Jump to content

Recommended Posts

Would gladly purchase MalwareBytes, but have a feeling it wouldn't be wise wile infected.

XP SP3 with all current updates

Malwarebytes Free with all current definitions.

Norton Internet Security with all current definitions

Apparently picked up the Mevio malware yesterday. Ran Malwarebytes free, and no longer have the problem of IE constantly spawning, but still get re-directs to STOPzilla when Googling for Mevio removal topics.

First run of Malwarebytes Quarantine shows it removed Trojan.SHarpro.PGen and Trojan.BHO yesterday. Are these associated with the re-direct? Ran a couple more times with reboots, and MB said no problems. If, however, I ran Firefox and Googled Mevio Malware, the redirect would re-appear.

Can Malwarebytes completely remove this?

Is it currently safe to enter userid / passwords?

What do I neeed to do to be certain the box is entirely clean?

thanks, david

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Run by HP_Owner at 17:39:32 on 2011-12-17

.

============== Running Processes ===============

.

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\PrintKey2000\Printkey2000.exe

C:\Program Files\Secunia\PSI\psi_tray.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\ISS\Proventia Desktop\blackd.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

c:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE

C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe

C:\Program Files\ISS\Proventia Desktop\RapApp.exe

C:\Program Files\Secunia\PSI\PSIA.exe

C:\Program Files\ISS\Proventia Desktop\vpatch.exe

C:\Program Files\Windows Media Player\WMPNetwk.exe

C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\AGRSMMSG.exe

c:\windows\system\hpsysdrv.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\HP_Owner\Desktop\dds.scr

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uWindow Title = Road Runner High Speed Online

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.6.0.29\ips\IPSBHO.DLL

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll

TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [TClockEx] c:\program files\tclockex\TCLOCKEX.EXE

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [NortonUtilities] c:\program files\norton utilities 14\nu.exe /H

uRunOnce: [<NO NAME>] c:\program files\mozilla firefox\firefox.exe http://www.symantec.com/techsupp/servlet/ProductMessages?module=2009&error=0&language=en&product=SymNRT&version=2009.0.0.41&build=Symantec&a=00000082.00000015.00000022&b=00000082.00000049.000000b9&c=00000082.00000096.000001da

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [hpqSRMon]

mRun: [bCWipeTM Startup] "c:\program files\jetico\bcwipe\BCWipeTM.exe" startup

mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Google Updater] "c:\program files\google\google updater\GoogleUpdater.exe" -check_deprecation

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000

IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

Trusted Zone: intuit.com\ttlc

Trusted Zone: turbotax.com

DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://activation.rr.com/install/downloads/tgctlcm.cab

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128288075375

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: Interfaces\{2D7C9587-95BB-466F-8D5E-D6F47CEB9B04} : DhcpNameServer = 208.67.222.222 208.67.220.220

Notify: PCANotify - PCANotify.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: NG-ATTDIALER - c:\windows\inf\NG-ATTDL.exe /S

mASetup: NG-DomesticDial - c:\windows\inf\NG-DDial.exe /S

Hosts: 68.126.51.217 cpssa_net

Hosts: 159.201.112.11 sds2

Hosts: 159.201.112.111 air2000-1 #coc1

Hosts: 159.201.112.112 air2000-2 #coc2

Hosts: 159.201.112.113 air2000-3 #saboc1

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\hp_owner\application data\mozilla\firefox\profiles\9vssxe7w.default\

FF - prefs.js: browser.search.selectedEngine - My Web Search

FF - prefs.js: browser.startup.homepage - www.cnn.com

FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZLxdm111YYUS&ptb=Qp6g.iBOv19qy0yFy7ryWw&psa=&ind=2010101718&ptnrS=ZLxdm111YYUS&si=2496&st=kwd&n=77cfb7d6&searchfor=

FF - prefs.js: network.proxy.ftp - iwebredca.ms.northgrum.com

FF - prefs.js: network.proxy.ftp_port - 80

FF - prefs.js: network.proxy.gopher - centralproxy.northgrum.com

FF - prefs.js: network.proxy.http - westproxy.northgrum.com

FF - prefs.js: network.proxy.http_port - 80

FF - prefs.js: network.proxy.socks - iwebredca.ms.northgrum.com

FF - prefs.js: network.proxy.ssl - westproxy.northgrum.com

FF - prefs.js: network.proxy.ssl_port - 80

FF - prefs.js: network.proxy.type - 0

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\coffplgn_2011_7_3_6\components\coFFPlgn.dll

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\ipsffplgn\components\IPSFFPl.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\octoshape streaming services\hp_owner\octoprogram-l03-nms0805299_sua_000\npoctoshape.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: XUL Cache: {1525527c-7e9c-44ab-93a0-4def202179c9} - %profile%\extensions\{1525527c-7e9c-44ab-93a0-4def202179c9}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\IPSFFPlgn

FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\coFFPlgn_2011_7_3_6

.

============= SERVICES / DRIVERS ===============

.

R? awhost32;pcAnywhere Host Service

R? BCSWAP;BCSWAP

R? gupdate;Google Update Service (gupdate)

R? gupdatem;Google Update Service (gupdatem)

R? MBAMSwissArmy;MBAMSwissArmy

R? Secunia Update Agent;Secunia Update Agent

R? ssadbus;SAMSUNG Android USB Composite Device driver (WDM)

R? ssadmdfl;SAMSUNG Android USB Modem (Filter)

R? ssadmdm;SAMSUNG Android USB Modem Drivers

R? Symantec Core LC;Symantec Core LC

R? vsdatant;vsdatant

S? AW_HOST;AW_HOST

S? awlegacy;awlegacy

S? BHDrvx86;BHDrvx86

S? black;black

S? BlackICE;BlackICE

S? EraserUtilRebootDrv;EraserUtilRebootDrv

S? IDSxpx86;IDSxpx86

S? MakoNT;MakoNT

S? NAVENG;NAVENG

S? NAVEX15;NAVEX15

S? NIS;Norton Internet Security

S? PSI;PSI

S? rap;rap

S? Secunia PSI Agent;Secunia PSI Agent

S? SymDS;Symantec Data Store

S? SymEFA;Symantec Extended File Attributes

S? SymIRON;Symantec Iron Driver

S? VPatch;ISS Buffer Overflow Exploit Prevention

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-13 01:57:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec

2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll

2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

.

============= FINISH: 17:40:53.57 ===============

attach.zip

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Link to post
Share on other sites

Updated Mbam and reran. Logs show no problems. However, when I open Firefox, and Google bad things still happen. The Google results look good. Hovering the mouse over them appears to show they are ok (the link shown in the Status bar at the bottom of the browser matches that shown in the results). But, if one does a Right-click and Copy link, then pastes to a text file, a different story emerges. The expected link has now morphed to a mis-direct. See samples below, created by Copy link 3 separate times on the same purported link to Malwarebytes forums.

http://onemoretime.me/?id=oRcC4vsEok0t3C-xYZSCGYHmQNSfE0LwlHu_nL-Zh_6zELgFEt3d18gRz1OMkjsSNH62vmyDCqfE&rf=http%3A%2F%2Farcresearch.com%2Fsearch%3Fq%3Dmevio%2Bmalware

http://near-stage.com/c.php?s=eNodkNtu4jAYhB8IibV_O7F90YsUGmghoeUUyM3K5xIODWeC_PCbrkaakT6N5mKqgDlENFAUk5BVySN_rpuAuggw_w0KARDGGH4dMYSDKpYgC-5VkZ4NpE359fISsNEGYRZLxZ0UCkeaA5WRsDqOiIvlXyeIFYJRhBBoKcGBxQwsZxETLjI2sICDzX_yRr-NfJMkSd67Ncvrrrwmg8yraTxKvti4f4nOp1HzujzOVkT4g2H-jxvnC9zvZbt-x1UdjdIyjdysI2flfH68ltthPV9JczjN0WZ_cCLrXVYCNdNhOvGpKyYDtaiv-v2rmRzeR6jHbvfP-9TP_Gaf9_rP5W1wHm8VGlfHU7UztoLBtv7enutsd2pu8_rt6a8P3ujhdk8E_Rk8-slQZZ9-uKk5LHx7jeBdTEUXI9EFykMATLqY0RbiFgbUkiCLaK8Af2vwV0U-DmPIz7LIT_reDqD_CiSsVx-V3i-fZZE267a5BnEJDJTUhFJtlNaMOQbCMk3BEKesMzg4ximPpXOGMkuMhfZ7JyIMVklOgP4DTP6ifA&rf=http%3A%2F%2Farcresearch.com%2Fsearch%3Fq%3Dmevio%2Bmalware

http://nodelinks.eu/?id=psalb4rHM5f9JPYp23AGkKcU2rDMRP56tbVbyQealr-4gNmt_BUS0U6hSSoIbP0A0hBbjL2G99-V&rf=http%3A%2F%2Farcresearch.com%2Fsearch%3Fq%3Dmevio%2Bmalware

A key concern, of course, is this now a redirect issue only, or should I continue to refrain from entering any personal data on the box?

thaknks,

david

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8403

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

12/20/2011 7:54:30 AM

mbam-log-2011-12-20 (07-54-30).txt

Scan type: Quick scan

Objects scanned: 195584

Time elapsed: 12 minute(s), 35 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

post-103149-0-16030100-1324398447.jpg

Link to post
Share on other sites

Nothing is asking me to enter personal data. But out of an abundance of caution I'm not currently doing any home banking etc. Mbam hasn't found anything, but I'm still getting redirects, so I'm unsure of the true state of the box. I'm hoping you can help solve this and give me a clean bill of health.

BTW, is it possible to purchase Mbam from a different machine and then copy it over? I obviously don't want to enter a credit card number as things currently stand.

Link to post
Share on other sites

Lets try to clean this one first.

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • It doesn't take long to run, once it is finished move onto the next step

Next:

Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Link to post
Share on other sites

GooredFix by jpshortstuff (03.07.10.1)

Log created at 09:44 on 20/12/2011 (HP_Owner)

Firefox version 3.6.24 (en-US)

========== GooredScan ==========

Deleting "C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\9vssxe7w.default\extensions\{1525527c-7e9c-44ab-93a0-4def202179c9}" -> Success!

Removing Orphan:

"{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}"="C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\" -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd} [20:37 20/03/2009]

{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [19:52 23/12/2010]

C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\9vssxe7w.default\extensions\

{20a82645-c095-46ed-80e3-08825760534b} [04:14 10/06/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2" [04:42 26/09/2008]

"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [14:46 08/08/2009]

"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\" [13:17 04/11/2010]

"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_4_3" [17:41 20/12/2011]

"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [19:51 23/12/2010]

-=E.O.F=-

09:45:10.0421 1608 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31

09:45:10.0515 1608 ============================================================

09:45:10.0515 1608 Current date / time: 2011/12/20 09:45:10.0515

09:45:10.0515 1608 SystemInfo:

09:45:10.0515 1608

09:45:10.0515 1608 OS Version: 5.1.2600 ServicePack: 3.0

09:45:10.0515 1608 Product type: Workstation

09:45:10.0515 1608 ComputerName: DAVID

09:45:10.0515 1608 UserName: HP_Owner

09:45:10.0515 1608 Windows directory: C:\WINDOWS

09:45:10.0515 1608 System windows directory: C:\WINDOWS

09:45:10.0515 1608 Processor architecture: Intel x86

09:45:10.0515 1608 Number of processors: 2

09:45:10.0515 1608 Page size: 0x1000

09:45:10.0515 1608 Boot type: Normal boot

09:45:10.0515 1608 ============================================================

09:45:13.0578 1608 Initialize success

09:45:52.0812 3840 ============================================================

09:45:52.0812 3840 Scan started

09:45:52.0812 3840 Mode: Manual; SigCheck; TDLFS;

09:45:52.0812 3840 ============================================================

09:45:53.0234 3840 Abiosdsk - ok

09:45:53.0250 3840 abp480n5 - ok

09:45:53.0312 3840 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

09:45:55.0343 3840 ACPI - ok

09:45:55.0500 3840 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

09:45:55.0640 3840 ACPIEC - ok

09:45:55.0656 3840 adpu160m - ok

09:45:55.0687 3840 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

09:45:55.0796 3840 aec - ok

09:45:55.0828 3840 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

09:45:55.0890 3840 AFD - ok

09:45:55.0953 3840 AgereSoftModem (593aefc67283d409f34cc1245d00a509) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

09:45:56.0078 3840 AgereSoftModem - ok

09:45:56.0109 3840 agnwifi (685443afa5d1a94c5f47e4846b0e4c3d) C:\WINDOWS\system32\DRIVERS\agnwifi.sys

09:45:56.0125 3840 agnwifi ( UnsignedFile.Multi.Generic ) - warning

09:45:56.0125 3840 agnwifi - detected UnsignedFile.Multi.Generic (1)

09:45:56.0125 3840 Aha154x - ok

09:45:56.0140 3840 aic78u2 - ok

09:45:56.0171 3840 aic78xx - ok

09:45:56.0250 3840 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

09:45:56.0421 3840 ALCXWDM - ok

09:45:56.0453 3840 AliIde - ok

09:45:56.0484 3840 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

09:45:56.0515 3840 AmdK8 - ok

09:45:56.0531 3840 amsint - ok

09:45:56.0578 3840 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

09:45:56.0671 3840 Arp1394 - ok

09:45:56.0687 3840 asc - ok

09:45:56.0703 3840 asc3350p - ok

09:45:56.0703 3840 asc3550 - ok

09:45:56.0750 3840 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

09:45:56.0843 3840 AsyncMac - ok

09:45:56.0921 3840 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

09:45:57.0046 3840 atapi - ok

09:45:57.0218 3840 Atdisk - ok

09:45:57.0296 3840 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

09:45:57.0406 3840 Atmarpc - ok

09:45:57.0546 3840 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

09:45:57.0640 3840 audstub - ok

09:45:57.0671 3840 awecho (7305e36433ae7ce4a878ccc900bcf2a8) C:\WINDOWS\system32\drivers\awechomd.sys

09:45:57.0703 3840 awecho ( UnsignedFile.Multi.Generic ) - warning

09:45:57.0703 3840 awecho - detected UnsignedFile.Multi.Generic (1)

09:45:57.0718 3840 awlegacy (1464f3daf223e7a204baf1b556ee7769) C:\WINDOWS\System32\Drivers\awlegacy.sys

09:45:57.0734 3840 awlegacy ( UnsignedFile.Multi.Generic ) - warning

09:45:57.0734 3840 awlegacy - detected UnsignedFile.Multi.Generic (1)

09:45:57.0765 3840 AW_HOST (71c32536b50136e9e439306a2e9296e2) C:\WINDOWS\system32\drivers\aw_host5.sys

09:45:57.0781 3840 AW_HOST ( UnsignedFile.Multi.Generic ) - warning

09:45:57.0781 3840 AW_HOST - detected UnsignedFile.Multi.Generic (1)

09:45:57.0812 3840 BCSWAP (8acd4a0e6ce972882ee6db31c83cad4c) C:\WINDOWS\system32\drivers\BCSWAP.sys

09:45:57.0843 3840 BCSWAP - ok

09:45:57.0875 3840 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

09:45:57.0984 3840 Beep - ok

09:45:58.0171 3840 BHDrvx86 (9d14d76e4e7b9b2ead17149011db2b11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111210.003\BHDrvx86.sys

09:45:58.0203 3840 BHDrvx86 - ok

09:45:58.0343 3840 black (f0582c9b498d94427b64526a6d44a9c8) C:\WINDOWS\system32\drivers\BlackCat.sys

09:45:58.0359 3840 black ( UnsignedFile.Multi.Generic ) - warning

09:45:58.0359 3840 black - detected UnsignedFile.Multi.Generic (1)

09:45:58.0453 3840 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

09:45:58.0546 3840 cbidf2k - ok

09:45:58.0562 3840 cd20xrnt - ok

09:45:58.0593 3840 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

09:45:58.0687 3840 Cdaudio - ok

09:45:58.0734 3840 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

09:45:58.0812 3840 Cdfs - ok

09:45:58.0859 3840 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

09:45:58.0906 3840 Cdrom - ok

09:45:58.0921 3840 Changer - ok

09:45:58.0937 3840 CmdIde - ok

09:45:58.0968 3840 Cpqarray - ok

09:45:59.0000 3840 CVirtA (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys

09:45:59.0046 3840 CVirtA - ok

09:45:59.0093 3840 CVPNDRVA (aeaccdec355b5e7611120c6c10b51f82) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys

09:45:59.0109 3840 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning

09:45:59.0109 3840 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)

09:45:59.0125 3840 dac2w2k - ok

09:45:59.0140 3840 dac960nt - ok

09:45:59.0187 3840 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

09:45:59.0296 3840 Disk - ok

09:45:59.0343 3840 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

09:45:59.0468 3840 dmboot - ok

09:45:59.0500 3840 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

09:45:59.0593 3840 dmio - ok

09:45:59.0625 3840 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

09:45:59.0718 3840 dmload - ok

09:45:59.0750 3840 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

09:45:59.0843 3840 DMusic - ok

09:45:59.0875 3840 DNE (e471c1722f3a9e86d691a3e738318b6b) C:\WINDOWS\system32\DRIVERS\dne2000.sys

09:45:59.0921 3840 DNE - ok

09:45:59.0937 3840 dpti2o - ok

09:45:59.0984 3840 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

09:46:00.0062 3840 drmkaud - ok

09:46:00.0171 3840 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

09:46:00.0203 3840 eeCtrl - ok

09:46:00.0250 3840 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

09:46:00.0250 3840 EraserUtilRebootDrv - ok

09:46:00.0375 3840 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

09:46:00.0484 3840 Fastfat - ok

09:46:00.0531 3840 fasttx2k (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys

09:46:00.0578 3840 fasttx2k - ok

09:46:00.0609 3840 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

09:46:00.0703 3840 Fdc - ok

09:46:00.0734 3840 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

09:46:00.0859 3840 Fips - ok

09:46:00.0890 3840 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

09:46:00.0984 3840 Flpydisk - ok

09:46:01.0015 3840 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

09:46:01.0125 3840 FltMgr - ok

09:46:01.0156 3840 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

09:46:01.0250 3840 Fs_Rec - ok

09:46:01.0281 3840 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

09:46:01.0375 3840 Ftdisk - ok

09:46:01.0406 3840 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

09:46:01.0421 3840 GEARAspiWDM - ok

09:46:01.0453 3840 Gernuwa (fd25177ced6751c14de170d8282ced90) C:\WINDOWS\system32\drivers\Gernuwa.sys

09:46:01.0468 3840 Gernuwa ( UnsignedFile.Multi.Generic ) - warning

09:46:01.0468 3840 Gernuwa - detected UnsignedFile.Multi.Generic (1)

09:46:01.0500 3840 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

09:46:01.0593 3840 Gpc - ok

09:46:01.0640 3840 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

09:46:01.0734 3840 HDAudBus - ok

09:46:01.0765 3840 hpn - ok

09:46:01.0828 3840 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

09:46:02.0000 3840 HPZid412 - ok

09:46:02.0093 3840 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

09:46:02.0125 3840 HPZipr12 - ok

09:46:02.0156 3840 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

09:46:02.0187 3840 HPZius12 - ok

09:46:02.0234 3840 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

09:46:02.0265 3840 HTTP - ok

09:46:02.0281 3840 i2omgmt - ok

09:46:02.0296 3840 i2omp - ok

09:46:02.0328 3840 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

09:46:02.0421 3840 i8042prt - ok

09:46:02.0671 3840 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111219.001\IDSxpx86.sys

09:46:02.0687 3840 IDSxpx86 - ok

09:46:02.0812 3840 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

09:46:02.0906 3840 Imapi - ok

09:46:02.0937 3840 ini910u - ok

09:46:03.0078 3840 IntcAzAudAddService (b76d32231f56bb3df236bf25f49106ae) C:\WINDOWS\system32\drivers\RtkHDAud.sys

09:46:03.0296 3840 IntcAzAudAddService - ok

09:46:03.0328 3840 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

09:46:03.0421 3840 IntelIde - ok

09:46:03.0468 3840 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

09:46:03.0546 3840 intelppm - ok

09:46:03.0593 3840 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

09:46:03.0687 3840 Ip6Fw - ok

09:46:03.0718 3840 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

09:46:03.0828 3840 IpFilterDriver - ok

09:46:03.0890 3840 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

09:46:03.0984 3840 IpInIp - ok

09:46:04.0031 3840 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

09:46:04.0125 3840 IpNat - ok

09:46:04.0156 3840 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

09:46:04.0250 3840 IPSec - ok

09:46:04.0312 3840 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

09:46:04.0390 3840 IRENUM - ok

09:46:04.0453 3840 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

09:46:04.0546 3840 isapnp - ok

09:46:04.0609 3840 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

09:46:04.0703 3840 Kbdclass - ok

09:46:04.0765 3840 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

09:46:04.0875 3840 kmixer - ok

09:46:04.0906 3840 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

09:46:04.0953 3840 KSecDD - ok

09:46:04.0984 3840 lbrtfdc - ok

09:46:05.0031 3840 MakoNT (b9697bd2a14efa580263543e3fddff53) C:\WINDOWS\system32\drivers\MakoNT.sys

09:46:05.0046 3840 MakoNT ( UnsignedFile.Multi.Generic ) - warning

09:46:05.0046 3840 MakoNT - detected UnsignedFile.Multi.Generic (1)

09:46:05.0093 3840 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

09:46:05.0203 3840 mnmdd - ok

09:46:05.0234 3840 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

09:46:05.0328 3840 Modem - ok

09:46:05.0359 3840 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

09:46:05.0453 3840 Mouclass - ok

09:46:05.0531 3840 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

09:46:05.0625 3840 MountMgr - ok

09:46:05.0640 3840 mraid35x - ok

09:46:05.0656 3840 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

09:46:05.0750 3840 MRxDAV - ok

09:46:05.0796 3840 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

09:46:05.0890 3840 MRxSmb - ok

09:46:06.0046 3840 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

09:46:06.0140 3840 Msfs - ok

09:46:06.0156 3840 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

09:46:06.0234 3840 MSKSSRV - ok

09:46:06.0265 3840 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

09:46:06.0343 3840 MSPCLOCK - ok

09:46:06.0359 3840 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

09:46:06.0453 3840 MSPQM - ok

09:46:06.0500 3840 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

09:46:06.0578 3840 mssmbios - ok

09:46:06.0625 3840 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

09:46:06.0656 3840 Mup - ok

09:46:06.0812 3840 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111219.035\NAVENG.SYS

09:46:06.0812 3840 NAVENG - ok

09:46:06.0906 3840 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111219.035\NAVEX15.SYS

09:46:06.0953 3840 NAVEX15 - ok

09:46:07.0093 3840 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

09:46:07.0187 3840 NDIS - ok

09:46:07.0328 3840 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

09:46:07.0828 3840 NdisTapi - ok

09:46:07.0843 3840 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

09:46:07.0937 3840 Ndisuio - ok

09:46:07.0968 3840 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

09:46:08.0046 3840 NdisWan - ok

09:46:08.0109 3840 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

09:46:08.0156 3840 NDProxy - ok

09:46:08.0203 3840 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

09:46:08.0296 3840 NetBIOS - ok

09:46:08.0328 3840 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

09:46:08.0421 3840 NetBT - ok

09:46:08.0468 3840 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

09:46:08.0562 3840 NIC1394 - ok

09:46:08.0609 3840 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

09:46:08.0703 3840 Npfs - ok

09:46:08.0765 3840 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

09:46:08.0875 3840 Ntfs - ok

09:46:08.0921 3840 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

09:46:09.0015 3840 Null - ok

09:46:09.0218 3840 nv (c190757a29a9bc0199032f353dd2557a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

09:46:09.0593 3840 nv - ok

09:46:09.0640 3840 NVENETFD (0258d664f93b4b01ddd621b8c084f322) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

09:46:09.0671 3840 NVENETFD - ok

09:46:09.0734 3840 nvnetbus (56ec9207906435ef1bf02f5c68e3ffec) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

09:46:09.0781 3840 nvnetbus - ok

09:46:09.0828 3840 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

09:46:09.0937 3840 NwlnkFlt - ok

09:46:09.0984 3840 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

09:46:10.0078 3840 NwlnkFwd - ok

09:46:10.0140 3840 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

09:46:10.0234 3840 ohci1394 - ok

09:46:10.0281 3840 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

09:46:10.0375 3840 Parport - ok

09:46:10.0406 3840 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

09:46:10.0500 3840 PartMgr - ok

09:46:10.0531 3840 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

09:46:10.0625 3840 ParVdm - ok

09:46:10.0671 3840 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

09:46:10.0765 3840 PCI - ok

09:46:10.0765 3840 PCIDump - ok

09:46:10.0812 3840 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

09:46:10.0906 3840 PCIIde - ok

09:46:10.0937 3840 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

09:46:11.0031 3840 Pcmcia - ok

09:46:11.0046 3840 PDCOMP - ok

09:46:11.0062 3840 PDFRAME - ok

09:46:11.0078 3840 PDRELI - ok

09:46:11.0093 3840 PDRFRAME - ok

09:46:11.0109 3840 perc2 - ok

09:46:11.0125 3840 perc2hib - ok

09:46:11.0187 3840 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

09:46:11.0281 3840 PptpMiniport - ok

09:46:11.0328 3840 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

09:46:11.0421 3840 Processor - ok

09:46:11.0468 3840 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys

09:46:11.0484 3840 Ps2 - ok

09:46:11.0515 3840 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

09:46:11.0625 3840 PSched - ok

09:46:11.0656 3840 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys

09:46:11.0671 3840 PSI - ok

09:46:11.0703 3840 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

09:46:11.0796 3840 Ptilink - ok

09:46:11.0828 3840 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys

09:46:11.0843 3840 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning

09:46:11.0843 3840 PxHelp20 - detected UnsignedFile.Multi.Generic (1)

09:46:11.0859 3840 ql1080 - ok

09:46:11.0875 3840 Ql10wnt - ok

09:46:11.0890 3840 ql12160 - ok

09:46:11.0906 3840 ql1240 - ok

09:46:11.0921 3840 ql1280 - ok

09:46:11.0968 3840 rap (701aafe6a05ef90db2841e446941139c) C:\WINDOWS\system32\drivers\RapDrv.sys

09:46:11.0984 3840 rap ( UnsignedFile.Multi.Generic ) - warning

09:46:11.0984 3840 rap - detected UnsignedFile.Multi.Generic (1)

09:46:12.0015 3840 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

09:46:12.0109 3840 RasAcd - ok

09:46:12.0140 3840 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

09:46:12.0218 3840 Rasl2tp - ok

09:46:12.0250 3840 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

09:46:12.0343 3840 RasPppoe - ok

09:46:12.0359 3840 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

09:46:12.0453 3840 Raspti - ok

09:46:12.0484 3840 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

09:46:12.0578 3840 Rdbss - ok

09:46:12.0609 3840 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

09:46:12.0703 3840 RDPCDD - ok

09:46:12.0750 3840 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

09:46:12.0796 3840 RDPWD - ok

09:46:12.0859 3840 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

09:46:12.0937 3840 redbook - ok

09:46:13.0000 3840 RTL8023xp (1a2a445e8968b2019e75e08f3a1344fc) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys

09:46:13.0062 3840 RTL8023xp - ok

09:46:13.0078 3840 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

09:46:13.0171 3840 rtl8139 - ok

09:46:13.0218 3840 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

09:46:13.0296 3840 Secdrv - ok

09:46:13.0359 3840 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

09:46:13.0453 3840 Serial - ok

09:46:13.0562 3840 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

09:46:13.0656 3840 Sfloppy - ok

09:46:13.0687 3840 Simbad - ok

09:46:13.0703 3840 Sparrow - ok

09:46:13.0734 3840 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

09:46:13.0828 3840 splitter - ok

09:46:13.0875 3840 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

09:46:13.0968 3840 sr - ok

09:46:14.0046 3840 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SRTSP.SYS

09:46:14.0062 3840 SRTSP - ok

09:46:14.0093 3840 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSPX.SYS

09:46:14.0109 3840 SRTSPX - ok

09:46:14.0156 3840 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

09:46:14.0203 3840 Srv - ok

09:46:14.0234 3840 ssadbus (6d83ff6722baf7e82a4521dbec363e5a) C:\WINDOWS\system32\DRIVERS\ssadbus.sys

09:46:14.0250 3840 ssadbus - ok

09:46:14.0281 3840 ssadmdfl (5ae42e90f99749e0e35b9989a2d0275c) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys

09:46:14.0296 3840 ssadmdfl - ok

09:46:14.0328 3840 ssadmdm (9285d8aba50a4d6482b1574448f9eb76) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys

09:46:14.0328 3840 ssadmdm - ok

09:46:14.0375 3840 sscdbus (069351a1d7d291013177a90ae6edccbc) C:\WINDOWS\system32\DRIVERS\sscdbus.sys

09:46:14.0390 3840 sscdbus - ok

09:46:14.0468 3840 sscdmdfl (1c925be223a5c0f9f469252292a48df6) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys

09:46:14.0500 3840 sscdmdfl - ok

09:46:14.0531 3840 sscdmdm (ae3e77ae0fbdb07eb1ac3fed74a0695e) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys

09:46:14.0546 3840 sscdmdm - ok

09:46:14.0593 3840 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

09:46:14.0687 3840 swenum - ok

09:46:14.0718 3840 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

09:46:14.0812 3840 swmidi - ok

09:46:14.0875 3840 symc810 - ok

09:46:14.0890 3840 symc8xx - ok

09:46:14.0906 3840 SYMDNS - ok

09:46:14.0984 3840 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMDS.SYS

09:46:15.0015 3840 SymDS - ok

09:46:15.0078 3840 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMEFA.SYS

09:46:15.0156 3840 SymEFA - ok

09:46:15.0203 3840 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

09:46:15.0203 3840 SymEvent - ok

09:46:15.0218 3840 SYMFW - ok

09:46:15.0234 3840 SYMIDS - ok

09:46:15.0281 3840 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\NIS\1206000.01D\Ironx86.SYS

09:46:15.0296 3840 SymIRON - ok

09:46:15.0312 3840 SYMNDIS - ok

09:46:15.0312 3840 SYMREDRV - ok

09:46:15.0359 3840 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SYMTDI.SYS

09:46:15.0375 3840 SYMTDI - ok

09:46:15.0390 3840 sym_hi - ok

09:46:15.0406 3840 sym_u3 - ok

09:46:15.0437 3840 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

09:46:15.0531 3840 sysaudio - ok

09:46:15.0593 3840 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

09:46:15.0671 3840 Tcpip - ok

09:46:15.0703 3840 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

09:46:15.0796 3840 TDPIPE - ok

09:46:15.0843 3840 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

09:46:15.0921 3840 TDTCP - ok

09:46:15.0953 3840 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

09:46:16.0031 3840 TermDD - ok

09:46:16.0046 3840 TosIde - ok

09:46:16.0093 3840 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

09:46:16.0187 3840 Udfs - ok

09:46:16.0203 3840 ultra - ok

09:46:16.0250 3840 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

09:46:16.0359 3840 Update - ok

09:46:16.0406 3840 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

09:46:16.0500 3840 usbccgp - ok

09:46:16.0515 3840 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

09:46:16.0609 3840 usbehci - ok

09:46:16.0656 3840 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

09:46:16.0734 3840 usbhub - ok

09:46:16.0796 3840 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

09:46:16.0890 3840 usbohci - ok

09:46:16.0921 3840 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

09:46:17.0015 3840 usbprint - ok

09:46:17.0125 3840 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

09:46:17.0218 3840 usbscan - ok

09:46:17.0281 3840 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

09:46:17.0359 3840 USBSTOR - ok

09:46:17.0406 3840 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

09:46:17.0500 3840 usbuhci - ok

09:46:17.0562 3840 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

09:46:17.0640 3840 VgaSave - ok

09:46:17.0671 3840 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

09:46:17.0765 3840 ViaIde - ok

09:46:17.0812 3840 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

09:46:17.0890 3840 VolSnap - ok

09:46:17.0937 3840 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys

09:46:18.0062 3840 vsdatant - ok

09:46:18.0218 3840 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

09:46:18.0312 3840 Wanarp - ok

09:46:18.0328 3840 WDICA - ok

09:46:18.0390 3840 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

09:46:18.0468 3840 wdmaud - ok

09:46:18.0578 3840 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

09:46:18.0656 3840 WmiAcpi - ok

09:46:18.0703 3840 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

09:46:18.0781 3840 WpdUsb - ok

09:46:18.0812 3840 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

09:46:18.0890 3840 WS2IFSL - ok

09:46:18.0937 3840 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

09:46:18.0984 3840 WudfPf - ok

09:46:19.0015 3840 WUDFRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\WUDFRd.sys

09:46:19.0046 3840 WUDFRd - ok

09:46:19.0093 3840 MBR (0x1B8) (0ac6d996bce152aed9600e6d6b797e2e) \Device\Harddisk0\DR0

09:46:19.0859 3840 \Device\Harddisk0\DR0 - ok

09:46:19.0890 3840 Boot (0x1200) (a5f31aa72a4263110fbc8c832f71f310) \Device\Harddisk0\DR0\Partition0

09:46:19.0890 3840 \Device\Harddisk0\DR0\Partition0 - ok

09:46:19.0906 3840 Boot (0x1200) (a8242512b851d9eaa5a5d1a2b56f3a0b) \Device\Harddisk0\DR0\Partition1

09:46:19.0906 3840 \Device\Harddisk0\DR0\Partition1 - ok

09:46:19.0906 3840 Boot (0x1200) (135ae33c9b131e70e335a4e85ef059bf) \Device\Harddisk0\DR0\Partition2

09:46:19.0906 3840 \Device\Harddisk0\DR0\Partition2 - ok

09:46:19.0906 3840 ============================================================

09:46:19.0906 3840 Scan finished

09:46:19.0906 3840 ============================================================

09:46:20.0015 3896 Detected object count: 10

09:46:20.0015 3896 Actual detected object count: 10

09:46:43.0593 3896 agnwifi ( UnsignedFile.Multi.Generic ) - skipped by user

09:46:43.0593 3896 agnwifi ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:46:43.0593 3896 awecho ( UnsignedFile.Multi.Generic ) - skipped by user

09:46:43.0593 3896 awecho ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:46:43.0593 3896 awlegacy ( UnsignedFile.Multi.Generic ) - skipped by user

09:46:43.0593 3896 awlegacy ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:46:43.0593 3896 AW_HOST ( UnsignedFile.Multi.Generic ) - skipped by user

09:46:43.0593 3896 AW_HOST ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:46:43.0593 3896 black ( UnsignedFile.Multi.Generic ) - skipped by user

09:46:43.0593 3896 black ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:46:43.0593 3896 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user

09:46:43.0593 3896 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:46:43.0593 3896 Gernuwa ( UnsignedFile.Multi.Generic ) - skipped by user

09:46:43.0593 3896 Gernuwa ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:46:43.0609 3896 MakoNT ( UnsignedFile.Multi.Generic ) - skipped by user

09:46:43.0609 3896 MakoNT ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:46:43.0609 3896 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user

09:46:43.0609 3896 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:46:43.0609 3896 rap ( UnsignedFile.Multi.Generic ) - skipped by user

09:46:43.0609 3896 rap ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:47:57.0015 1236 ============================================================

09:47:57.0015 1236 Scan started

09:47:57.0015 1236 Mode: Manual; SigCheck; TDLFS;

09:47:57.0015 1236 ============================================================

09:47:57.0515 1236 Abiosdsk - ok

09:47:57.0531 1236 abp480n5 - ok

09:47:57.0578 1236 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

09:47:57.0750 1236 ACPI - ok

09:47:57.0781 1236 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

09:47:57.0875 1236 ACPIEC - ok

09:47:57.0890 1236 adpu160m - ok

09:47:57.0921 1236 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

09:47:58.0031 1236 aec - ok

09:47:58.0062 1236 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

09:47:58.0093 1236 AFD - ok

09:47:58.0156 1236 AgereSoftModem (593aefc67283d409f34cc1245d00a509) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

09:47:58.0187 1236 AgereSoftModem - ok

09:47:58.0234 1236 agnwifi (685443afa5d1a94c5f47e4846b0e4c3d) C:\WINDOWS\system32\DRIVERS\agnwifi.sys

09:47:58.0234 1236 agnwifi ( UnsignedFile.Multi.Generic ) - warning

09:47:58.0234 1236 agnwifi - detected UnsignedFile.Multi.Generic (1)

09:47:58.0250 1236 Aha154x - ok

09:47:58.0265 1236 aic78u2 - ok

09:47:58.0281 1236 aic78xx - ok

09:47:58.0375 1236 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

09:47:58.0500 1236 ALCXWDM - ok

09:47:58.0515 1236 AliIde - ok

09:47:58.0546 1236 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

09:47:58.0562 1236 AmdK8 - ok

09:47:58.0578 1236 amsint - ok

09:47:58.0625 1236 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

09:47:58.0718 1236 Arp1394 - ok

09:47:58.0734 1236 asc - ok

09:47:58.0750 1236 asc3350p - ok

09:47:58.0765 1236 asc3550 - ok

09:47:58.0796 1236 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

09:47:58.0890 1236 AsyncMac - ok

09:47:58.0937 1236 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

09:47:59.0015 1236 atapi - ok

09:47:59.0031 1236 Atdisk - ok

09:47:59.0078 1236 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

09:47:59.0171 1236 Atmarpc - ok

09:47:59.0203 1236 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

09:47:59.0281 1236 audstub - ok

09:47:59.0328 1236 awecho (7305e36433ae7ce4a878ccc900bcf2a8) C:\WINDOWS\system32\drivers\awechomd.sys

09:47:59.0343 1236 awecho ( UnsignedFile.Multi.Generic ) - warning

09:47:59.0343 1236 awecho - detected UnsignedFile.Multi.Generic (1)

09:47:59.0375 1236 awlegacy (1464f3daf223e7a204baf1b556ee7769) C:\WINDOWS\System32\Drivers\awlegacy.sys

09:47:59.0406 1236 awlegacy ( UnsignedFile.Multi.Generic ) - warning

09:47:59.0406 1236 awlegacy - detected UnsignedFile.Multi.Generic (1)

09:47:59.0421 1236 AW_HOST (71c32536b50136e9e439306a2e9296e2) C:\WINDOWS\system32\drivers\aw_host5.sys

09:47:59.0453 1236 AW_HOST ( UnsignedFile.Multi.Generic ) - warning

09:47:59.0453 1236 AW_HOST - detected UnsignedFile.Multi.Generic (1)

09:47:59.0484 1236 BCSWAP (8acd4a0e6ce972882ee6db31c83cad4c) C:\WINDOWS\system32\drivers\BCSWAP.sys

09:47:59.0484 1236 BCSWAP - ok

09:47:59.0515 1236 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

09:47:59.0609 1236 Beep - ok

09:47:59.0812 1236 BHDrvx86 (9d14d76e4e7b9b2ead17149011db2b11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111210.003\BHDrvx86.sys

09:47:59.0843 1236 BHDrvx86 - ok

09:47:59.0984 1236 black (f0582c9b498d94427b64526a6d44a9c8) C:\WINDOWS\system32\drivers\BlackCat.sys

09:48:00.0000 1236 black ( UnsignedFile.Multi.Generic ) - warning

09:48:00.0000 1236 black - detected UnsignedFile.Multi.Generic (1)

09:48:00.0031 1236 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

09:48:00.0140 1236 cbidf2k - ok

09:48:00.0156 1236 cd20xrnt - ok

09:48:00.0187 1236 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

09:48:00.0296 1236 Cdaudio - ok

09:48:00.0328 1236 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

09:48:00.0406 1236 Cdfs - ok

09:48:00.0453 1236 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

09:48:00.0468 1236 Cdrom - ok

09:48:00.0484 1236 Changer - ok

09:48:00.0500 1236 CmdIde - ok

09:48:00.0531 1236 Cpqarray - ok

09:48:00.0625 1236 CVirtA (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys

09:48:00.0640 1236 CVirtA - ok

09:48:00.0703 1236 CVPNDRVA (aeaccdec355b5e7611120c6c10b51f82) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys

09:48:00.0718 1236 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning

09:48:00.0718 1236 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)

09:48:00.0734 1236 dac2w2k - ok

09:48:00.0750 1236 dac960nt - ok

09:48:00.0796 1236 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

09:48:00.0890 1236 Disk - ok

09:48:00.0953 1236 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

09:48:01.0078 1236 dmboot - ok

09:48:01.0109 1236 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

09:48:01.0187 1236 dmio - ok

09:48:01.0234 1236 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

09:48:01.0312 1236 dmload - ok

09:48:01.0343 1236 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

09:48:01.0437 1236 DMusic - ok

09:48:01.0484 1236 DNE (e471c1722f3a9e86d691a3e738318b6b) C:\WINDOWS\system32\DRIVERS\dne2000.sys

09:48:01.0515 1236 DNE - ok

09:48:01.0531 1236 dpti2o - ok

09:48:01.0578 1236 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

09:48:01.0656 1236 drmkaud - ok

09:48:01.0750 1236 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

09:48:01.0781 1236 eeCtrl - ok

09:48:01.0812 1236 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

09:48:01.0828 1236 EraserUtilRebootDrv - ok

09:48:02.0000 1236 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

09:48:02.0078 1236 Fastfat - ok

09:48:02.0109 1236 fasttx2k (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys

09:48:02.0140 1236 fasttx2k - ok

09:48:02.0250 1236 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

09:48:02.0343 1236 Fdc - ok

09:48:02.0375 1236 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

09:48:02.0453 1236 Fips - ok

09:48:02.0484 1236 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

09:48:02.0578 1236 Flpydisk - ok

09:48:02.0625 1236 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

09:48:02.0718 1236 FltMgr - ok

09:48:02.0734 1236 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

09:48:02.0828 1236 Fs_Rec - ok

09:48:02.0843 1236 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

09:48:02.0937 1236 Ftdisk - ok

09:48:02.0984 1236 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

09:48:02.0984 1236 GEARAspiWDM - ok

09:48:03.0031 1236 Gernuwa (fd25177ced6751c14de170d8282ced90) C:\WINDOWS\system32\drivers\Gernuwa.sys

09:48:03.0046 1236 Gernuwa ( UnsignedFile.Multi.Generic ) - warning

09:48:03.0046 1236 Gernuwa - detected UnsignedFile.Multi.Generic (1)

09:48:03.0078 1236 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

09:48:03.0156 1236 Gpc - ok

09:48:03.0218 1236 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

09:48:03.0296 1236 HDAudBus - ok

09:48:03.0343 1236 hpn - ok

09:48:03.0390 1236 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

09:48:03.0437 1236 HPZid412 - ok

09:48:03.0484 1236 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

09:48:03.0515 1236 HPZipr12 - ok

09:48:03.0609 1236 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

09:48:03.0656 1236 HPZius12 - ok

09:48:03.0687 1236 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

09:48:03.0718 1236 HTTP - ok

09:48:03.0734 1236 i2omgmt - ok

09:48:03.0750 1236 i2omp - ok

09:48:03.0781 1236 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

09:48:03.0875 1236 i8042prt - ok

09:48:04.0062 1236 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111219.001\IDSxpx86.sys

09:48:04.0078 1236 IDSxpx86 - ok

09:48:04.0203 1236 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

09:48:04.0296 1236 Imapi - ok

09:48:04.0328 1236 ini910u - ok

09:48:04.0484 1236 IntcAzAudAddService (b76d32231f56bb3df236bf25f49106ae) C:\WINDOWS\system32\drivers\RtkHDAud.sys

09:48:04.0640 1236 IntcAzAudAddService - ok

09:48:04.0671 1236 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

09:48:04.0765 1236 IntelIde - ok

09:48:04.0812 1236 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

09:48:04.0890 1236 intelppm - ok

09:48:04.0921 1236 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

09:48:05.0015 1236 Ip6Fw - ok

09:48:05.0046 1236 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

09:48:05.0140 1236 IpFilterDriver - ok

09:48:05.0187 1236 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

09:48:05.0281 1236 IpInIp - ok

09:48:05.0296 1236 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

09:48:05.0390 1236 IpNat - ok

09:48:05.0437 1236 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

09:48:05.0515 1236 IPSec - ok

09:48:05.0546 1236 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

09:48:05.0625 1236 IRENUM - ok

09:48:05.0656 1236 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

09:48:05.0750 1236 isapnp - ok

09:48:05.0796 1236 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

09:48:05.0875 1236 Kbdclass - ok

09:48:05.0921 1236 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

09:48:06.0015 1236 kmixer - ok

09:48:06.0062 1236 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

09:48:06.0078 1236 KSecDD - ok

09:48:06.0109 1236 lbrtfdc - ok

09:48:06.0171 1236 MakoNT (b9697bd2a14efa580263543e3fddff53) C:\WINDOWS\system32\drivers\MakoNT.sys

09:48:06.0171 1236 MakoNT ( UnsignedFile.Multi.Generic ) - warning

09:48:06.0171 1236 MakoNT - detected UnsignedFile.Multi.Generic (1)

09:48:06.0218 1236 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

09:48:06.0312 1236 mnmdd - ok

09:48:06.0343 1236 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

09:48:06.0437 1236 Modem - ok

09:48:06.0453 1236 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

09:48:06.0546 1236 Mouclass - ok

09:48:06.0578 1236 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

09:48:06.0671 1236 MountMgr - ok

09:48:06.0687 1236 mraid35x - ok

09:48:06.0718 1236 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

09:48:06.0828 1236 MRxDAV - ok

09:48:06.0968 1236 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

09:48:06.0984 1236 MRxSmb - ok

09:48:07.0031 1236 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

09:48:07.0109 1236 Msfs - ok

09:48:07.0171 1236 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

09:48:07.0250 1236 MSKSSRV - ok

09:48:07.0265 1236 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

09:48:07.0828 1236 MSPCLOCK - ok

09:48:07.0843 1236 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

09:48:07.0937 1236 MSPQM - ok

09:48:07.0968 1236 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

09:48:08.0046 1236 mssmbios - ok

09:48:08.0093 1236 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

09:48:08.0125 1236 Mup - ok

09:48:08.0296 1236 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111219.035\NAVENG.SYS

09:48:08.0296 1236 NAVENG - ok

09:48:08.0390 1236 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111219.035\NAVEX15.SYS

09:48:08.0437 1236 NAVEX15 - ok

09:48:08.0546 1236 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

09:48:08.0640 1236 NDIS - ok

09:48:08.0687 1236 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

09:48:08.0703 1236 NdisTapi - ok

09:48:08.0734 1236 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

09:48:08.0812 1236 Ndisuio - ok

09:48:08.0843 1236 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

09:48:08.0921 1236 NdisWan - ok

09:48:08.0968 1236 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

09:48:08.0984 1236 NDProxy - ok

09:48:09.0031 1236 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

09:48:09.0125 1236 NetBIOS - ok

09:48:09.0156 1236 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

09:48:09.0234 1236 NetBT - ok

09:48:09.0281 1236 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

09:48:09.0359 1236 NIC1394 - ok

09:48:09.0421 1236 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

09:48:09.0515 1236 Npfs - ok

09:48:09.0562 1236 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

09:48:09.0656 1236 Ntfs - ok

09:48:09.0703 1236 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

09:48:09.0812 1236 Null - ok

09:48:10.0015 1236 nv (c190757a29a9bc0199032f353dd2557a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

09:48:10.0218 1236 nv - ok

09:48:10.0265 1236 NVENETFD (0258d664f93b4b01ddd621b8c084f322) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

09:48:10.0281 1236 NVENETFD - ok

09:48:10.0343 1236 nvnetbus (56ec9207906435ef1bf02f5c68e3ffec) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

09:48:10.0375 1236 nvnetbus - ok

09:48:10.0406 1236 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

09:48:10.0484 1236 NwlnkFlt - ok

09:48:10.0515 1236 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

09:48:10.0609 1236 NwlnkFwd - ok

09:48:10.0703 1236 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

09:48:10.0796 1236 ohci1394 - ok

09:48:10.0828 1236 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

09:48:10.0921 1236 Parport - ok

09:48:10.0968 1236 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

09:48:11.0062 1236 PartMgr - ok

09:48:11.0093 1236 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

09:48:11.0187 1236 ParVdm - ok

09:48:11.0218 1236 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

09:48:11.0296 1236 PCI - ok

09:48:11.0312 1236 PCIDump - ok

09:48:11.0359 1236 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

09:48:11.0453 1236 PCIIde - ok

09:48:11.0500 1236 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

09:48:11.0593 1236 Pcmcia - ok

09:48:11.0609 1236 PDCOMP - ok

09:48:11.0625 1236 PDFRAME - ok

09:48:11.0640 1236 PDRELI - ok

09:48:11.0656 1236 PDRFRAME - ok

09:48:11.0671 1236 perc2 - ok

09:48:11.0687 1236 perc2hib - ok

09:48:11.0750 1236 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

09:48:11.0843 1236 PptpMiniport - ok

09:48:11.0875 1236 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

09:48:11.0968 1236 Processor - ok

09:48:12.0015 1236 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys

09:48:12.0031 1236 Ps2 - ok

09:48:12.0078 1236 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

09:48:12.0171 1236 PSched - ok

09:48:12.0281 1236 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys

09:48:12.0296 1236 PSI - ok

09:48:12.0328 1236 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

09:48:12.0421 1236 Ptilink - ok

09:48:12.0453 1236 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys

09:48:12.0468 1236 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning

09:48:12.0468 1236 PxHelp20 - detected UnsignedFile.Multi.Generic (1)

09:48:12.0484 1236 ql1080 - ok

09:48:12.0500 1236 Ql10wnt - ok

09:48:12.0515 1236 ql12160 - ok

09:48:12.0531 1236 ql1240 - ok

09:48:12.0546 1236 ql1280 - ok

09:48:12.0593 1236 rap (701aafe6a05ef90db2841e446941139c) C:\WINDOWS\system32\drivers\RapDrv.sys

09:48:12.0609 1236 rap ( UnsignedFile.Multi.Generic ) - warning

09:48:12.0609 1236 rap - detected UnsignedFile.Multi.Generic (1)

09:48:12.0640 1236 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

09:48:12.0718 1236 RasAcd - ok

09:48:12.0765 1236 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

09:48:12.0843 1236 Rasl2tp - ok

09:48:12.0875 1236 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

09:48:12.0968 1236 RasPppoe - ok

09:48:12.0984 1236 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

09:48:13.0062 1236 Raspti - ok

09:48:13.0109 1236 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

09:48:13.0203 1236 Rdbss - ok

09:48:13.0234 1236 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

09:48:13.0328 1236 RDPCDD - ok

09:48:13.0375 1236 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

09:48:13.0406 1236 RDPWD - ok

09:48:13.0453 1236 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

09:48:13.0546 1236 redbook - ok

09:48:13.0593 1236 RTL8023xp (1a2a445e8968b2019e75e08f3a1344fc) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys

09:48:13.0625 1236 RTL8023xp - ok

09:48:13.0656 1236 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

09:48:13.0718 1236 rtl8139 - ok

09:48:13.0765 1236 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

09:48:13.0843 1236 Secdrv - ok

09:48:13.0906 1236 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

09:48:14.0000 1236 Serial - ok

09:48:14.0046 1236 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

09:48:14.0125 1236 Sfloppy - ok

09:48:14.0140 1236 Simbad - ok

09:48:14.0156 1236 Sparrow - ok

09:48:14.0203 1236 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

09:48:14.0296 1236 splitter - ok

09:48:14.0343 1236 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

09:48:14.0437 1236 sr - ok

09:48:14.0593 1236 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SRTSP.SYS

09:48:14.0609 1236 SRTSP - ok

09:48:14.0640 1236 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSPX.SYS

09:48:14.0656 1236 SRTSPX - ok

09:48:14.0703 1236 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

09:48:14.0734 1236 Srv - ok

09:48:14.0765 1236 ssadbus (6d83ff6722baf7e82a4521dbec363e5a) C:\WINDOWS\system32\DRIVERS\ssadbus.sys

09:48:14.0765 1236 ssadbus - ok

09:48:14.0796 1236 ssadmdfl (5ae42e90f99749e0e35b9989a2d0275c) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys

09:48:14.0812 1236 ssadmdfl - ok

09:48:14.0843 1236 ssadmdm (9285d8aba50a4d6482b1574448f9eb76) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys

09:48:14.0843 1236 ssadmdm - ok

09:48:14.0921 1236 sscdbus (069351a1d7d291013177a90ae6edccbc) C:\WINDOWS\system32\DRIVERS\sscdbus.sys

09:48:14.0937 1236 sscdbus - ok

09:48:14.0984 1236 sscdmdfl (1c925be223a5c0f9f469252292a48df6) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys

09:48:14.0984 1236 sscdmdfl - ok

09:48:15.0031 1236 sscdmdm (ae3e77ae0fbdb07eb1ac3fed74a0695e) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys

09:48:15.0046 1236 sscdmdm - ok

09:48:15.0093 1236 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

09:48:15.0187 1236 swenum - ok

09:48:15.0234 1236 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

09:48:15.0312 1236 swmidi - ok

09:48:15.0343 1236 symc810 - ok

09:48:15.0359 1236 symc8xx - ok

09:48:15.0375 1236 SYMDNS - ok

09:48:15.0437 1236 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMDS.SYS

09:48:15.0453 1236 SymDS - ok

09:48:15.0500 1236 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMEFA.SYS

09:48:15.0531 1236 SymEFA - ok

09:48:15.0562 1236 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

09:48:15.0578 1236 SymEvent - ok

09:48:15.0593 1236 SYMFW - ok

09:48:15.0609 1236 SYMIDS - ok

09:48:15.0640 1236 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\NIS\1206000.01D\Ironx86.SYS

09:48:15.0656 1236 SymIRON - ok

09:48:15.0671 1236 SYMNDIS - ok

09:48:15.0687 1236 SYMREDRV - ok

09:48:15.0750 1236 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SYMTDI.SYS

09:48:15.0765 1236 SYMTDI - ok

09:48:15.0859 1236 sym_hi - ok

09:48:15.0875 1236 sym_u3 - ok

09:48:15.0921 1236 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

09:48:16.0000 1236 sysaudio - ok

09:48:16.0046 1236 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

09:48:16.0093 1236 Tcpip - ok

09:48:16.0125 1236 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

09:48:16.0218 1236 TDPIPE - ok

09:48:16.0250 1236 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

09:48:16.0328 1236 TDTCP - ok

09:48:16.0359 1236 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

09:48:16.0437 1236 TermDD - ok

09:48:16.0484 1236 TosIde - ok

09:48:16.0562 1236 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

09:48:16.0656 1236 Udfs - ok

09:48:16.0656 1236 ultra - ok

09:48:16.0703 1236 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

09:48:16.0796 1236 Update - ok

09:48:16.0843 1236 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

09:48:16.0937 1236 usbccgp - ok

09:48:16.0953 1236 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

09:48:17.0062 1236 usbehci - ok

09:48:17.0140 1236 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

09:48:17.0234 1236 usbhub - ok

09:48:17.0281 1236 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

09:48:17.0375 1236 usbohci - ok

09:48:17.0406 1236 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

09:48:17.0500 1236 usbprint - ok

09:48:17.0531 1236 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

09:48:17.0609 1236 usbscan - ok

09:48:17.0656 1236 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

09:48:17.0750 1236 USBSTOR - ok

09:48:17.0796 1236 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

09:48:17.0890 1236 usbuhci - ok

09:48:17.0921 1236 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

09:48:18.0000 1236 VgaSave - ok

09:48:18.0031 1236 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

09:48:18.0109 1236 ViaIde - ok

09:48:18.0156 1236 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

09:48:18.0234 1236 VolSnap - ok

09:48:18.0281 1236 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys

09:48:18.0296 1236 vsdatant - ok

09:48:18.0375 1236 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

09:48:18.0468 1236 Wanarp - ok

09:48:18.0484 1236 WDICA - ok

09:48:18.0515 1236 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

09:48:18.0609 1236 wdmaud - ok

09:48:18.0687 1236 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

09:48:18.0765 1236 WmiAcpi - ok

09:48:18.0812 1236 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

09:48:18.0828 1236 WpdUsb - ok

09:48:18.0875 1236 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

09:48:18.0968 1236 WS2IFSL - ok

09:48:19.0015 1236 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

09:48:19.0046 1236 WudfPf - ok

09:48:19.0078 1236 WUDFRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\WUDFRd.sys

09:48:19.0093 1236 WUDFRd - ok

09:48:19.0125 1236 MBR (0x1B8) (0ac6d996bce152aed9600e6d6b797e2e) \Device\Harddisk0\DR0

09:48:19.0343 1236 \Device\Harddisk0\DR0 - ok

09:48:19.0359 1236 Boot (0x1200) (a5f31aa72a4263110fbc8c832f71f310) \Device\Harddisk0\DR0\Partition0

09:48:19.0359 1236 \Device\Harddisk0\DR0\Partition0 - ok

09:48:19.0359 1236 Boot (0x1200) (a8242512b851d9eaa5a5d1a2b56f3a0b) \Device\Harddisk0\DR0\Partition1

09:48:19.0359 1236 \Device\Harddisk0\DR0\Partition1 - ok

09:48:19.0390 1236 Boot (0x1200) (135ae33c9b131e70e335a4e85ef059bf) \Device\Harddisk0\DR0\Partition2

09:48:19.0390 1236 \Device\Harddisk0\DR0\Partition2 - ok

09:48:19.0390 1236 ============================================================

09:48:19.0390 1236 Scan finished

09:48:19.0390 1236 ============================================================

09:48:19.0406 4084 Detected object count: 10

09:48:19.0406 4084 Actual detected object count: 10

Link to post
Share on other sites

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

OK, ComboFix all done, logs below:

Google no longer redirecting.

Whaddaya think? Am I finally clean and good to go for home banking, purchasing Malware Bytes via credit card, and such?

Thanks for all the help.

david

ComboFix 11-12-20.04 - HP_Owner 12/20/2011 12:10:53.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3197.2402 [GMT -8:00]

Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FW: Proventia Desktop *Enabled* {FAC18DC3-C81D-408B-A3DE-7B6304B0AE90}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Start Menu\Programs\Startup\explorer.lnk

c:\documents and settings\Default User\WINDOWS

c:\documents and settings\HP_Owner\WINDOWS

c:\windows\dasetup.log

c:\windows\system32\config\systemprofile\WINDOWS

c:\windows\system32\Copy of spider.exe.txt

c:\windows\system32\gotomon.log

c:\windows\system32\ps2.bat

c:\windows\system32\SET195.tmp

c:\windows\system32\SET19A.tmp

c:\windows\system32\SET1A1.tmp

c:\windows\system32\SET1AE.tmp

c:\windows\system32\spool\prtprocs\w32x86\GoToPrintProcessor.dll

c:\windows\updspapi.log

K:\Autorun.inf

.

Infected copy of c:\windows\system32\perfctrs.dll was found and disinfected

Restored copy from - c:\windows\ServicePackFiles\i386\perfctrs.dll

.

Infected copy of c:\windows\system32\mspmsnsv.dll was found and disinfected

Restored copy from - c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll

.

.

((((((((((((((((((((((((( Files Created from 2011-11-20 to 2011-12-20 )))))))))))))))))))))))))))))))

.

.

2011-12-20 20:27 . 2011-12-20 20:27 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-23 13:25 . 2004-08-04 04:00 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-13 01:57 . 2011-05-15 20:51 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-04 19:20 . 2004-08-04 04:00 916992 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:20 . 2004-08-04 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-04 19:20 . 2004-08-04 04:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-11-04 11:23 . 2004-08-04 04:00 385024 ----a-w- c:\windows\system32\html.iec

2011-11-01 16:07 . 2004-08-04 04:00 1288704 ----a-w- c:\windows\system32\ole32.dll

2011-10-28 05:31 . 2004-08-04 04:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-25 13:37 . 2004-08-04 04:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-25 12:52 . 2004-08-04 11:00 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-18 11:13 . 2004-08-04 04:00 186880 ----a-w- c:\windows\system32\encdec.dll

2011-10-10 14:22 . 2004-08-04 04:00 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06 . 2004-08-04 04:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 18:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 18:41 . 2004-08-04 04:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 18:41 . 2004-08-04 04:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TClockEx"="c:\program files\TClockEx\TCLOCKEX.EXE" [2000-03-09 89088]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

"NortonUtilities"="c:\program files\Norton Utilities 14\nu.exe" [2010-08-18 4093288]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-05 8491008]

"nwiz"="nwiz.exe" [2007-10-05 1626112]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-05 81920]

"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]

"BCWipeTM Startup"="c:\program files\Jetico\BCWipe\BCWipeTM.exe" [2008-09-04 545520]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-09-07 161336]

.

c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\

SunClock5.lnk - c:\documents and settings\HP_Owner\Application Data\Map Maker\MMManager.exe [2005-8-14 95744]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-7-14 113664]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

Printkey2000.lnk - c:\program files\PrintKey2000\Printkey2000.exe [2007-8-26 869376]

Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2010-12-21 291896]

Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2005-6-1 45056]

VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2005-6-10 1426424]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]

2005-05-20 19:51 8704 ----a-w- c:\windows\system32\PCANotify.dll

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=

"c:\\Program Files\\SmartFTP\\SmartFTP.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\NetMeeting\\conf.exe"=

"c:\\Program Files\\Symantec\\pcAnywhere\\Winaw32.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\symds.sys [5/2/2011 2:03 PM 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\symefa.sys [5/2/2011 2:03 PM 744568]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111210.003\BHDrvx86.sys [12/14/2011 3:40 PM 819320]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\ironx86.sys [5/2/2011 2:03 PM 136312]

R2 BlackICE;BlackICE;c:\program files\ISS\Proventia Desktop\blackd.exe [3/25/2006 11:19 AM 1986902]

R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [5/2/2011 2:03 PM 130008]

R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [12/21/2010 4:04 AM 987704]

R2 VPatch;ISS Buffer Overflow Exploit Prevention;c:\program files\ISS\Proventia Desktop\Vpatch.exe [3/25/2006 11:19 AM 426333]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/9/2011 5:33 PM 106104]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111219.001\IDSXpx86.sys [12/19/2011 3:46 PM 356280]

R3 MakoNT;MakoNT;c:\windows\system32\drivers\MakoNT.sys [3/25/2006 11:19 AM 76913]

R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 12:30 AM 15544]

R3 rap;rap;c:\windows\system32\drivers\RapDrv.sys [3/25/2006 11:19 AM 46001]

R4 black;black;c:\windows\system32\drivers\Blackcat.sys [3/25/2006 11:19 AM 234155]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/5/2010 2:15 AM 135664]

S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [12/21/2010 4:04 AM 399416]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/5/2010 2:15 AM 135664]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2/4/2011 3:34 PM 96488]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2/4/2011 3:34 PM 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2/4/2011 3:34 PM 121576]

S4 BCSWAP;BCSWAP;c:\windows\system32\drivers\bcswap.sys [1/25/2007 6:54 AM 91496]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\NG-ATTDIALER]

2005-06-28 19:59 111306 ----a-w- c:\windows\inf\NG-ATTDL.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\NG-DomesticDial]

2003-09-16 22:35 160696 ----a-w- c:\windows\inf\NG-DDial.EXE

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-19 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-28 04:59]

.

2011-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 10:14]

.

2011-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 10:14]

.

2011-12-20 c:\windows\Tasks\Norton Security Scan for HP_Owner.job

- c:\progra~1\NORTON~4\Engine\301~1.8\Nss.exe [2011-01-13 07:47]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

Trusted Zone: intuit.com\ttlc

Trusted Zone: turbotax.com

TCP: DhcpNameServer = 208.67.222.222 208.67.220.220

FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\9vssxe7w.default\

FF - prefs.js: browser.search.selectedEngine - My Web Search

FF - prefs.js: browser.startup.homepage - www.cnn.com

FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZLxdm111YYUS&ptb=Qp6g.iBOv19qy0yFy7ryWw&psa=&ind=2010101718&ptnrS=ZLxdm111YYUS&si=2496&st=kwd&n=77cfb7d6&searchfor=

FF - prefs.js: network.proxy.ftp - iwebredca.ms.northgrum.com

FF - prefs.js: network.proxy.ftp_port - 80

FF - prefs.js: network.proxy.gopher - centralproxy.northgrum.com

FF - prefs.js: network.proxy.http - westproxy.northgrum.com

FF - prefs.js: network.proxy.http_port - 80

FF - prefs.js: network.proxy.socks - iwebredca.ms.northgrum.com

FF - prefs.js: network.proxy.ssl - westproxy.northgrum.com

FF - prefs.js: network.proxy.ssl_port - 80

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn

FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_4_3

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-hpqSRMon - (no file)

Notify-AtiExtEvent - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-20 12:29

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-513007502-2063478617-2768938985-1009\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3304)

c:\windows\system32\WININET.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\IEFRAME.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\SmartFTP\smarthook.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Cisco Systems\VPN Client\cvpnd.exe

c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\msiexec.exe

c:\progra~1\AT&TGL~1\NetCfgSv.EXE

c:\program files\ISS\Proventia Desktop\RapApp.exe

c:\windows\system32\RUNDLL32.EXE

c:\windows\RTHDCPL.EXE

c:\program files\Windows Media Player\WMPNetwk.exe

c:\hp\KBD\KBD.EXE

c:\windows\AGRSMMSG.exe

c:\windows\system\hpsysdrv.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe

.

**************************************************************************

.

Completion time: 2011-12-20 12:36:45 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-20 20:36

.

Pre-Run: 19,082,678,272 bytes free

Post-Run: 20,239,388,672 bytes free

.

- - End Of File - - 72F01FEFC74B3DB9BFC58320920C0302

Link to post
Share on other sites

Are you using a proxy server?

westproxy.northgrum.com

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

FireFox::
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\9vssxe7w.default\
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZLxdm111YYUS&ptb=Qp6g.iBOv19qy0yFy7ryWw&psa=&ind=2010101718&ptnrS=ZLxdm111YYUS&si=2496&st=kwd&n=77cfb7d6&searchfor=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Proxy server westproxy.northgrum.com is legit. Used by my browser when on corporate VPN.

Still good to go with Google; no more redirects.

Waiting on your all clear for anything further.

thanks again,

david

ComboFix 11-12-20.04 - HP_Owner 12/20/2011 13:33:12.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3197.2423 [GMT -8:00]

Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\HP_Owner\Desktop\CFScript.txt

AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FW: Proventia Desktop *Enabled* {FAC18DC3-C81D-408B-A3DE-7B6304B0AE90}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\icon.png

c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\install.rdf

c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\preview.png

.

.

((((((((((((((((((((((((( Files Created from 2011-11-20 to 2011-12-20 )))))))))))))))))))))))))))))))

.

.

2011-12-20 21:43 . 2011-12-20 21:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-23 13:25 . 2004-08-04 04:00 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-13 01:57 . 2011-05-15 20:51 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-04 19:20 . 2004-08-04 04:00 916992 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:20 . 2004-08-04 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-04 19:20 . 2004-08-04 04:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-11-04 11:23 . 2004-08-04 04:00 385024 ----a-w- c:\windows\system32\html.iec

2011-11-01 16:07 . 2004-08-04 04:00 1288704 ----a-w- c:\windows\system32\ole32.dll

2011-10-28 05:31 . 2004-08-04 04:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-25 13:37 . 2004-08-04 04:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-25 12:52 . 2004-08-04 11:00 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-18 11:13 . 2004-08-04 04:00 186880 ----a-w- c:\windows\system32\encdec.dll

2011-10-10 14:22 . 2004-08-04 04:00 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06 . 2004-08-04 04:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 18:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 18:41 . 2004-08-04 04:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 18:41 . 2004-08-04 04:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-12-20_20.27.33 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-12-20 21:44 . 2011-12-20 21:44 16384 c:\windows\Temp\Perflib_Perfdata_938.dat

+ 2011-12-20 21:42 . 2011-12-20 21:42 16384 c:\windows\Temp\Perflib_Perfdata_254.dat

+ 2008-09-26 04:44 . 2011-12-20 21:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut9.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2008-09-26 04:44 . 2008-09-26 04:44 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut9.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2008-09-26 04:44 . 2008-09-26 04:44 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut8.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2008-09-26 04:44 . 2011-12-20 21:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut8.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2008-09-26 04:44 . 2008-09-26 04:44 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut7.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2008-09-26 04:44 . 2011-12-20 21:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut7.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2008-09-26 04:44 . 2008-09-26 04:44 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut6.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2008-09-26 04:44 . 2011-12-20 21:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut6.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2008-09-26 04:44 . 2008-09-26 04:44 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut5.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2008-09-26 04:44 . 2011-12-20 21:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut5.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2008-09-26 04:43 . 2011-12-20 21:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut28.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2008-09-26 04:43 . 2008-09-26 04:43 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut28.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2008-09-26 04:43 . 2008-09-26 04:43 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut27.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2008-09-26 04:43 . 2011-12-20 21:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut27.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2008-09-26 04:44 . 2008-09-26 04:44 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut26.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2008-09-26 04:44 . 2011-12-20 21:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut26.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2008-09-26 04:43 . 2008-09-26 04:43 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut25.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2008-09-26 04:43 . 2011-12-20 21:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut25.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2008-09-26 04:43 . 2008-09-26 04:43 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut24.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2008-09-26 04:43 . 2011-12-20 21:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut24.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2008-09-26 04:43 . 2011-12-20 21:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut23.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2008-09-26 04:43 . 2008-09-26 04:43 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut23.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2008-09-26 04:43 . 2011-12-20 21:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut22.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2008-09-26 04:43 . 2008-09-26 04:43 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut22.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2008-09-26 04:43 . 2008-09-26 04:43 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut21.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2008-09-26 04:43 . 2011-12-20 21:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut21.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2008-09-26 04:43 . 2011-12-20 21:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut20.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2008-09-26 04:43 . 2008-09-26 04:43 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut20.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2008-09-26 04:43 . 2008-09-26 04:43 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut2_1.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2008-09-26 04:43 . 2011-12-20 21:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut2_1.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2008-09-26 04:43 . 2011-12-20 21:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut19.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2008-09-26 04:43 . 2008-09-26 04:43 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut19.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2008-09-26 04:43 . 2008-09-26 04:43 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut18.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2008-09-26 04:43 . 2011-12-20 21:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut18.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2008-09-26 04:43 . 2008-09-26 04:43 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut17.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2008-09-26 04:43 . 2011-12-20 21:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut17.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2008-09-26 04:44 . 2008-09-26 04:44 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut16.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2008-09-26 04:44 . 2011-12-20 21:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut16.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2008-09-26 04:44 . 2011-12-20 21:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut15.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2008-09-26 04:44 . 2008-09-26 04:44 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut15.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2008-09-26 04:44 . 2008-09-26 04:44 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut14.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2008-09-26 04:44 . 2011-12-20 21:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut14.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2008-09-26 04:44 . 2011-12-20 21:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut13.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2008-09-26 04:44 . 2008-09-26 04:44 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut13.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2008-09-26 04:44 . 2011-12-20 21:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut12.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2008-09-26 04:44 . 2008-09-26 04:44 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut12.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2008-09-26 04:43 . 2008-09-26 04:43 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut11.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2008-09-26 04:43 . 2011-12-20 21:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut11.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2008-09-26 04:44 . 2008-09-26 04:44 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut10.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2008-09-26 04:44 . 2011-12-20 21:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut10.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2008-09-26 04:44 . 2008-09-26 04:44 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\ARPPRODUCTICON.exe

+ 2008-09-26 04:44 . 2011-12-20 21:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\ARPPRODUCTICON.exe

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TClockEx"="c:\program files\TClockEx\TCLOCKEX.EXE" [2000-03-09 89088]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

"NortonUtilities"="c:\program files\Norton Utilities 14\nu.exe" [2010-08-18 4093288]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-05 8491008]

"nwiz"="nwiz.exe" [2007-10-05 1626112]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-05 81920]

"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]

"BCWipeTM Startup"="c:\program files\Jetico\BCWipe\BCWipeTM.exe" [2008-09-04 545520]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-09-07 161336]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]

.

c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\

SunClock5.lnk - c:\documents and settings\HP_Owner\Application Data\Map Maker\MMManager.exe [2005-8-14 95744]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-7-14 113664]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

Printkey2000.lnk - c:\program files\PrintKey2000\Printkey2000.exe [2007-8-26 869376]

Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2010-12-21 291896]

Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2005-6-1 45056]

VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2005-6-10 1426424]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]

2005-05-20 19:51 8704 ----a-w- c:\windows\system32\PCANotify.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=

"c:\\Program Files\\SmartFTP\\SmartFTP.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\NetMeeting\\conf.exe"=

"c:\\Program Files\\Symantec\\pcAnywhere\\Winaw32.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\symds.sys [5/2/2011 2:03 PM 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\symefa.sys [5/2/2011 2:03 PM 744568]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111210.003\BHDrvx86.sys [12/14/2011 3:40 PM 819320]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\ironx86.sys [5/2/2011 2:03 PM 136312]

R2 BlackICE;BlackICE;c:\program files\ISS\Proventia Desktop\blackd.exe [3/25/2006 11:19 AM 1986902]

R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [5/2/2011 2:03 PM 130008]

R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [12/21/2010 4:04 AM 987704]

R2 VPatch;ISS Buffer Overflow Exploit Prevention;c:\program files\ISS\Proventia Desktop\Vpatch.exe [3/25/2006 11:19 AM 426333]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/9/2011 5:33 PM 106104]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111219.001\IDSXpx86.sys [12/19/2011 3:46 PM 356280]

R3 MakoNT;MakoNT;c:\windows\system32\drivers\MakoNT.sys [3/25/2006 11:19 AM 76913]

R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 12:30 AM 15544]

R3 rap;rap;c:\windows\system32\drivers\RapDrv.sys [3/25/2006 11:19 AM 46001]

R4 black;black;c:\windows\system32\drivers\Blackcat.sys [3/25/2006 11:19 AM 234155]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/5/2010 2:15 AM 135664]

S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [12/21/2010 4:04 AM 399416]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/5/2010 2:15 AM 135664]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2/4/2011 3:34 PM 96488]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2/4/2011 3:34 PM 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2/4/2011 3:34 PM 121576]

S4 BCSWAP;BCSWAP;c:\windows\system32\drivers\bcswap.sys [1/25/2007 6:54 AM 91496]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\NG-ATTDIALER]

2005-06-28 19:59 111306 ----a-w- c:\windows\inf\NG-ATTDL.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\NG-DomesticDial]

2003-09-16 22:35 160696 ----a-w- c:\windows\inf\NG-DDial.EXE

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-19 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-28 04:59]

.

2011-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 10:14]

.

2011-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 10:14]

.

2011-12-20 c:\windows\Tasks\Norton Security Scan for HP_Owner.job

- c:\progra~1\NORTON~4\Engine\301~1.8\Nss.exe [2011-01-13 07:47]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

Trusted Zone: intuit.com\ttlc

Trusted Zone: turbotax.com

TCP: DhcpNameServer = 208.67.222.222 208.67.220.220

FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\9vssxe7w.default\

FF - prefs.js: browser.startup.homepage - www.cnn.com

FF - prefs.js: network.proxy.ftp - iwebredca.ms.northgrum.com

FF - prefs.js: network.proxy.ftp_port - 80

FF - prefs.js: network.proxy.gopher - centralproxy.northgrum.com

FF - prefs.js: network.proxy.http - westproxy.northgrum.com

FF - prefs.js: network.proxy.http_port - 80

FF - prefs.js: network.proxy.socks - iwebredca.ms.northgrum.com

FF - prefs.js: network.proxy.ssl - westproxy.northgrum.com

FF - prefs.js: network.proxy.ssl_port - 80

FF - prefs.js: network.proxy.type - 0

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn

FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_4_3

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-20 13:45

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-513007502-2063478617-2768938985-1009\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(1540)

c:\windows\system32\WININET.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\IEFRAME.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\SmartFTP\smarthook.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Cisco Systems\VPN Client\cvpnd.exe

c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\system32\RUNDLL32.EXE

c:\windows\RTHDCPL.EXE

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\msiexec.exe

c:\progra~1\AT&TGL~1\NetCfgSv.EXE

c:\program files\ISS\Proventia Desktop\RapApp.exe

c:\program files\Windows Media Player\WMPNetwk.exe

c:\hp\KBD\KBD.EXE

c:\windows\AGRSMMSG.exe

c:\windows\system\hpsysdrv.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe

.

**************************************************************************

.

Completion time: 2011-12-20 13:50:49 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-20 21:50

ComboFix2.txt 2011-12-20 20:36

.

Pre-Run: 20,188,823,552 bytes free

Post-Run: 20,230,963,200 bytes free

.

- - End Of File - - C79C77B18CFD11D652ADDA110A6F4BD6

Link to post
Share on other sites

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.
  • Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.
    •Free browser plug-in for Internet Explorer and Firefox
    •Real-time safety ratings
    •Ideal for Facebook, Twitter and LinkedIn
  • JAVA Click this link and click on the Free JAVA Download
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

Hmmm. Thought I had already replied, but looks like not.

Thanks for all the help. Purchased version now on my box.

I currently run Norton Internet Security, which does auto updates daily, and as I understand it, also provides a firewall. Additionally, I'm behind a router.

I also incorporate all MS updates as they become available.

Gotta figure I'm in pretty good shape now. Using a separate box to do all password changes just to be overly safe.

Thanks again for all your help.

david

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.