 17:40:02.0109 0248 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 17:40:02.0109 0248 Rasl2tp - ok 17:40:02.0281 0248 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 17:40:02.0296 0248 RasPppoe - ok 17:40:02.0406 0248 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 17:40:02.0406 0248 Raspti - ok 17:40:02.0546 0248 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 17:40:02.0562 0248 Rdbss - ok 17:40:02.0828 0248 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 17:40:02.0828 0248 RDPCDD - ok 17:40:02.0968 0248 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 17:40:02.0984 0248 rdpdr - ok 17:40:03.0109 0248 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 17:40:03.0109 0248 RDPWD - ok 17:40:03.0343 0248 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 17:40:03.0343 0248 redbook - ok 17:40:03.0546 0248 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys 17:40:03.0546 0248 RimUsb - ok 17:40:03.0843 0248 RTL8023xp (7889e3981e0a5d347e037abd467d53a5) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 17:40:03.0843 0248 RTL8023xp - ok 17:40:03.0906 0248 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 17:40:03.0921 0248 rtl8139 - ok 17:40:04.0265 0248 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 17:40:04.0265 0248 Secdrv - ok 17:40:04.0437 0248 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 17:40:04.0437 0248 Serial - ok 17:40:04.0750 0248 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 17:40:04.0750 0248 Sfloppy - ok 17:40:04.0937 0248 Simbad - ok 17:40:05.0078 0248 Sparrow - ok 17:40:05.0187 0248 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 17:40:05.0187 0248 splitter - ok 17:40:05.0437 0248 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 17:40:05.0437 0248 sr - ok 17:40:05.0671 0248 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS 17:40:05.0703 0248 SRTSP - ok 17:40:06.0062 0248 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS 17:40:06.0062 0248 SRTSPX - ok 17:40:06.0203 0248 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 17:40:06.0218 0248 Srv - ok 17:40:06.0453 0248 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys 17:40:06.0453 0248 sscdbus - ok 17:40:06.0546 0248 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys 17:40:06.0578 0248 sscdmdfl - ok 17:40:06.0703 0248 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys 17:40:06.0703 0248 sscdmdm - ok 17:40:06.0906 0248 sscdserd (9fa66e361a99f8920c7609bae6814a0e) C:\WINDOWS\system32\DRIVERS\sscdserd.sys 17:40:06.0906 0248 sscdserd - ok 17:40:07.0078 0248 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 17:40:07.0078 0248 swenum - ok 17:40:07.0265 0248 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 17:40:07.0265 0248 swmidi - ok 17:40:07.0390 0248 symc810 - ok 17:40:07.0468 0248 symc8xx - ok 17:40:07.0812 0248 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS 17:40:07.0843 0248 SymDS - ok 17:40:07.0968 0248 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS 17:40:08.0000 0248 SymEFA - ok 17:40:08.0140 0248 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 17:40:08.0140 0248 SymEvent - ok 17:40:08.0390 0248 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS 17:40:08.0406 0248 SymIRON - ok 17:40:08.0625 0248 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMTDI.SYS 17:40:08.0625 0248 SYMTDI - ok 17:40:08.0843 0248 sym_hi - ok 17:40:08.0906 0248 sym_u3 - ok 17:40:09.0031 0248 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 17:40:09.0031 0248 sysaudio - ok 17:40:09.0187 0248 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 17:40:09.0203 0248 Tcpip - ok 17:40:09.0421 0248 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 17:40:09.0421 0248 TDPIPE - ok 17:40:09.0531 0248 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 17:40:09.0531 0248 TDTCP - ok 17:40:09.0687 0248 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 17:40:09.0687 0248 TermDD - ok 17:40:09.0890 0248 TosIde - ok 17:40:10.0015 0248 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 17:40:10.0015 0248 Udfs - ok 17:40:10.0140 0248 ultra - ok 17:40:10.0359 0248 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 17:40:10.0375 0248 Update - ok 17:40:10.0593 0248 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys 17:40:10.0609 0248 USBAAPL - ok 17:40:10.0828 0248 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 17:40:10.0843 0248 usbccgp - ok 17:40:11.0031 0248 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 17:40:11.0031 0248 usbehci - ok 17:40:11.0250 0248 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 17:40:11.0250 0248 usbhub - ok 17:40:11.0328 0248 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 17:40:11.0328 0248 usbohci - ok 17:40:11.0453 0248 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 17:40:11.0453 0248 usbprint - ok 17:40:11.0640 0248 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 17:40:11.0640 0248 usbscan - ok 17:40:11.0796 0248 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 17:40:11.0796 0248 usbstor - ok 17:40:11.0875 0248 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 17:40:11.0875 0248 usbuhci - ok 17:40:12.0000 0248 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys 17:40:12.0000 0248 USB_RNDIS - ok 17:40:12.0078 0248 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 17:40:12.0078 0248 VgaSave - ok 17:40:12.0312 0248 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 17:40:12.0328 0248 ViaIde - ok 17:40:12.0390 0248 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 17:40:12.0390 0248 VolSnap - ok 17:40:12.0687 0248 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 17:40:12.0687 0248 Wanarp - ok 17:40:12.0734 0248 WDICA - ok 17:40:12.0812 0248 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 17:40:12.0828 0248 wdmaud - ok 17:40:13.0171 0248 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 17:40:13.0187 0248 WS2IFSL - ok 17:40:13.0328 0248 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 17:40:13.0328 0248 WudfPf - ok 17:40:13.0578 0248 MBR (0x1B8) (d11c727e03bb7318dcda069b06e652f0) \Device\Harddisk0\DR0 17:40:13.0609 0248 \Device\Harddisk0\DR0 - ok 17:40:13.0640 0248 Boot (0x1200) (da8777a31c786b5bc3c6eb87232c7933) \Device\Harddisk0\DR0\Partition0 17:40:13.0640 0248 \Device\Harddisk0\DR0\Partition0 - ok 17:40:13.0656 0248 Boot (0x1200) (a4035f831e5990842970d183a9bc8356) \Device\Harddisk0\DR0\Partition1 17:40:13.0656 0248 \Device\Harddisk0\DR0\Partition1 - ok 17:40:13.0656 0248 ============================================================ 17:40:13.0656 0248 Scan finished 17:40:13.0656 0248 ============================================================ 17:40:13.0703 1780 Detected object count: 0 17:40:13.0703 1780 Actual detected object count: 0
  9. neicey145
    I just tried to connect to the internet while starting Windows normally, and I still can't. Also, I noticed 695.exe and 46752.exe has started showing up in my task manager. I thought TDDS was going to kill it but it didn't.
  10. neicey145
    12:33:34.0312 2912 TDSS rootkit removing tool 2.6.8.0 Oct 12 2011 07:30:54 12:33:36.0000 2912 ============================================================ 12:33:36.0000 2912 Current date / time: 2011/10/12 12:33:36.0000 12:33:36.0000 2912 SystemInfo: 12:33:36.0000 2912 12:33:36.0000 2912 OS Version: 5.1.2600 ServicePack: 3.0 12:33:36.0000 2912 Product type: Workstation 12:33:36.0000 2912 ComputerName: NEICEY 12:33:36.0000 2912 UserName: HP_Administrator 12:33:36.0000 2912 Windows directory: C:\WINDOWS 12:33:36.0000 2912 System windows directory: C:\WINDOWS 12:33:36.0000 2912 Processor architecture: Intel x86 12:33:36.0000 2912 Number of processors: 1 12:33:36.0000 2912 Page size: 0x1000 12:33:36.0000 2912 Boot type: Safe boot with network 12:33:36.0000 2912 ============================================================ 12:33:40.0468 2912 Initialize success 12:33:47.0750 0420 ============================================================ 12:33:47.0750 0420 Scan started 12:33:47.0750 0420 Mode: Manual; 12:33:47.0750 0420 ============================================================ 12:33:52.0734 0420 Abiosdsk - ok 12:33:52.0828 0420 abp480n5 - ok 12:33:53.0031 0420 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 12:33:53.0046 0420 ACPI - ok 12:33:53.0281 0420 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 12:33:53.0281 0420 ACPIEC - ok 12:33:53.0390 0420 adpu160m - ok 12:33:53.0546 0420 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 12:33:53.0562 0420 aec - ok 12:33:53.0781 0420 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys 12:33:53.0781 0420 AFD - ok 12:33:53.0984 0420 AgereSoftModem (51a66c689ad9b9a953f75496209ae520) C:\WINDOWS\system32\DRIVERS\AGRSM.sys 12:33:54.0093 0420 AgereSoftModem - ok 12:33:54.0187 0420 Aha154x - ok 12:33:54.0281 0420 aic78u2 - ok 12:33:54.0375 0420 aic78xx - ok 12:33:54.0640 0420 ALCXWDM (7f26d024355cbadb60838f53dfb171ec) C:\WINDOWS\system32\drivers\ALCXWDM.SYS 12:33:54.0750 0420 ALCXWDM - ok 12:33:54.0843 0420 AliIde - ok 12:33:55.0078 0420 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys 12:33:55.0078 0420 AmdK8 - ok 12:33:55.0187 0420 amsint - ok 12:33:55.0421 0420 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys 12:33:55.0421 0420 aracpi - ok 12:33:55.0500 0420 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys 12:33:55.0500 0420 arhidfltr - ok 12:33:55.0578 0420 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys 12:33:55.0578 0420 arkbcfltr - ok 12:33:55.0656 0420 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys 12:33:55.0656 0420 armoucfltr - ok 12:33:55.0765 0420 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 12:33:55.0781 0420 Arp1394 - ok 12:33:55.0984 0420 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys 12:33:55.0984 0420 ARPolicy - ok 12:33:56.0078 0420 asc - ok 12:33:56.0187 0420 asc3350p - ok 12:33:56.0250 0420 asc3550 - ok 12:33:56.0531 0420 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 12:33:56.0531 0420 AsyncMac - ok 12:33:56.0625 0420 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 12:33:56.0625 0420 atapi - ok 12:33:56.0703 0420 Atdisk - ok 12:33:56.0859 0420 ati2mtag (7a6cf9f411a9c5bd5c442a1cd46af401) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 12:33:56.0984 0420 ati2mtag - ok 12:33:57.0296 0420 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 12:33:57.0296 0420 Atmarpc - ok 12:33:57.0453 0420 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 12:33:57.0453 0420 audstub - ok 12:33:57.0703 0420 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 12:33:57.0718 0420 AVGIDSDriver - ok 12:33:57.0843 0420 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys 12:33:57.0843 0420 AVGIDSEH - ok 12:33:58.0031 0420 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 12:33:58.0031 0420 AVGIDSFilter - ok 12:33:58.0265 0420 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 12:33:58.0265 0420 AVGIDSShim - ok 12:33:58.0437 0420 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys 12:33:58.0453 0420 Avgldx86 - ok 12:33:58.0578 0420 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 12:33:58.0578 0420 Avgmfx86 - ok 12:33:58.0765 0420 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys 12:33:58.0765 0420 Avgrkx86 - ok 12:33:58.0953 0420 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys 12:33:59.0015 0420 Avgtdix - ok 12:33:59.0187 0420 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 12:33:59.0187 0420 Beep - ok 12:33:59.0406 0420 BHDrvx86 (ad73b4cd214de82d003fdadbaeab6410) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110616.003\BHDrvx86.sys 12:33:59.0546 0420 BHDrvx86 - ok 12:33:59.0640 0420 catchme - ok 12:33:59.0828 0420 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 12:33:59.0828 0420 cbidf2k - ok 12:33:59.0968 0420 cd20xrnt - ok 12:34:00.0046 0420 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 12:34:00.0046 0420 Cdaudio - ok 12:34:00.0171 0420 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 12:34:00.0171 0420 Cdfs - ok 12:34:00.0343 0420 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys 12:34:00.0343 0420 Cdrom - ok 12:34:00.0484 0420 Changer - ok 12:34:00.0687 0420 CmdIde - ok 12:34:00.0843 0420 Cpqarray - ok 12:34:00.0953 0420 dac2w2k - ok 12:34:01.0031 0420 dac960nt - ok 12:34:01.0250 0420 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 12:34:01.0250 0420 Disk - ok 12:34:01.0515 0420 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 12:34:01.0609 0420 dmboot - ok 12:34:01.0734 0420 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 12:34:01.0750 0420 dmio - ok 12:34:01.0859 0420 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 12:34:01.0859 0420 dmload - ok 12:34:02.0000 0420 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 12:34:02.0000 0420 DMusic - ok 12:34:02.0187 0420 dpti2o - ok 12:34:02.0375 0420 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 12:34:02.0375 0420 drmkaud - ok 12:34:02.0625 0420 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 12:34:02.0656 0420 eeCtrl - ok 12:34:02.0953 0420 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 12:34:02.0968 0420 Fastfat - ok 12:34:03.0109 0420 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 12:34:03.0140 0420 Fdc - ok 12:34:03.0218 0420 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 12:34:03.0234 0420 Fips - ok 12:34:03.0265 0420 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 12:34:03.0281 0420 Flpydisk - ok 12:34:03.0406 0420 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 12:34:03.0406 0420 FltMgr - ok 12:34:03.0656 0420 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 12:34:03.0656 0420 Fs_Rec - ok 12:34:03.0734 0420 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 12:34:03.0734 0420 Ftdisk - ok 12:34:03.0796 0420 ftsata2 - ok 12:34:04.0109 0420 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 12:34:04.0140 0420 GEARAspiWDM - ok 12:34:04.0359 0420 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 12:34:04.0359 0420 Gpc - ok 12:34:04.0656 0420 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 12:34:04.0656 0420 HidUsb - ok 12:34:04.0828 0420 hpn - ok 12:34:05.0031 0420 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 12:34:05.0046 0420 HTTP - ok 12:34:05.0218 0420 i2omgmt - ok 12:34:05.0281 0420 i2omp - ok 12:34:05.0406 0420 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 12:34:05.0406 0420 i8042prt - ok 12:34:05.0562 0420 iaStor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\DRIVERS\iaStor.sys 12:34:05.0609 0420 iaStor - ok 12:34:05.0906 0420 IDSxpx86 (b9ba869eb7b66c5740e904a79f9245b4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110701.051\IDSxpx86.sys 12:34:05.0953 0420 IDSxpx86 - ok 12:34:06.0234 0420 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 12:34:06.0234 0420 Imapi - ok 12:34:06.0328 0420 ini910u - ok 12:34:06.0421 0420 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 12:34:06.0421 0420 IntelIde - ok 12:34:06.0671 0420 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 12:34:06.0703 0420 intelppm - ok 12:34:06.0796 0420 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 12:34:06.0796 0420 Ip6Fw - ok 12:34:06.0875 0420 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 12:34:06.0890 0420 IpFilterDriver - ok 12:34:07.0031 0420 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 12:34:07.0031 0420 IpInIp - ok 12:34:07.0296 0420 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 12:34:07.0312 0420 IpNat - ok 12:34:07.0500 0420 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 12:34:07.0500 0420 IPSec - ok 12:34:07.0718 0420 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 12:34:07.0718 0420 IRENUM - ok 12:34:07.0812 0420 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 12:34:07.0812 0420 isapnp - ok 12:34:08.0062 0420 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 12:34:08.0062 0420 Kbdclass - ok 12:34:08.0281 0420 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 12:34:08.0281 0420 kbdhid - ok 12:34:08.0375 0420 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 12:34:08.0375 0420 kmixer - ok 12:34:08.0562 0420 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 12:34:08.0562 0420 KSecDD - ok 12:34:08.0750 0420 lbrtfdc - ok 12:34:09.0046 0420 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys 12:34:09.0046 0420 MCSTRM - ok 12:34:09.0265 0420 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys 12:34:09.0265 0420 MHNDRV - ok 12:34:09.0437 0420 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 12:34:09.0437 0420 mnmdd - ok 12:34:09.0578 0420 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 12:34:09.0578 0420 Modem - ok 12:34:09.0796 0420 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 12:34:09.0796 0420 Mouclass - ok 12:34:09.0875 0420 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 12:34:09.0875 0420 MountMgr - ok 12:34:10.0140 0420 mraid35x - ok 12:34:10.0234 0420 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 12:34:10.0234 0420 MRxDAV - ok 12:34:10.0453 0420 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 12:34:10.0468 0420 MRxSmb - ok 12:34:10.0578 0420 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 12:34:10.0578 0420 Msfs - ok 12:34:10.0687 0420 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 12:34:10.0687 0420 MSKSSRV - ok 12:34:10.0812 0420 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 12:34:10.0812 0420 MSPCLOCK - ok 12:34:11.0015 0420 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 12:34:11.0015 0420 MSPQM - ok 12:34:11.0171 0420 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 12:34:11.0171 0420 mssmbios - ok 12:34:11.0406 0420 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 12:34:11.0406 0420 Mup - ok 12:34:11.0687 0420 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110702.002\NAVENG.SYS 12:34:11.0687 0420 NAVENG - ok 12:34:11.0843 0420 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110702.002\NAVEX15.SYS 12:34:11.0875 0420 NAVEX15 - ok 12:34:12.0187 0420 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 12:34:12.0187 0420 NDIS - ok 12:34:12.0296 0420 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12:34:12.0296 0420 NdisTapi - ok 12:34:12.0375 0420 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 12:34:12.0375 0420 Ndisuio - ok 12:34:12.0546 0420 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 12:34:12.0546 0420 NdisWan - ok 12:34:12.0671 0420 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 12:34:12.0671 0420 NDProxy - ok 12:34:12.0796 0420 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 12:34:12.0796 0420 NetBIOS - ok 12:34:13.0046 0420 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 12:34:13.0062 0420 NetBT - ok 12:34:13.0265 0420 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 12:34:13.0265 0420 NIC1394 - ok 12:34:13.0500 0420 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 12:34:13.0500 0420 Npfs - ok 12:34:13.0578 0420 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 12:34:13.0593 0420 Ntfs - ok 12:34:13.0687 0420 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 12:34:13.0687 0420 Null - ok 12:34:13.0765 0420 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 12:34:13.0765 0420 NwlnkFlt - ok 12:34:14.0015 0420 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 12:34:14.0015 0420 NwlnkFwd - ok 12:34:14.0265 0420 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 12:34:14.0281 0420 ohci1394 - ok 12:34:14.0406 0420 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 12:34:14.0406 0420 Parport - ok 12:34:14.0640 0420 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 12:34:14.0640 0420 PartMgr - ok 12:34:14.0734 0420 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 12:34:14.0734 0420 ParVdm - ok 12:34:14.0828 0420 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 12:34:14.0843 0420 PCI - ok 12:34:15.0093 0420 PCIDump - ok 12:34:15.0203 0420 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 12:34:15.0203 0420 PCIIde - ok 12:34:15.0296 0420 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 12:34:15.0296 0420 Pcmcia - ok 12:34:15.0406 0420 PCTCore (167b2fea66dde6925766d1a81a1affc0) C:\WINDOWS\system32\drivers\PCTCore.sys 12:34:15.0406 0420 PCTCore - ok 12:34:15.0593 0420 PDCOMP - ok 12:34:15.0687 0420 PDFRAME - ok 12:34:15.0796 0420 PDRELI - ok 12:34:15.0875 0420 PDRFRAME - ok 12:34:15.0984 0420 perc2 - ok 12:34:16.0046 0420 perc2hib - ok 12:34:16.0343 0420 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 12:34:16.0343 0420 PptpMiniport - ok 12:34:16.0500 0420 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 12:34:16.0500 0420 Processor - ok 12:34:16.0671 0420 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys 12:34:16.0671 0420 Ps2 - ok 12:34:16.0906 0420 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 12:34:16.0906 0420 PSched - ok 12:34:17.0015 0420 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 12:34:17.0015 0420 Ptilink - ok 12:34:17.0078 0420 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 12:34:17.0078 0420 PxHelp20 - ok 12:34:17.0187 0420 ql1080 - ok 12:34:17.0265 0420 Ql10wnt - ok 12:34:17.0328 0420 ql12160 - ok 12:34:17.0406 0420 ql1240 - ok 12:34:17.0468 0420 ql1280 - ok 12:34:17.0531 0420 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 12:34:17.0546 0420 RasAcd - ok 12:34:17.0609 0420 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 12:34:17.0625 0420 Rasl2tp - ok 12:34:17.0859 0420 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 12:34:17.0859 0420 RasPppoe - ok 12:34:18.0187 0420 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 12:34:18.0187 0420 Raspti - ok 12:34:18.0421 0420 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 12:34:18.0437 0420 Rdbss - ok 12:34:18.0500 0420 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 12:34:18.0500 0420 RDPCDD - ok 12:34:18.0687 0420 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 12:34:18.0703 0420 rdpdr - ok 12:34:18.0875 0420 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 12:34:18.0921 0420 RDPWD - ok 12:34:19.0140 0420 redbook (be1c31454204e0f004e1ee8e82d6bb9f) C:\WINDOWS\system32\DRIVERS\redbook.sys 12:34:19.0140 0420 redbook ( Rootkit.Win32.ZAccess.j ) - infected 12:34:19.0140 0420 redbook - detected Rootkit.Win32.ZAccess.j (0) 12:34:19.0359 0420 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys 12:34:19.0359 0420 RimUsb - ok 12:34:19.0625 0420 RTL8023xp (7889e3981e0a5d347e037abd467d53a5) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 12:34:19.0625 0420 RTL8023xp - ok 12:34:19.0734 0420 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 12:34:19.0750 0420 rtl8139 - ok 12:34:20.0093 0420 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 12:34:20.0125 0420 Secdrv - ok 12:34:20.0328 0420 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 12:34:20.0343 0420 Serial - ok 12:34:20.0546 0420 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 12:34:20.0562 0420 Sfloppy - ok 12:34:20.0750 0420 Simbad - ok 12:34:20.0875 0420 Sparrow - ok 12:34:21.0046 0420 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 12:34:21.0046 0420 splitter - ok 12:34:21.0218 0420 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 12:34:21.0234 0420 sr - ok 12:34:21.0531 0420 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS 12:34:21.0562 0420 SRTSP - ok 12:34:21.0718 0420 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS 12:34:21.0718 0420 SRTSPX - ok 12:34:22.0000 0420 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 12:34:22.0015 0420 Srv - ok 12:34:22.0250 0420 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys 12:34:22.0250 0420 sscdbus - ok 12:34:22.0406 0420 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys 12:34:22.0406 0420 sscdmdfl - ok 12:34:22.0484 0420 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys 12:34:22.0484 0420 sscdmdm - ok 12:34:22.0578 0420 sscdserd (9fa66e361a99f8920c7609bae6814a0e) C:\WINDOWS\system32\DRIVERS\sscdserd.sys 12:34:22.0578 0420 sscdserd - ok 12:34:22.0843 0420 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 12:34:22.0843 0420 swenum - ok 12:34:22.0937 0420 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 12:34:22.0953 0420 swmidi - ok 12:34:23.0078 0420 symc810 - ok 12:34:23.0187 0420 symc8xx - ok 12:34:23.0390 0420 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS 12:34:23.0406 0420 SymDS - ok 12:34:23.0625 0420 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS 12:34:23.0656 0420 SymEFA - ok 12:34:23.0843 0420 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 12:34:23.0843 0420 SymEvent - ok 12:34:24.0140 0420 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS 12:34:24.0156 0420 SymIRON - ok 12:34:24.0296 0420 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMTDI.SYS 12:34:24.0312 0420 SYMTDI - ok 12:34:24.0531 0420 sym_hi - ok 12:34:24.0609 0420 sym_u3 - ok 12:34:24.0734 0420 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 12:34:24.0734 0420 sysaudio - ok 12:34:25.0015 0420 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 12:34:25.0031 0420 Tcpip - ok 12:34:25.0250 0420 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 12:34:25.0250 0420 TDPIPE - ok 12:34:25.0343 0420 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 12:34:25.0343 0420 TDTCP - ok 12:34:25.0500 0420 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 12:34:25.0500 0420 TermDD - ok 12:34:25.0625 0420 TosIde - ok 12:34:25.0843 0420 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 12:34:25.0843 0420 Udfs - ok 12:34:26.0171 0420 ultra - ok 12:34:26.0375 0420 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 12:34:26.0390 0420 Update - ok 12:34:26.0687 0420 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys 12:34:26.0687 0420 USBAAPL - ok 12:34:26.0828 0420 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 12:34:26.0843 0420 usbccgp - ok 12:34:27.0031 0420 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 12:34:27.0031 0420 usbehci - ok 12:34:27.0312 0420 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 12:34:27.0312 0420 usbhub - ok 12:34:27.0437 0420 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 12:34:27.0437 0420 usbohci - ok 12:34:27.0578 0420 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 12:34:27.0578 0420 usbprint - ok 12:34:27.0640 0420 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 12:34:27.0656 0420 usbscan - ok 12:34:27.0765 0420 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 12:34:27.0765 0420 usbstor - ok 12:34:27.0921 0420 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 12:34:27.0921 0420 usbuhci - ok 12:34:28.0015 0420 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys 12:34:28.0015 0420 USB_RNDIS - ok 12:34:28.0078 0420 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 12:34:28.0078 0420 VgaSave - ok 12:34:28.0250 0420 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 12:34:28.0250 0420 ViaIde - ok 12:34:28.0359 0420 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 12:34:28.0359 0420 VolSnap - ok 12:34:28.0656 0420 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 12:34:28.0656 0420 Wanarp - ok 12:34:28.0781 0420 WDICA - ok 12:34:28.0859 0420 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 12:34:28.0859 0420 wdmaud - ok 12:34:29.0265 0420 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 12:34:29.0265 0420 WS2IFSL - ok 12:34:29.0500 0420 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 12:34:29.0500 0420 WudfPf - ok 12:34:29.0734 0420 MBR (0x1B8) (2adb60a78d6aefd3efeae86ca9cb5e30) \Device\Harddisk0\DR0 12:34:29.0734 0420 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected 12:34:29.0734 0420 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0) 12:34:29.0750 0420 Boot (0x1200) (da8777a31c786b5bc3c6eb87232c7933) \Device\Harddisk0\DR0\Partition0 12:34:29.0750 0420 \Device\Harddisk0\DR0\Partition0 - ok 12:34:29.0812 0420 Boot (0x1200) (a4035f831e5990842970d183a9bc8356) \Device\Harddisk0\DR0\Partition1 12:34:29.0812 0420 \Device\Harddisk0\DR0\Partition1 - ok 12:34:29.0828 0420 ============================================================ 12:34:29.0828 0420 Scan finished 12:34:29.0828 0420 ============================================================ 12:34:29.0875 2964 Detected object count: 2 12:34:29.0875 2964 Actual detected object count: 2 12:34:49.0437 2964 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\redbook.sys) error 1813 12:34:58.0375 2964 Backup copy found, using it.. 12:34:58.0421 2964 C:\WINDOWS\system32\DRIVERS\redbook.sys - will be cured on reboot 12:34:58.0421 2964 redbook ( Rootkit.Win32.ZAccess.j ) - User select action: Cure 12:34:58.0500 2964 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot 12:34:58.0500 2964 \Device\Harddisk0\DR0 - ok 12:34:58.0500 2964 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
  11. neicey145
    I had to restart my computer in safe mode because I wasn't able to connect to the internet in normal mode. ComboFix 11-10-11.05 - HP_Administrator 10/11/2011 17:49:26.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.453 [GMT -5:00] Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Norton 360 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator\WINDOWS c:\documents and settings\All Users\Application Data\nD17714JfDeH17714 c:\documents and settings\All Users\Application Data\nD17714JfDeH17714\nD17714JfDeH17714.exe c:\documents and settings\All Users\Application Data\Tarma Installer c:\documents and settings\All Users\Application Data\Tarma Installer\{8912A802-1DD4-41F3-8450-B3209081BDB9}\_Setup.dll c:\documents and settings\All Users\Application Data\Tarma Installer\{8912A802-1DD4-41F3-8450-B3209081BDB9}\_Setupx.dll c:\documents and settings\All Users\Application Data\Tarma Installer\{8912A802-1DD4-41F3-8450-B3209081BDB9}\Setup.dat c:\documents and settings\All Users\Application Data\Tarma Installer\{8912A802-1DD4-41F3-8450-B3209081BDB9}\Setup.exe c:\documents and settings\All Users\Application Data\Tarma Installer\{8912A802-1DD4-41F3-8450-B3209081BDB9}\Setup.ico c:\documents and settings\Default User\WINDOWS c:\documents and settings\HP_Administrator\Application Data\.# c:\documents and settings\HP_Administrator\Application Data\020000009c83d6e3548C.manifest c:\documents and settings\HP_Administrator\Application Data\020000009c83d6e3548O.manifest c:\documents and settings\HP_Administrator\Application Data\020000009c83d6e3548P.manifest c:\documents and settings\HP_Administrator\Application Data\020000009c83d6e3548S.manifest c:\documents and settings\HP_Administrator\Application Data\conhost.exe c:\documents and settings\HP_Administrator\Application Data\Remote c:\documents and settings\HP_Administrator\Application Data\Remote\czn3_shrd c:\documents and settings\HP_Administrator\Application Data\Syag c:\documents and settings\HP_Administrator\Application Data\Syag\pyofl.tmp c:\documents and settings\HP_Administrator\Application Data\Syag\pyofl.yzg c:\documents and settings\HP_Administrator\Favorites\Games.url c:\documents and settings\HP_Administrator\WINDOWS c:\documents and settings\NetworkService\Application Data\Remote c:\documents and settings\NetworkService\Application Data\Remote\czn3.dll c:\documents and settings\NetworkService\Application Data\Remote\czn3_shrd c:\documents and settings\NetworkService\Application Data\Remote\mnj.dat c:\documents and settings\NetworkService\Application Data\Remote\nopp c:\documents and settings\NetworkService\Local Settings\Application Data\Microsoft\nvvsvc.exe c:\program files\Common Files\Real\WeatherBug\MiniBugTransporter.dll c:\program files\Internet Explorer\lvvm.exe c:\windows\$NtUninstallKB43151$\4155285724\@ c:\windows\$NtUninstallKB43151$\4155285724\bckfg.tmp c:\windows\$NtUninstallKB43151$\4155285724\cfg.ini c:\windows\$NtUninstallKB43151$\4155285724\Desktop.ini c:\windows\$NtUninstallKB43151$\4155285724\keywords c:\windows\$NtUninstallKB43151$\4155285724\kwrd.dll c:\windows\$NtUninstallKB43151$\4155285724\L\aqaeidou c:\windows\$NtUninstallKB43151$\4155285724\lsflt7.ver c:\windows\$NtUninstallKB43151$\4155285724\U\00000001.@ c:\windows\$NtUninstallKB43151$\4155285724\U\00000002.@ c:\windows\$NtUninstallKB43151$\4155285724\U\80000000.@ c:\windows\$NtUninstallKB43151$\4155285724\U\80000032.@ c:\windows\$NtUninstallKB43151$\417697343 c:\windows\3701517559 c:\windows\Downloaded Program Files\popcaploader.dll c:\windows\Downloaded Program Files\popcaploader.inf c:\windows\GnuHashes.ini c:\windows\HPCPCUninstaller-6.3.2.116-9972322.exe c:\windows\kb913800.exe c:\windows\system32\config\systemprofile\WINDOWS c:\windows\system32\d3d9caps.dat c:\windows\system32\GroupPolicy000.dat c:\windows\system32\info.txt c:\windows\system32\ps2.bat C:\xcrashdump.dat D:\Autorun.inf c:\windows\$NtUninstallKB43151$ . . . . Failed to delete . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_f7aca0dc . . ((((((((((((((((((((((((( Files Created from 2011-09-11 to 2011-10-11 ))))))))))))))))))))))))))))))) . . 2011-10-11 22:01 . 2011-10-11 22:01 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Threat Expert 2011-10-11 21:39 . 2011-10-11 21:39 174592 ----a-w- c:\program files\Internet Explorer\52C0\695.exe 2011-10-11 21:35 . 2011-10-11 21:57 -------- d-----w- c:\program files\9EA86 2011-10-11 21:35 . 2011-10-11 21:38 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\03F9E 2011-10-10 03:37 . 2011-10-10 03:37 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE 2011-10-10 03:37 . 2011-10-10 03:37 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo! 2011-10-10 03:36 . 2011-10-10 03:36 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo! 2011-10-10 03:36 . 2011-10-10 03:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2011-10-07 10:00 . 2011-07-08 12:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-10-07 10:00 . 2011-07-08 12:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-07 08:59 . 2009-10-08 16:31 767952 ----a-w- c:\windows\BDTSupport.dll 2011-10-07 08:59 . 2010-01-21 23:21 165840 ----a-w- c:\windows\PCTBDRes.dll 2011-10-07 08:59 . 2010-01-21 23:21 149456 ----a-w- c:\windows\SGDetectionTool.dll 2011-10-07 08:59 . 2009-10-08 16:31 1636304 ----a-w- c:\windows\PCTBDCore.dll 2011-10-07 08:58 . 2009-09-24 13:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2011-10-07 08:57 . 2009-10-06 21:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2011-10-07 08:57 . 2009-09-23 21:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2011-10-07 08:57 . 2009-09-03 14:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2011-10-07 08:57 . 2011-10-07 09:09 -------- d-----w- c:\program files\Spyware Doctor2 2011-10-07 08:57 . 2011-10-07 09:00 -------- d-----w- c:\program files\Common Files\PC Tools 2011-10-07 08:57 . 2011-10-07 08:57 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\PC Tools 2011-10-07 08:57 . 2011-10-07 08:57 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2011-10-07 08:49 . 2011-10-07 08:49 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes 2011-10-07 08:49 . 2011-10-07 08:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-10-07 04:17 . 2011-10-07 04:17 -------- d-----w- C:\!KillBox 2011-10-06 03:34 . 2011-10-06 04:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-10-06 02:57 . 2011-10-06 03:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2011-10-06 02:57 . 2011-10-06 02:57 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-10-06 02:45 . 2011-10-06 02:52 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Sammsoft 2011-10-05 00:06 . 2011-10-05 00:06 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2011-10-04 23:55 . 2011-10-04 23:55 1324 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\d3d9caps.tmp 2011-10-04 20:05 . 2011-10-04 20:05 -------- d-----w- c:\windows\system32\wbem\Repository 2011-09-19 17:16 . 2011-09-19 17:16 -------- d-----w- c:\program files\iPod 2011-09-19 17:15 . 2011-09-19 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2011-09-19 17:10 . 2011-09-19 17:10 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll 2011-09-19 17:10 . 2011-09-19 17:10 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll 2011-09-19 17:10 . 2011-09-19 17:10 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll 2011-09-19 17:10 . 2011-09-19 17:10 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll 2011-09-19 17:10 . 2011-09-19 17:10 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll 2011-09-19 17:10 . 2011-09-19 17:10 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll 2011-09-19 17:10 . 2011-09-19 17:10 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll 2011-09-19 17:02 . 2011-09-19 17:02 -------- d-----w- c:\program files\Bonjour . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-25 20:03 . 2011-08-03 05:12 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-08-02 22:28 . 2010-10-04 13:09 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL 2011-08-02 22:28 . 2010-10-04 13:09 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2011-07-15 13:29 . 2004-08-10 04:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2007-08-29 00:44 . 2007-08-29 00:44 774144 ----a-w- c:\program files\RngInterstitial.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-03-07 180269] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888] "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184] "HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856] "DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112] "Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544] "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656] "695.exe"="c:\program files\Internet Explorer\52C0\695.exe" [2011-10-11 174592] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584] . c:\documents and settings\Administrator\Start Menu\Programs\Startup\ apnae.exe [2011-10-9 204288] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624] . [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon] "Shell"="explorer.exe,c:\documents and settings\HP_Administrator\Application Data\03F9E\46752.exe" . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2005-06-07 05:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-01-26 20:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\DISC\\DISCover.exe"= "c:\\Program Files\\DISC\\DiscStreamHub.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"= "c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2/22/2011 8:13 AM 22992] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [3/16/2011 4:03 PM 32592] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [10/7/2011 3:57 AM 207280] R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SymDS.sys [8/2/2011 5:27 PM 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SymEFA.sys [8/2/2011 5:27 PM 744568] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 6:41 AM 248656] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [4/5/2011 12:59 AM 297168] R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110616.003\BHDrvx86.sys [6/16/2011 7:52 PM 810616] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.sys [8/2/2011 5:27 PM 136312] R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor2\BDT\BDTUpdateService.exe [10/7/2011 3:59 AM 112592] S2 N360;Norton 360;c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [8/2/2011 5:27 PM 130008] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [4/14/2011 9:28 PM 134480] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2/10/2011 7:53 AM 24144] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2/10/2011 7:53 AM 27216] S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110701.051\IDSXpx86.sys [7/1/2011 10:27 PM 355256] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor2\pctsAuxs.exe [10/7/2011 3:57 AM 358600] S4 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [8/18/2011 1:33 AM 7390560] S4 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll . Contents of the 'Scheduled Tasks' folder . 2011-10-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 18:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.msn.com uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop uInternet Settings,ProxyServer = http=127.0.0.1:57273 IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105 IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm Trusted Zone: att.net Trusted Zone: sbcglobal.net Trusted Zone: yahoo.com\clientapps Trusted Zone: trymedia.com TCP: DhcpNameServer = 192.168.1.254 DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://games.king.com/ctl/kingcomie.cab . - - - - ORPHANS REMOVED - - - - . HKLM-Run-BJCFD - c:\program files\BroadJump\Client Foundation\CFD.exe MSConfigStartUp-SpySweeper - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe HKLM_ActiveSetup-{4E40A127-E65C-49C4-BF2E-F061941A6AD3} - c:\documents and settings\NetworkService\Application Data\Remote\czn3.dll AddRemove-Hardwood Solitaire III Lite - c:\docume~1\HP_ADM~1\LOCALS~1\Temp\sce__0\ -Uninstall AddRemove-{8912A802-1DD4-41F3-8450-B3209081BDB9} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{8912A~1\Setup.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-10-11 18:19 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: Maxtor_6L200M0 rev.BACE1G10 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 . device: opened successfully user: MBR read successfully error: Read A device attached to the system is not functioning. kernel: MBR read successfully detected disk devices: detected hooks: \Driver\atapi DriverStartIo -> 0x85AD031B user & kernel MBR OK . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(908) c:\windows\system32\WININET.dll c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'lsass.exe'(976) c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(216) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\AVG\AVG10\avgchsvx.exe c:\program files\AVG\AVG10\avgrsx.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\netdde.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\arservice.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\ehome\mcrdsvc.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\wscntfy.exe c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe c:\program files\iPod\bin\iPodService.exe c:\program files\9EA86\lvvm.exe c:\hp\KBD\KBD.EXE . ************************************************************************** . Completion time: 2011-10-11 18:37:40 - machine was rebooted ComboFix-quarantined-files.txt 2011-10-11 23:37 . Pre-Run: 113,184,559,104 bytes free Post-Run: 113,404,157,952 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect . - - End Of File - - 71C72905FBBCDDB57394092C51139AA7
  12. neicey145
    After I ran the combo fix and copied the log, my computer became unresponsive. Will I be able to retrieve the log again if I restart the computer?
  13. neicey145
    I would like to try to clean it please. Thank you for taking time out to help me.
  14. neicey145
    I have been trying to remove this virus for 3 days now. Any help would be appreciated. I can't end the 3701517559:139681571.exe in the task manager. I wasn't able to run Malwarebytes' Anti-Malware or GMER. I now get an error message when trying to run Malwarebytes' Anti-Malware, and nothing happens when I try to run GMER. Is there anyone able to help me remove this virus? . DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK Internet Explorer: 8.0.6001.18702 Run by HP_Administrator at 6:10:01 on 2011-10-07 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.636 [GMT -5:00] . AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Norton 360 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton 360 *Disabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe svchost.exe svchost.exe C:\WINDOWS\3701517559:139681571.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\explorer.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.msn.com uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop uDefault_Page_URL = hxxp://www.msn.com uWindow Title = Internet Explorer, optimized for Bing and MSN mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop uInternet Settings,ProxyOverride = 127.0.0.1;*.local mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor2\bdt\PCTBrowserDefender.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\webhelper.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn5\YTSingleInstance.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor2\bdt\PCTBrowserDefender.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [iSUSPM Startup] "c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe" -startup mRun: [HPHUPD08] "c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe" mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run mRun: [DMAScheduler] "c:\program files\sonic\digitalmedia plus\digitalmedia archive\DMAScheduler.exe" mRun: [bJCFD] "c:\program files\broadjump\client foundation\CFD.exe" mRun: [bing Bar] "c:\program files\msn toolbar\platform\5.0.1449.0\mswinext.exe" mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t dRun: [CLCKR] "c:\documents and settings\networkservice\local settings\application data\microsoft\nvvsvc.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe IE: &Search - ?p=ZJxdm128LCUS IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105 IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll LSP: mswsock.dll Trusted Zone: att.net Trusted Zone: sbcglobal.net Trusted Zone: yahoo.com\clientapps Trusted Zone: trymedia.com DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} - hxxp://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.87.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://games.king.com/ctl/kingcomie.cab DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} - hxxp://zone.msn.com/bingame/pppp/default/PiratePoppers.1.0.0.39.cab DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab DPF: {64D01C7F-810D-446E-A07E-16C764235644} - hxxp://zone.msn.com/bingame/amad/default/atomaders.cab DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab DPF: {775879E2-7309-4619-BB02-AADE41F4B690} - hxxp://games.bigfishgames.com/en_dream-chronicles/online/dreamweb.1.0.0.9.cab DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/chnz/default/mjolauncher.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {8C63DABA-CBA8-4B5D-A0F7-AE00F2920929} - hxxp://cdn2.zone.msn.com/Bingame/BRDG/dataFiles/heartbeat.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} - hxxp://zone.msn.com/bingame/zpagames/zpa_hrtz.cab58570.cab DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - hxxp://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} - hxxp://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{400D5EEB-F2D4-4AED-AFF0-A1807BD5FB0C} : DhcpNameServer = 68.113.206.10 66.169.221.10 TCP: Interfaces\{6E345638-24B7-40D4-8C15-A9C742ADF41C} : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243 TCP: Interfaces\{93B47AC3-6CC7-4D87-925F-DCEA4F33E764} : DhcpNameServer = 68.113.206.10 66.169.221.10 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592] R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\SymDS.sys [2011-8-2 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\SymEFA.sys [2011-8-2 744568] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168] S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-10-7 207280] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656] S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896] S1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20110616.003\BHDrvx86.sys [2011-6-16 810616] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\Ironx86.sys [2011-8-2 136312] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560] S2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520] S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor2\bdt\BDTUpdateService.exe [2011-10-7 112592] S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] S2 N360;Norton 360;c:\program files\norton 360\engine\5.1.0.29\ccSvcHst.exe [2011-8-2 130008] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216] S3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20110701.051\IDSXpx86.sys [2011-7-1 355256] S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20110702.002\NAVENG.SYS [2011-7-2 86008] S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20110702.002\NAVEX15.SYS [2011-7-2 1542392] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor2\pctsAuxs.exe [2011-10-7 358600] S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor2\pctsSvc.exe [2011-10-7 1141200] . =============== Created Last 30 ================ . 2011-10-07 10:00:31 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-10-07 10:00:27 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-07 10:00:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware3 2011-10-07 08:59:55 767952 ----a-w- c:\windows\BDTSupport.dll 2011-10-07 08:59:54 165840 ----a-w- c:\windows\PCTBDRes.dll 2011-10-07 08:59:54 1636304 ----a-w- c:\windows\PCTBDCore.dll 2011-10-07 08:59:54 149456 ----a-w- c:\windows\SGDetectionTool.dll 2011-10-07 08:58:00 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2011-10-07 08:57:55 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2011-10-07 08:57:55 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2011-10-07 08:57:51 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2011-10-07 08:57:44 -------- d-----w- c:\program files\Spyware Doctor2 2011-10-07 08:57:44 -------- d-----w- c:\program files\common files\PC Tools 2011-10-07 08:57:44 -------- d-----w- c:\documents and settings\hp_administrator\application data\PC Tools 2011-10-07 08:57:44 -------- d-----w- c:\documents and settings\all users\application data\PC Tools 2011-10-07 08:49:54 -------- d-----w- c:\documents and settings\hp_administrator\application data\Malwarebytes 2011-10-07 08:49:37 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2011-10-07 08:49:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2 2011-10-07 04:17:07 -------- d-----w- C:\!KillBox 2011-10-06 03:34:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-10-06 02:57:25 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-10-06 02:57:25 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy 2011-10-06 02:45:21 -------- d-----w- c:\documents and settings\hp_administrator\application data\Sammsoft 2011-10-04 20:05:40 -------- d-----w- c:\windows\system32\wbem\repository\FS 2011-10-04 20:05:40 -------- d-----w- c:\windows\system32\wbem\Repository 2011-09-19 17:16:06 -------- d-----w- c:\program files\iPod 2011-09-19 17:15:38 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2011-09-19 17:10:32 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll 2011-09-19 17:10:32 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll 2011-09-19 17:10:32 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2011-09-19 17:10:32 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2011-09-19 17:10:32 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2011-09-19 17:10:32 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2011-09-19 17:10:32 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll 2011-09-19 17:02:06 -------- d-----w- c:\program files\Bonjour . ==================== Find3M ==================== . 2011-08-25 20:03:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-08-02 22:28:54 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL 2011-08-02 22:28:54 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-12 16:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe 2011-07-12 16:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll 2011-07-12 16:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll 2007-08-29 00:44:06 774144 ----a-w- c:\program files\RngInterstitial.dll . ============= FINISH: 6:10:24.68 =============== dds.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.