Jump to content

Redirects - popups - etc....


Recommended Posts

Hello,

I have what appears to be a situation similar to most others here. I get pop-ups and redirects, as well as the fact that my pc doesn't automatically connect to the internet. In order to connect, I have to manually start the DCHP process in Services. Per the instructions Below are the contents of the dds.txt file. the ark and attach.txt files are also zipped and attached.

Also, I had previously run Norton, and received the following message: (Backdoor.Tidserv.I!inf) detected by Virus scanner and Auto-Protect,Manual Removal Required - the only problem is I can't figuire out a way to do it.

I appreciate any help you can provide - Thanks!

DDS.TXT information:

DDS (Ver_10-12-05.01) - NTFSx86

Run by Authorized User at 21:28:07.16 on Wed 12/08/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.998 [GMT -5:00]

AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\mHotkey.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\progra~1\scansoft\paperp~1\pptd40nt.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe

C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe

C:\WINDOWS\system32\BRMFRSMG.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Authorized User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll

BHO: FlpLauncher Class: {4401fdc3-7996-4774-8d2b-c1ae9cd6cc25} - c:\program files\e-book systems\flipalbum 6 pro\FpLaunch.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.3.0.5\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.3.0.5\IPSBHO.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.3.0.5\coIEPlg.dll

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [CHotkey] mHotkey.exe

mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [Adobe Version Cue CS2] "c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe"

mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE

mRun: [PaperPort PTD] c:\progra~1\scansoft\paperp~1\pptd40nt.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

dRunOnce: [sWHelper] "c:\windows\system32\macromed\shockwave 10\PostUpdate.exe" 1014020

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

Trusted Zone: stumbleupon.com

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1250314071953

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-11-7 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-11-7 173104]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20101123.003\BHDrvx86.sys [2010-11-22 691248]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-11-7 501888]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-11-7 116784]

R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.3.0.5\ccsvchst.exe [2010-11-7 126392]

R2 WinDriver;WinDriver;c:\windows\system32\drivers\windrvr.sys [2006-9-17 90688]

R3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2009-9-30 2944]

R3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2009-9-30 60416]

R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2009-9-30 11008]

R3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2009-9-30 10368]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-27 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20101208.001\IDSXpx86.sys [2010-12-8 341944]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20101208.002\NAVENG.SYS [2010-12-8 86064]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20101208.002\NAVEX15.SYS [2010-12-8 1371184]

R3 Slazldrv;SmartLink AMR_PCI Driver;c:\windows\system32\drivers\sldrv\slazldrv.sys [2005-4-29 230448]

S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]

S3 diskchk;diskchk;\??\c:\windows\system32\diskchk.sys --> c:\windows\system32\diskchk.sys [?]

=============== Created Last 30 ================

2010-12-08 22:20:31 36352 ----a-w- c:\windows\system32\drivers\OLD6A6.tmp

2010-12-08 22:20:25 36352 ----a-w- c:\windows\system32\drivers\OLD6A3.tmp

2010-12-08 22:20:18 36352 ----a-w- c:\windows\system32\drivers\OLD6A0.tmp

2010-12-08 22:20:13 36352 ----a-w- c:\windows\system32\drivers\OLD69D.tmp

2010-12-08 22:20:07 36352 ----a-w- c:\windows\system32\drivers\OLD69A.tmp

2010-12-08 22:20:01 36352 ----a-w- c:\windows\system32\drivers\OLD697.tmp

2010-12-08 22:19:55 36352 ----a-w- c:\windows\system32\drivers\OLD694.tmp

2010-12-08 22:19:49 36352 ----a-w- c:\windows\system32\drivers\OLD691.tmp

2010-12-08 22:19:43 36352 ----a-w- c:\windows\system32\drivers\OLD68E.tmp

2010-12-08 22:19:37 36352 ----a-w- c:\windows\system32\drivers\OLD68B.tmp

2010-12-08 22:19:31 36352 ----a-w- c:\windows\system32\drivers\OLD688.tmp

2010-12-08 22:19:25 36352 ----a-w- c:\windows\system32\drivers\OLD685.tmp

2010-12-08 22:19:19 36352 ----a-w- c:\windows\system32\drivers\OLD682.tmp

2010-12-08 22:19:13 36352 ----a-w- c:\windows\system32\drivers\OLD67F.tmp

2010-12-08 22:19:07 36352 ----a-w- c:\windows\system32\drivers\OLD67C.tmp

2010-12-08 22:19:01 36352 ----a-w- c:\windows\system32\drivers\OLD679.tmp

2010-12-08 22:18:56 36352 ----a-w- c:\windows\system32\drivers\OLD676.tmp

2010-12-08 22:18:50 36352 ----a-w- c:\windows\system32\drivers\OLD673.tmp

2010-12-08 22:18:44 36352 ----a-w- c:\windows\system32\drivers\OLD670.tmp

2010-12-08 22:18:38 36352 ----a-w- c:\windows\system32\drivers\OLD66D.tmp

2010-12-08 22:18:32 36352 ----a-w- c:\windows\system32\drivers\OLD66A.tmp

2010-12-08 22:18:26 36352 ----a-w- c:\windows\system32\drivers\OLD667.tmp

2010-12-08 22:18:20 36352 ----a-w- c:\windows\system32\drivers\OLD664.tmp

2010-12-08 22:18:15 36352 ----a-w- c:\windows\system32\drivers\OLD661.tmp

2010-12-08 22:18:09 36352 ----a-w- c:\windows\system32\drivers\OLD65E.tmp

2010-12-08 22:18:03 36352 ----a-w- c:\windows\system32\drivers\OLD65B.tmp

2010-12-08 22:17:57 36352 ----a-w- c:\windows\system32\drivers\OLD658.tmp

2010-12-08 22:17:51 36352 ----a-w- c:\windows\system32\drivers\OLD655.tmp

2010-12-08 22:17:45 36352 ----a-w- c:\windows\system32\drivers\OLD652.tmp

2010-12-08 22:17:39 36352 ----a-w- c:\windows\system32\drivers\OLD64F.tmp

2010-12-08 22:17:33 36352 ----a-w- c:\windows\system32\drivers\OLD64C.tmp

2010-12-08 22:17:27 36352 ----a-w- c:\windows\system32\drivers\OLD649.tmp

2010-12-08 22:17:21 36352 ----a-w- c:\windows\system32\drivers\OLD646.tmp

2010-12-08 22:17:15 36352 ----a-w- c:\windows\system32\drivers\OLD643.tmp

2010-12-08 22:17:09 36352 ----a-w- c:\windows\system32\drivers\OLD640.tmp

2010-12-08 22:17:03 36352 ----a-w- c:\windows\system32\drivers\OLD63D.tmp

2010-12-08 22:16:57 36352 ----a-w- c:\windows\system32\drivers\OLD63A.tmp

2010-12-08 22:16:51 36352 ----a-w- c:\windows\system32\drivers\OLD637.tmp

2010-12-08 22:16:45 36352 ----a-w- c:\windows\system32\drivers\OLD634.tmp

2010-12-08 22:16:38 36352 ----a-w- c:\windows\system32\drivers\OLD631.tmp

2010-12-08 22:16:32 36352 ----a-w- c:\windows\system32\drivers\OLD62E.tmp

2010-12-08 22:16:26 36352 ----a-w- c:\windows\system32\drivers\OLD62B.tmp

2010-12-08 22:16:20 36352 ----a-w- c:\windows\system32\drivers\OLD628.tmp

2010-12-08 22:16:14 36352 ----a-w- c:\windows\system32\drivers\OLD625.tmp

2010-12-08 22:16:08 36352 ----a-w- c:\windows\system32\drivers\OLD622.tmp

2010-12-08 22:16:02 36352 ----a-w- c:\windows\system32\drivers\OLD61F.tmp

2010-12-08 22:15:56 36352 ----a-w- c:\windows\system32\drivers\OLD61C.tmp

2010-12-08 22:15:50 36352 ----a-w- c:\windows\system32\drivers\OLD619.tmp

2010-12-08 22:15:44 36352 ----a-w- c:\windows\system32\drivers\OLD616.tmp

2010-12-08 22:15:38 36352 ----a-w- c:\windows\system32\drivers\OLD613.tmp

2010-12-08 22:15:30 36352 ----a-w- c:\windows\system32\drivers\OLD610.tmp

2010-12-08 22:15:24 36352 ----a-w- c:\windows\system32\drivers\OLD60D.tmp

2010-12-08 22:15:19 36352 ----a-w- c:\windows\system32\drivers\OLD60A.tmp

2010-12-08 22:15:13 36352 ----a-w- c:\windows\system32\drivers\OLD607.tmp

2010-12-08 22:15:07 36352 ----a-w- c:\windows\system32\drivers\OLD604.tmp

2010-12-08 22:15:01 36352 ----a-w- c:\windows\system32\drivers\OLD601.tmp

2010-12-08 22:14:54 36352 ----a-w- c:\windows\system32\drivers\OLD5FE.tmp

2010-12-08 22:14:48 36352 ----a-w- c:\windows\system32\drivers\OLD5FB.tmp

2010-12-08 22:14:42 36352 ----a-w- c:\windows\system32\drivers\OLD5F8.tmp

2010-12-08 22:14:36 36352 ----a-w- c:\windows\system32\drivers\OLD5F5.tmp

2010-12-08 22:14:30 36352 ----a-w- c:\windows\system32\drivers\OLD5F2.tmp

2010-12-08 22:14:23 36352 ----a-w- c:\windows\system32\drivers\OLD5EF.tmp

2010-12-08 22:14:17 36352 ----a-w- c:\windows\system32\drivers\OLD5EC.tmp

2010-12-08 22:14:12 36352 ----a-w- c:\windows\system32\drivers\OLD5E9.tmp

2010-12-08 22:14:05 36352 ----a-w- c:\windows\system32\drivers\OLD5E6.tmp

2010-12-08 22:13:59 36352 ----a-w- c:\windows\system32\drivers\OLD5E3.tmp

2010-12-08 22:13:53 36352 ----a-w- c:\windows\system32\drivers\OLD5E0.tmp

2010-12-08 22:13:47 36352 ----a-w- c:\windows\system32\drivers\OLD5DD.tmp

2010-12-08 22:13:41 36352 ----a-w- c:\windows\system32\drivers\OLD5DA.tmp

2010-12-08 22:13:36 36352 ----a-w- c:\windows\system32\drivers\OLD5D7.tmp

2010-12-08 22:13:30 36352 ----a-w- c:\windows\system32\drivers\OLD5D4.tmp

2010-12-08 22:13:24 36352 ----a-w- c:\windows\system32\drivers\OLD5D1.tmp

2010-12-08 22:13:17 36352 ----a-w- c:\windows\system32\drivers\OLD5CE.tmp

2010-12-08 22:13:11 36352 ----a-w- c:\windows\system32\drivers\OLD5CB.tmp

2010-12-08 22:13:05 36352 ----a-w- c:\windows\system32\drivers\OLD5C8.tmp

2010-12-08 22:12:59 36352 ----a-w- c:\windows\system32\drivers\OLD5C5.tmp

2010-12-08 22:12:53 36352 ----a-w- c:\windows\system32\drivers\OLD5C2.tmp

2010-12-08 22:12:47 36352 ----a-w- c:\windows\system32\drivers\OLD5BF.tmp

2010-12-08 22:12:41 36352 ----a-w- c:\windows\system32\drivers\OLD5BC.tmp

2010-12-08 22:12:36 36352 ----a-w- c:\windows\system32\drivers\OLD5B9.tmp

2010-12-08 22:12:29 36352 ----a-w- c:\windows\system32\drivers\OLD5B6.tmp

2010-12-08 22:12:23 36352 ----a-w- c:\windows\system32\drivers\OLD5B3.tmp

2010-12-08 22:12:17 36352 ----a-w- c:\windows\system32\drivers\OLD5B0.tmp

2010-12-08 22:12:12 36352 ----a-w- c:\windows\system32\drivers\OLD5AD.tmp

2010-12-08 22:12:05 36352 ----a-w- c:\windows\system32\drivers\OLD5AA.tmp

2010-12-08 22:11:59 36352 ----a-w- c:\windows\system32\drivers\OLD5A7.tmp

2010-12-08 22:11:53 36352 ----a-w- c:\windows\system32\drivers\OLD5A4.tmp

2010-12-08 22:11:46 36352 ----a-w- c:\windows\system32\drivers\OLD5A1.tmp

2010-12-08 22:11:40 36352 ----a-w- c:\windows\system32\drivers\OLD59E.tmp

2010-12-08 22:11:35 36352 ----a-w- c:\windows\system32\drivers\OLD59B.tmp

2010-12-08 22:11:29 36352 ----a-w- c:\windows\system32\drivers\OLD598.tmp

2010-12-08 22:11:23 36352 ----a-w- c:\windows\system32\drivers\OLD595.tmp

2010-12-08 22:11:17 36352 ----a-w- c:\windows\system32\drivers\OLD592.tmp

2010-12-08 22:11:11 36352 ----a-w- c:\windows\system32\drivers\OLD58F.tmp

2010-12-08 22:11:05 36352 ----a-w- c:\windows\system32\drivers\OLD58C.tmp

2010-12-08 22:10:59 36352 ----a-w- c:\windows\system32\drivers\OLD589.tmp

2010-12-08 22:10:54 36352 ----a-w- c:\windows\system32\drivers\OLD586.tmp

2010-12-08 22:10:48 36352 ----a-w- c:\windows\system32\drivers\OLD583.tmp

2010-12-08 22:10:42 36352 ----a-w- c:\windows\system32\drivers\OLD580.tmp

2010-12-08 22:10:36 36352 ----a-w- c:\windows\system32\drivers\OLD57D.tmp

2010-12-08 22:10:30 36352 ----a-w- c:\windows\system32\drivers\OLD57A.tmp

2010-12-08 22:10:24 36352 ----a-w- c:\windows\system32\drivers\OLD577.tmp

2010-12-08 22:10:18 36352 ----a-w- c:\windows\system32\drivers\OLD574.tmp

2010-12-08 22:10:11 36352 ----a-w- c:\windows\system32\drivers\OLD571.tmp

2010-12-08 22:10:06 36352 ----a-w- c:\windows\system32\drivers\OLD56E.tmp

2010-12-08 22:10:00 36352 ----a-w- c:\windows\system32\drivers\OLD56B.tmp

2010-12-08 22:09:54 36352 ----a-w- c:\windows\system32\drivers\OLD568.tmp

2010-12-08 22:09:48 36352 ----a-w- c:\windows\system32\drivers\OLD565.tmp

2010-12-08 22:09:42 36352 ----a-w- c:\windows\system32\drivers\OLD562.tmp

2010-12-08 22:09:37 36352 ----a-w- c:\windows\system32\drivers\OLD55F.tmp

2010-12-08 22:09:31 36352 ----a-w- c:\windows\system32\drivers\OLD55C.tmp

2010-12-08 22:09:25 36352 ----a-w- c:\windows\system32\drivers\OLD559.tmp

2010-12-08 22:09:15 36352 ----a-w- c:\windows\system32\drivers\OLD556.tmp

2010-12-08 22:09:08 36352 ----a-w- c:\windows\system32\drivers\OLD553.tmp

2010-12-08 22:08:57 36352 ----a-w- c:\windows\system32\drivers\OLD550.tmp

2010-12-08 22:08:51 36352 ----a-w- c:\windows\system32\drivers\OLD54D.tmp

2010-12-08 22:08:42 36352 ----a-w- c:\windows\system32\drivers\OLD54A.tmp

2010-12-08 22:08:36 36352 ----a-w- c:\windows\system32\drivers\OLD547.tmp

2010-12-08 22:07:18 36352 ----a-w- c:\windows\system32\drivers\OLD541.tmp

2010-12-08 22:07:10 36352 ----a-w- c:\windows\system32\drivers\OLD53E.tmp

2010-12-08 22:07:02 36352 ----a-w- c:\windows\system32\drivers\OLD53B.tmp

2010-12-08 22:06:56 36352 ----a-w- c:\windows\system32\drivers\OLD538.tmp

2010-12-08 22:06:48 36352 ----a-w- c:\windows\system32\drivers\OLD535.tmp

2010-12-08 22:06:39 36352 ----a-w- c:\windows\system32\drivers\OLD532.tmp

2010-12-08 22:06:30 36352 ----a-w- c:\windows\system32\drivers\OLD52F.tmp

2010-12-08 22:06:24 36352 ----a-w- c:\windows\system32\drivers\OLD52C.tmp

2010-12-08 22:06:18 36352 ----a-w- c:\windows\system32\drivers\OLD529.tmp

2010-12-08 22:06:09 36352 ----a-w- c:\windows\system32\drivers\OLD526.tmp

2010-12-08 22:06:03 36352 ----a-w- c:\windows\system32\drivers\OLD523.tmp

2010-12-08 22:05:55 36352 ----a-w- c:\windows\system32\drivers\OLD520.tmp

2010-12-08 22:05:45 36352 ----a-w- c:\windows\system32\drivers\OLD51D.tmp

2010-12-08 22:05:37 36352 ----a-w- c:\windows\system32\drivers\OLD51A.tmp

2010-12-08 22:05:31 36352 ----a-w- c:\windows\system32\drivers\OLD517.tmp

2010-12-08 22:05:24 36352 ----a-w- c:\windows\system32\drivers\OLD514.tmp

2010-12-08 22:05:17 36352 ----a-w- c:\windows\system32\drivers\OLD511.tmp

2010-12-08 22:05:10 36352 ----a-w- c:\windows\system32\drivers\OLD50E.tmp

2010-12-08 22:05:03 36352 ----a-w- c:\windows\system32\drivers\OLD50B.tmp

2010-12-08 22:04:57 36352 ----a-w- c:\windows\system32\drivers\OLD508.tmp

2010-12-08 22:04:48 36352 ----a-w- c:\windows\system32\drivers\OLD505.tmp

2010-12-08 22:04:42 36352 ----a-w- c:\windows\system32\drivers\OLD502.tmp

2010-12-08 22:04:35 36352 ----a-w- c:\windows\system32\drivers\OLD4FF.tmp

2010-12-08 22:04:27 36352 ----a-w- c:\windows\system32\drivers\OLD4FC.tmp

2010-12-08 22:04:19 36352 ----a-w- c:\windows\system32\drivers\OLD4F9.tmp

2010-12-08 22:04:13 36352 ----a-w- c:\windows\system32\drivers\OLD4F6.tmp

2010-12-08 22:02:55 36352 ----a-w- c:\windows\system32\drivers\OLD4F0.tmp

2010-12-08 22:02:47 36352 ----a-w- c:\windows\system32\drivers\OLD4ED.tmp

2010-12-08 22:02:41 36352 ----a-w- c:\windows\system32\drivers\OLD4EA.tmp

2010-12-08 22:02:34 36352 ----a-w- c:\windows\system32\drivers\OLD4E7.tmp

2010-12-08 22:02:26 36352 ----a-w- c:\windows\system32\drivers\OLD4E4.tmp

2010-12-08 22:02:21 36352 ----a-w- c:\windows\system32\drivers\OLD4E1.tmp

2010-12-08 22:02:14 36352 ----a-w- c:\windows\system32\drivers\OLD4DE.tmp

2010-12-08 22:02:07 36352 ----a-w- c:\windows\system32\drivers\OLD4DB.tmp

2010-12-08 22:01:59 36352 ----a-w- c:\windows\system32\drivers\OLD4D8.tmp

2010-12-08 22:01:52 36352 ----a-w- c:\windows\system32\drivers\OLD4D5.tmp

2010-12-08 22:01:42 36352 ----a-w- c:\windows\system32\drivers\OLD4D2.tmp

2010-12-08 22:01:33 36352 ----a-w- c:\windows\system32\drivers\OLD4CF.tmp

2010-12-08 22:01:26 36352 ----a-w- c:\windows\system32\drivers\OLD4CC.tmp

2010-12-08 22:01:18 36352 ----a-w- c:\windows\system32\drivers\OLD4C9.tmp

2010-12-08 22:01:12 36352 ----a-w- c:\windows\system32\drivers\OLD4C6.tmp

2010-12-08 22:01:02 36352 ----a-w- c:\windows\system32\drivers\OLD4C3.tmp

2010-12-08 22:00:56 36352 ----a-w- c:\windows\system32\drivers\OLD4C0.tmp

2010-12-08 22:00:49 36352 ----a-w- c:\windows\system32\drivers\OLD4BD.tmp

2010-12-08 22:00:42 36352 ----a-w- c:\windows\system32\drivers\OLD4BA.tmp

2010-12-08 22:00:35 36352 ----a-w- c:\windows\system32\drivers\OLD4B7.tmp

2010-12-08 22:00:29 36352 ----a-w- c:\windows\system32\drivers\OLD4B4.tmp

2010-12-08 22:00:21 36352 ----a-w- c:\windows\system32\drivers\OLD4B1.tmp

2010-12-08 22:00:14 36352 ----a-w- c:\windows\system32\drivers\OLD4AE.tmp

2010-12-08 22:00:08 36352 ----a-w- c:\windows\system32\drivers\OLD4AB.tmp

2010-12-08 22:00:00 36352 ----a-w- c:\windows\system32\drivers\OLD4A8.tmp

2010-12-08 21:59:54 36352 ----a-w- c:\windows\system32\drivers\OLD4A5.tmp

2010-12-08 21:59:46 36352 ----a-w- c:\windows\system32\drivers\OLD4A2.tmp

2010-12-08 21:59:40 36352 ----a-w- c:\windows\system32\drivers\OLD49F.tmp

2010-12-08 21:59:33 36352 ----a-w- c:\windows\system32\drivers\OLD49C.tmp

2010-12-08 21:59:26 36352 ----a-w- c:\windows\system32\drivers\OLD499.tmp

2010-12-08 21:59:18 36352 ----a-w- c:\windows\system32\drivers\OLD496.tmp

2010-12-08 21:59:12 36352 ----a-w- c:\windows\system32\drivers\OLD493.tmp

2010-12-08 21:59:04 36352 ----a-w- c:\windows\system32\drivers\OLD490.tmp

2010-12-08 21:58:56 36352 ----a-w- c:\windows\system32\drivers\OLD48D.tmp

2010-12-08 21:58:50 36352 ----a-w- c:\windows\system32\drivers\OLD48A.tmp

2010-12-08 21:57:34 36352 ----a-w- c:\windows\system32\drivers\OLD484.tmp

2010-12-08 21:57:25 36352 ----a-w- c:\windows\system32\drivers\OLD481.tmp

2010-12-08 21:57:18 36352 ----a-w- c:\windows\system32\drivers\OLD47E.tmp

2010-12-08 21:57:11 36352 ----a-w- c:\windows\system32\drivers\OLD47B.tmp

2010-12-08 21:57:06 36352 ----a-w- c:\windows\system32\drivers\OLD478.tmp

2010-12-08 21:56:58 36352 ----a-w- c:\windows\system32\drivers\OLD475.tmp

2010-12-08 21:56:46 36352 ----a-w- c:\windows\system32\drivers\OLD472.tmp

2010-12-08 21:56:38 36352 ----a-w- c:\windows\system32\drivers\OLD46F.tmp

2010-12-08 21:56:33 36352 ----a-w- c:\windows\system32\drivers\OLD46C.tmp

2010-12-08 21:56:26 36352 ----a-w- c:\windows\system32\drivers\OLD469.tmp

2010-12-08 21:56:18 36352 ----a-w- c:\windows\system32\drivers\OLD466.tmp

2010-12-08 21:56:11 36352 ----a-w- c:\windows\system32\drivers\OLD463.tmp

2010-12-08 21:56:06 36352 ----a-w- c:\windows\system32\drivers\OLD460.tmp

2010-12-08 21:55:57 36352 ----a-w- c:\windows\system32\drivers\OLD45D.tmp

2010-12-08 21:55:46 36352 ----a-w- c:\windows\system32\drivers\OLD45A.tmp

2010-12-08 21:55:39 36352 ----a-w- c:\windows\system32\drivers\OLD457.tmp

2010-12-08 21:55:32 36352 ----a-w- c:\windows\system32\drivers\OLD454.tmp

2010-12-08 21:55:26 36352 ----a-w- c:\windows\system32\drivers\OLD451.tmp

2010-12-08 21:55:18 36352 ----a-w- c:\windows\system32\drivers\OLD44E.tmp

2010-12-08 21:55:12 36352 ----a-w- c:\windows\system32\drivers\OLD44B.tmp

2010-12-08 21:55:01 36352 ----a-w- c:\windows\system32\drivers\OLD448.tmp

2010-12-08 21:54:51 36352 ----a-w- c:\windows\system32\drivers\OLD445.tmp

2010-12-08 21:54:41 36352 ----a-w- c:\windows\system32\drivers\OLD442.tmp

2010-12-08 21:54:33 36352 ----a-w- c:\windows\system32\drivers\OLD43F.tmp

2010-12-08 21:54:27 36352 ----a-w- c:\windows\system32\drivers\OLD43C.tmp

2010-12-08 21:54:18 36352 ----a-w- c:\windows\system32\drivers\OLD439.tmp

2010-12-08 21:54:11 36352 ----a-w- c:\windows\system32\drivers\OLD436.tmp

2010-12-08 21:54:04 36352 ----a-w- c:\windows\system32\drivers\OLD433.tmp

2010-12-08 21:53:54 36352 ----a-w- c:\windows\system32\drivers\OLD430.tmp

2010-12-08 21:53:46 36352 ----a-w- c:\windows\system32\drivers\OLD42D.tmp

2010-12-08 21:53:36 36352 ----a-w- c:\windows\system32\drivers\OLD42A.tmp

2010-12-08 21:53:28 36352 ----a-w- c:\windows\system32\drivers\OLD427.tmp

2010-12-08 21:53:19 36352 ----a-w- c:\windows\system32\drivers\OLD424.tmp

2010-12-08 21:53:09 36352 ----a-w- c:\windows\system32\drivers\OLD421.tmp

2010-12-08 21:53:03 36352 ----a-w- c:\windows\system32\drivers\OLD41E.tmp

2010-12-08 21:52:57 36352 ----a-w- c:\windows\system32\drivers\OLD41B.tmp

2010-12-08 21:52:47 36352 ----a-w- c:\windows\system32\drivers\OLD418.tmp

2010-12-08 21:52:36 36352 ----a-w- c:\windows\system32\drivers\OLD415.tmp

2010-12-08 21:52:30 36352 ----a-w- c:\windows\system32\drivers\OLD412.tmp

2010-12-08 21:52:23 36352 ----a-w- c:\windows\system32\drivers\OLD40F.tmp

2010-12-08 21:52:13 36352 ----a-w- c:\windows\system32\drivers\OLD40C.tmp

2010-12-08 21:52:02 36352 ----a-w- c:\windows\system32\drivers\OLD409.tmp

2010-12-08 21:51:52 36352 ----a-w- c:\windows\system32\drivers\OLD406.tmp

2010-12-08 21:51:45 36352 ----a-w- c:\windows\system32\drivers\OLD403.tmp

2010-12-08 21:51:36 36352 ----a-w- c:\windows\system32\drivers\OLD400.tmp

2010-12-08 21:51:29 36352 ----a-w- c:\windows\system32\drivers\OLD3FD.tmp

2010-12-08 21:51:23 36352 ----a-w- c:\windows\system32\drivers\OLD3FA.tmp

2010-12-08 21:51:14 36352 ----a-w- c:\windows\system32\drivers\OLD3F7.tmp

2010-12-08 21:51:09 36352 ----a-w- c:\windows\system32\drivers\OLD3F4.tmp

2010-12-08 21:51:03 36352 ----a-w- c:\windows\system32\drivers\OLD3F1.tmp

2010-12-08 21:50:57 36352 ----a-w- c:\windows\system32\drivers\OLD3EE.tmp

2010-12-08 21:50:51 36352 ----a-w- c:\windows\system32\drivers\OLD3EB.tmp

2010-12-08 21:50:45 36352 ----a-w- c:\windows\system32\drivers\OLD3E8.tmp

2010-12-08 21:50:40 36352 ----a-w- c:\windows\system32\drivers\OLD3E5.tmp

2010-12-08 21:50:34 36352 ----a-w- c:\windows\system32\drivers\OLD3E2.tmp

2010-12-08 21:50:27 36352 ----a-w- c:\windows\system32\drivers\OLD3DF.tmp

2010-12-08 21:50:21 36352 ----a-w- c:\windows\system32\drivers\OLD3DC.tmp

2010-12-08 21:50:15 36352 ----a-w- c:\windows\system32\drivers\OLD3D9.tmp

2010-12-08 21:50:08 36352 ----a-w- c:\windows\system32\drivers\OLD3D6.tmp

2010-12-08 21:50:02 36352 ----a-w- c:\windows\system32\drivers\OLD3D3.tmp

2010-12-08 21:49:55 36352 ----a-w- c:\windows\system32\drivers\OLD3D0.tmp

2010-12-08 21:49:47 36352 ----a-w- c:\windows\system32\drivers\OLD3CD.tmp

2010-12-08 21:49:41 36352 ----a-w- c:\windows\system32\drivers\OLD3CA.tmp

2010-12-08 21:47:56 36352 ----a-w- c:\windows\system32\drivers\OLD3C3.tmp

2010-12-08 21:47:50 36352 ----a-w- c:\windows\system32\drivers\OLD3C0.tmp

2010-12-08 21:47:43 36352 ----a-w- c:\windows\system32\drivers\OLD3BD.tmp

2010-12-08 21:47:36 36352 ----a-w- c:\windows\system32\drivers\OLD3BA.tmp

2010-12-08 21:47:29 36352 ----a-w- c:\windows\system32\drivers\OLD3B7.tmp

2010-12-08 21:47:22 36352 ----a-w- c:\windows\system32\drivers\OLD3B4.tmp

2010-12-08 21:47:13 36352 ----a-w- c:\windows\system32\drivers\OLD3B1.tmp

2010-12-08 21:47:05 36352 ----a-w- c:\windows\system32\drivers\OLD3AE.tmp

2010-12-08 21:46:58 36352 ----a-w- c:\windows\system32\drivers\OLD3AB.tmp

2010-12-08 21:46:51 36352 ----a-w- c:\windows\system32\drivers\OLD3A8.tmp

2010-12-08 21:46:44 36352 ----a-w- c:\windows\system32\drivers\OLD3A5.tmp

2010-12-08 21:46:38 36352 ----a-w- c:\windows\system32\drivers\OLD3A2.tmp

2010-12-08 21:46:31 36352 ----a-w- c:\windows\system32\drivers\OLD39F.tmp

2010-12-08 21:46:23 36352 ----a-w- c:\windows\system32\drivers\OLD39C.tmp

2010-12-08 21:46:17 36352 ----a-w- c:\windows\system32\drivers\OLD399.tmp

2010-12-08 21:46:10 36352 ----a-w- c:\windows\system32\drivers\OLD396.tmp

2010-12-08 21:46:04 36352 ----a-w- c:\windows\system32\drivers\OLD393.tmp

2010-12-08 21:45:57 36352 ----a-w- c:\windows\system32\drivers\OLD390.tmp

2010-12-08 21:45:51 36352 ----a-w- c:\windows\system32\drivers\OLD38C.tmp

2010-12-08 21:45:44 36352 ----a-w- c:\windows\system32\drivers\OLD388.tmp

2010-12-08 21:45:38 36352 ----a-w- c:\windows\system32\drivers\OLD385.tmp

2010-12-08 21:45:32 36352 ----a-w- c:\windows\system32\drivers\OLD382.tmp

2010-12-08 21:45:25 36352 ----a-w- c:\windows\system32\drivers\OLD37F.tmp

2010-12-08 21:45:19 36352 ----a-w- c:\windows\system32\drivers\OLD37C.tmp

2010-12-08 21:45:11 36352 ----a-w- c:\windows\system32\drivers\OLD379.tmp

2010-12-08 21:45:05 36352 ----a-w- c:\windows\system32\drivers\OLD376.tmp

2010-12-08 21:44:58 36352 ----a-w- c:\windows\system32\drivers\OLD373.tmp

2010-12-08 21:44:52 36352 ----a-w- c:\windows\system32\drivers\OLD370.tmp

2010-12-08 21:44:45 36352 ----a-w- c:\windows\system32\drivers\OLD36D.tmp

2010-12-08 21:44:39 36352 ----a-w- c:\windows\system32\drivers\OLD36A.tmp

2010-12-08 21:44:30 36352 ----a-w- c:\windows\system32\drivers\OLD367.tmp

2010-12-08 21:44:19 36352 ----a-w- c:\windows\system32\drivers\OLD364.tmp

2010-12-08 21:44:13 36352 ----a-w- c:\windows\system32\drivers\OLD361.tmp

2010-12-08 21:44:05 36352 ----a-w- c:\windows\system32\drivers\OLD35E.tmp

2010-12-08 21:43:57 36352 ----a-w- c:\windows\system32\drivers\OLD35A.tmp

2010-12-08 21:43:51 36352 ----a-w- c:\windows\system32\drivers\OLD357.tmp

2010-12-08 21:43:44 36352 ----a-w- c:\windows\system32\drivers\OLD354.tmp

2010-12-08 21:43:36 36352 ----a-w- c:\windows\system32\drivers\OLD351.tmp

2010-12-08 21:43:31 36352 ----a-w- c:\windows\system32\drivers\OLD34D.tmp

2010-12-08 21:43:24 36352 ----a-w- c:\windows\system32\drivers\OLD34A.tmp

2010-12-08 21:43:17 36352 ----a-w- c:\windows\system32\drivers\OLD347.tmp

2010-12-08 21:43:10 36352 ----a-w- c:\windows\system32\drivers\OLD344.tmp

2010-12-08 21:43:04 36352 ----a-w- c:\windows\system32\drivers\OLD341.tmp

2010-12-08 21:42:58 36352 ----a-w- c:\windows\system32\drivers\OLD33E.tmp

2010-12-08 21:42:51 36352 ----a-w- c:\windows\system32\drivers\OLD33B.tmp

2010-12-08 21:42:44 36352 ----a-w- c:\windows\system32\drivers\OLD338.tmp

2010-12-08 21:42:37 36352 ----a-w- c:\windows\system32\drivers\OLD335.tmp

2010-12-08 21:42:31 36352 ----a-w- c:\windows\system32\drivers\OLD332.tmp

2010-12-08 21:42:24 36352 ----a-w- c:\windows\system32\drivers\OLD32F.tmp

2010-12-08 21:42:16 36352 ----a-w- c:\windows\system32\drivers\OLD32C.tmp

2010-12-08 21:42:10 36352 ----a-w- c:\windows\system32\drivers\OLD329.tmp

2010-12-08 21:42:03 36352 ----a-w- c:\windows\system32\drivers\OLD326.tmp

2010-12-08 21:41:56 36352 ----a-w- c:\windows\system32\drivers\OLD323.tmp

2010-12-08 21:41:49 36352 ----a-w- c:\windows\system32\drivers\OLD320.tmp

2010-12-08 21:41:42 36352 ----a-w- c:\windows\system32\drivers\OLD31D.tmp

2010-12-08 21:41:35 36352 ----a-w- c:\windows\system32\drivers\OLD31A.tmp

2010-12-08 21:41:27 36352 ----a-w- c:\windows\system32\drivers\OLD317.tmp

2010-12-08 21:41:21 36352 ----a-w- c:\windows\system32\drivers\OLD314.tmp

2010-12-08 21:41:14 36352 ----a-w- c:\windows\system32\drivers\OLD311.tmp

2010-12-08 21:41:06 36352 ----a-w- c:\windows\system32\drivers\OLD30E.tmp

2010-12-08 21:40:57 36352 ----a-w- c:\windows\system32\drivers\OLD30B.tmp

2010-12-08 21:40:50 36352 ----a-w- c:\windows\system32\drivers\OLD308.tmp

2010-12-08 21:40:44 36352 ----a-w- c:\windows\system32\drivers\OLD305.tmp

2010-12-08 21:40:38 36352 ----a-w- c:\windows\system32\drivers\OLD302.tmp

2010-12-08 21:40:32 36352 ----a-w- c:\windows\system32\drivers\OLD2FF.tmp

2010-12-08 21:40:27 36352 ----a-w- c:\windows\system32\drivers\OLD2FC.tmp

2010-12-08 21:40:20 36352 ----a-w- c:\windows\system32\drivers\OLD2F9.tmp

2010-12-08 21:40:14 36352 ----a-w- c:\windows\system32\drivers\OLD2F6.tmp

2010-12-08 21:40:09 36352 ----a-w- c:\windows\system32\drivers\OLD2F3.tmp

2010-12-08 21:40:03 36352 ----a-w- c:\windows\system32\drivers\OLD2F0.tmp

2010-12-08 21:39:57 36352 ----a-w- c:\windows\system32\drivers\OLD2ED.tmp

2010-12-08 21:39:51 36352 ----a-w- c:\windows\system32\drivers\OLD2EA.tmp

2010-12-08 21:39:45 36352 ----a-w- c:\windows\system32\drivers\OLD2E7.tmp

2010-12-08 21:39:39 36352 ----a-w- c:\windows\system32\drivers\OLD2E4.tmp

2010-12-08 21:39:33 36352 ----a-w- c:\windows\system32\drivers\OLD2E1.tmp

2010-12-08 21:39:27 36352 ----a-w- c:\windows\system32\drivers\OLD2DE.tmp

2010-12-08 21:39:21 36352 ----a-w- c:\windows\system32\drivers\OLD2DB.tmp

2010-12-08 21:39:15 36352 ----a-w- c:\windows\system32\drivers\OLD2D8.tmp

2010-12-08 21:39:09 36352 ----a-w- c:\windows\system32\drivers\OLD2D5.tmp

2010-12-08 21:39:03 36352 ----a-w- c:\windows\system32\drivers\OLD2D2.tmp

2010-12-08 21:38:57 36352 ----a-w- c:\windows\system32\drivers\OLD2CF.tmp

2010-12-08 21:38:51 36352 ----a-w- c:\windows\system32\drivers\OLD2CC.tmp

2010-12-08 21:38:45 36352 ----a-w- c:\windows\system32\drivers\OLD2C9.tmp

2010-12-08 21:38:39 36352 ----a-w- c:\windows\system32\drivers\OLD2C6.tmp

2010-12-08 21:38:33 36352 ----a-w- c:\windows\system32\drivers\OLD2C3.tmp

2010-12-08 21:38:27 36352 ----a-w- c:\windows\system32\drivers\OLD2C0.tmp

2010-12-08 21:38:21 36352 ----a-w- c:\windows\system32\drivers\OLD2BD.tmp

2010-12-08 21:38:15 36352 ----a-w- c:\windows\system32\drivers\OLD2BA.tmp

2010-12-08 21:38:09 36352 ----a-w- c:\windows\system32\drivers\OLD2B7.tmp

2010-12-08 21:38:02 36352 ----a-w- c:\windows\system32\drivers\OLD2B4.tmp

2010-12-08 21:37:56 36352 ----a-w- c:\windows\system32\drivers\OLD2B1.tmp

2010-12-08 21:37:51 36352 ----a-w- c:\windows\system32\drivers\OLD2AE.tmp

2010-12-08 21:37:45 36352 ----a-w- c:\windows\system32\drivers\OLD2AB.tmp

2010-12-08 21:37:39 36352 ----a-w- c:\windows\system32\drivers\OLD2A8.tmp

2010-12-08 21:37:33 36352 ----a-w- c:\windows\system32\drivers\OLD2A5.tmp

2010-12-08 21:37:27 36352 ----a-w- c:\windows\system32\drivers\OLD2A2.tmp

2010-12-08 21:37:21 36352 ----a-w- c:\windows\system32\drivers\OLD29F.tmp

2010-12-08 21:37:15 36352 ----a-w- c:\windows\system32\drivers\OLD29C.tmp

2010-12-08 21:37:09 36352 ----a-w- c:\windows\system32\drivers\OLD299.tmp

2010-12-08 21:37:02 36352 ----a-w- c:\windows\system32\drivers\OLD296.tmp

2010-12-08 21:36:57 36352 ----a-w- c:\windows\system32\drivers\OLD293.tmp

2010-12-08 21:36:50 36352 ----a-w- c:\windows\system32\drivers\OLD290.tmp

2010-12-08 21:36:44 36352 ----a-w- c:\windows\system32\drivers\OLD28D.tmp

2010-12-08 21:36:38 36352 ----a-w- c:\windows\system32\drivers\OLD28A.tmp

2010-12-08 21:36:32 36352 ----a-w- c:\windows\system32\drivers\OLD287.tmp

2010-12-08 21:36:26 36352 ----a-w- c:\windows\system32\drivers\OLD284.tmp

2010-12-08 21:36:20 36352 ----a-w- c:\windows\system32\drivers\OLD281.tmp

2010-12-08 21:36:15 36352 ----a-w- c:\windows\system32\drivers\OLD27E.tmp

2010-12-08 21:36:09 36352 ----a-w- c:\windows\system32\drivers\OLD27B.tmp

2010-12-08 21:36:03 36352 ----a-w- c:\windows\system32\drivers\OLD278.tmp

2010-12-08 21:35:57 36352 ----a-w- c:\windows\system32\drivers\OLD275.tmp

2010-12-08 21:35:51 36352 ----a-w- c:\windows\system32\drivers\OLD272.tmp

2010-12-08 21:35:45 36352 ----a-w- c:\windows\system32\drivers\OLD26F.tmp

2010-12-08 21:35:40 36352 ----a-w- c:\windows\system32\drivers\OLD26C.tmp

2010-12-08 21:35:33 36352 ----a-w- c:\windows\system32\drivers\OLD269.tmp

2010-12-08 21:35:27 36352 ----a-w- c:\windows\system32\drivers\OLD266.tmp

2010-12-08 21:35:22 36352 ----a-w- c:\windows\system32\drivers\OLD263.tmp

2010-12-08 21:35:16 36352 ----a-w- c:\windows\system32\drivers\OLD260.tmp

2010-12-08 21:35:10 36352 ----a-w- c:\windows\system32\drivers\OLD25D.tmp

2010-12-08 21:35:05 36352 ----a-w- c:\windows\system32\drivers\OLD25A.tmp

2010-12-08 21:34:59 36352 ----a-w- c:\windows\system32\drivers\OLD257.tmp

2010-12-08 21:34:53 36352 ----a-w- c:\windows\system32\drivers\OLD254.tmp

2010-12-08 21:34:47 36352 ----a-w- c:\windows\system32\drivers\OLD251.tmp

2010-12-08 21:34:41 36352 ----a-w- c:\windows\system32\drivers\OLD24E.tmp

2010-12-08 21:34:35 36352 ----a-w- c:\windows\system32\drivers\OLD24B.tmp

2010-12-08 21:34:29 36352 ----a-w- c:\windows\system32\drivers\OLD248.tmp

2010-12-08 21:34:23 36352 ----a-w- c:\windows\system32\drivers\OLD245.tmp

2010-12-08 21:34:17 36352 ----a-w- c:\windows\system32\drivers\OLD242.tmp

2010-12-08 21:34:12 36352 ----a-w- c:\windows\system32\drivers\OLD23F.tmp

2010-12-08 21:34:06 36352 ----a-w- c:\windows\system32\drivers\OLD23C.tmp

2010-12-08 21:34:01 36352 ----a-w- c:\windows\system32\drivers\OLD239.tmp

2010-12-08 21:33:55 36352 ----a-w- c:\windows\system32\drivers\OLD236.tmp

2010-12-08 21:33:49 36352 ----a-w- c:\windows\system32\drivers\OLD233.tmp

2010-12-08 21:33:43 36352 ----a-w- c:\windows\system32\drivers\OLD230.tmp

2010-12-08 21:33:38 36352 ----a-w- c:\windows\system32\drivers\OLD22D.tmp

2010-12-08 21:33:32 36352 ----a-w- c:\windows\system32\drivers\OLD22A.tmp

2010-12-08 21:33:26 36352 ----a-w- c:\windows\system32\drivers\OLD227.tmp

2010-12-08 21:33:20 36352 ----a-w- c:\windows\system32\drivers\OLD224.tmp

2010-12-08 21:33:15 36352 ----a-w- c:\windows\system32\drivers\OLD221.tmp

2010-12-08 21:33:09 36352 ----a-w- c:\windows\system32\drivers\OLD21E.tmp

2010-12-08 21:33:03 36352 ----a-w- c:\windows\system32\drivers\OLD21B.tmp

2010-12-08 21:32:58 36352 ----a-w- c:\windows\system32\drivers\OLD218.tmp

2010-12-08 21:32:52 36352 ----a-w- c:\windows\system32\drivers\OLD215.tmp

2010-12-08 21:32:46 36352 ----a-w- c:\windows\system32\drivers\OLD212.tmp

2010-12-08 21:32:41 36352 ----a-w- c:\windows\system32\drivers\OLD20F.tmp

2010-12-08 21:32:35 36352 ----a-w- c:\windows\system32\drivers\OLD20C.tmp

2010-12-08 21:32:29 36352 ----a-w- c:\windows\system32\drivers\OLD209.tmp

2010-12-08 21:32:23 36352 ----a-w- c:\windows\system32\drivers\OLD206.tmp

2010-12-08 21:32:18 36352 ----a-w- c:\windows\system32\drivers\OLD203.tmp

2010-12-08 21:32:12 36352 ----a-w- c:\windows\system32\drivers\OLD200.tmp

2010-12-08 21:32:06 36352 ----a-w- c:\windows\system32\drivers\OLD1FD.tmp

2010-12-08 21:32:00 36352 ----a-w- c:\windows\system32\drivers\OLD1FA.tmp

2010-12-08 21:31:54 36352 ----a-w- c:\windows\system32\drivers\OLD1F7.tmp

2010-12-08 21:31:48 36352 ----a-w- c:\windows\system32\drivers\OLD1F4.tmp

2010-12-08 21:31:42 36352 ----a-w- c:\windows\system32\drivers\OLD1F1.tmp

2010-12-08 21:31:37 36352 ----a-w- c:\windows\system32\drivers\OLD1EE.tmp

2010-12-08 21:31:31 36352 ----a-w- c:\windows\system32\drivers\OLD1EB.tmp

2010-12-08 21:31:25 36352 ----a-w- c:\windows\system32\drivers\OLD1E8.tmp

2010-12-08 21:31:19 36352 ----a-w- c:\windows\system32\drivers\OLD1E5.tmp

2010-12-08 21:31:13 36352 ----a-w- c:\windows\system32\drivers\OLD1E2.tmp

2010-12-08 21:31:08 36352 ----a-w- c:\windows\system32\drivers\OLD1DF.tmp

2010-12-08 21:31:02 36352 ----a-w- c:\windows\system32\drivers\OLD1DC.tmp

2010-12-08 21:30:56 36352 ----a-w- c:\windows\system32\drivers\OLD1D9.tmp

2010-12-08 21:30:50 36352 ----a-w- c:\windows\system32\drivers\OLD1D6.tmp

2010-12-08 21:30:44 36352 ----a-w- c:\windows\system32\drivers\OLD1D3.tmp

2010-12-08 21:30:38 36352 ----a-w- c:\windows\system32\drivers\OLD1D0.tmp

2010-12-08 21:30:32 36352 ----a-w- c:\windows\system32\drivers\OLD1CD.tmp

2010-12-08 21:30:27 36352 ----a-w- c:\windows\system32\drivers\OLD1CA.tmp

2010-12-08 21:30:21 36352 ----a-w- c:\windows\system32\drivers\OLD1C7.tmp

2010-12-08 21:30:14 36352 ----a-w- c:\windows\system32\drivers\OLD1C4.tmp

2010-12-08 21:30:09 36352 ----a-w- c:\windows\system32\drivers\OLD1C1.tmp

2010-12-08 21:30:02 36352 ----a-w- c:\windows\system32\drivers\OLD1BE.tmp

2010-12-08 21:29:57 36352 ----a-w- c:\windows\system32\drivers\OLD1BB.tmp

2010-12-08 21:29:51 36352 ----a-w- c:\windows\system32\drivers\OLD1B8.tmp

2010-12-08 21:29:45 36352 ----a-w- c:\windows\system32\drivers\OLD1B5.tmp

2010-12-08 21:29:39 36352 ----a-w- c:\windows\system32\drivers\OLD1B2.tmp

2010-12-08 21:29:33 36352 ----a-w- c:\windows\system32\drivers\OLD1AF.tmp

2010-12-08 21:29:27 36352 ----a-w- c:\windows\system32\drivers\OLD1AC.tmp

2010-12-08 21:29:21 36352 ----a-w- c:\windows\system32\drivers\OLD1A9.tmp

2010-12-08 21:29:15 36352 ----a-w- c:\windows\system32\drivers\OLD1A6.tmp

2010-12-08 21:29:09 36352 ----a-w- c:\windows\system32\drivers\OLD1A3.tmp

2010-12-08 21:29:03 36352 ----a-w- c:\windows\system32\drivers\OLD1A0.tmp

2010-12-08 21:28:57 36352 ----a-w- c:\windows\system32\drivers\OLD19D.tmp

2010-12-08 21:28:52 36352 ----a-w- c:\windows\system32\drivers\OLD19A.tmp

2010-12-08 21:28:46 36352 ----a-w- c:\windows\system32\drivers\OLD197.tmp

2010-12-08 21:28:41 36352 ----a-w- c:\windows\system32\drivers\OLD194.tmp

2010-12-08 21:28:35 36352 ----a-w- c:\windows\system32\drivers\OLD191.tmp

2010-12-08 21:28:29 36352 ----a-w- c:\windows\system32\drivers\OLD18E.tmp

2010-12-08 21:28:24 36352 ----a-w- c:\windows\system32\drivers\OLD18B.tmp

2010-12-08 21:28:18 36352 ----a-w- c:\windows\system32\drivers\OLD188.tmp

2010-12-08 21:28:12 36352 ----a-w- c:\windows\system32\drivers\OLD185.tmp

2010-12-08 21:28:07 36352 ----a-w- c:\windows\system32\drivers\OLD182.tmp

2010-12-08 21:28:01 36352 ----a-w- c:\windows\system32\drivers\OLD17F.tmp

2010-12-08 21:27:55 36352 ----a-w- c:\windows\system32\drivers\OLD17C.tmp

2010-12-08 21:27:50 36352 ----a-w- c:\windows\system32\drivers\OLD179.tmp

2010-12-08 21:27:44 36352 ----a-w- c:\windows\system32\drivers\OLD176.tmp

2010-12-08 21:27:39 36352 ----a-w- c:\windows\system32\drivers\OLD173.tmp

2010-12-08 21:27:33 36352 ----a-w- c:\windows\system32\drivers\OLD170.tmp

2010-12-08 21:27:27 36352 ----a-w- c:\windows\system32\drivers\OLD16D.tmp

2010-12-08 21:27:22 36352 ----a-w- c:\windows\system32\drivers\OLD16A.tmp

2010-12-08 21:27:15 36352 ----a-w- c:\windows\system32\drivers\OLD167.tmp

2010-12-08 21:27:09 36352 ----a-w- c:\windows\system32\drivers\OLD164.tmp

2010-12-08 21:27:04 36352 ----a-w- c:\windows\system32\drivers\OLD161.tmp

2010-12-08 21:26:58 36352 ----a-w- c:\windows\system32\drivers\OLD15E.tmp

2010-12-08 21:26:52 36352 ----a-w- c:\windows\system32\drivers\OLD15B.tmp

2010-12-08 21:26:47 36352 ----a-w- c:\windows\system32\drivers\OLD158.tmp

2010-12-08 21:26:41 36352 ----a-w- c:\windows\system32\drivers\OLD155.tmp

2010-12-08 21:26:35 36352 ----a-w- c:\windows\system32\drivers\OLD152.tmp

2010-12-08 21:26:29 36352 ----a-w- c:\windows\system32\drivers\OLD14F.tmp

2010-12-08 21:26:24 36352 ----a-w- c:\windows\system32\drivers\OLD14C.tmp

2010-12-08 21:26:18 36352 ----a-w- c:\windows\system32\drivers\OLD149.tmp

2010-12-08 21:26:12 36352 ----a-w- c:\windows\system32\drivers\OLD146.tmp

2010-12-08 21:26:05 36352 ----a-w- c:\windows\system32\drivers\OLD143.tmp

2010-12-08 21:25:59 36352 ----a-w- c:\windows\system32\drivers\OLD140.tmp

2010-12-08 21:25:52 36352 ----a-w- c:\windows\system32\drivers\OLD13D.tmp

2010-12-08 21:25:47 36352 ----a-w- c:\windows\system32\drivers\OLD13A.tmp

2010-12-08 21:25:40 36352 ----a-w- c:\windows\system32\drivers\OLD136.tmp

2010-12-08 21:25:34 36352 ----a-w- c:\windows\system32\drivers\OLD133.tmp

2010-12-08 21:25:27 36352 ----a-w- c:\windows\system32\drivers\OLD130.tmp

2010-12-08 21:25:21 36352 ----a-w- c:\windows\system32\drivers\OLD12C.tmp

2010-12-08 21:25:14 36352 ----a-w- c:\windows\system32\drivers\OLD129.tmp

2010-12-08 21:25:08 36352 ----a-w- c:\windows\system32\drivers\OLD126.tmp

2010-12-08 21:25:01 36352 ----a-w- c:\windows\system32\drivers\OLD123.tmp

2010-12-08 21:24:55 36352 ----a-w- c:\windows\system32\drivers\OLD120.tmp

2010-12-08 21:24:48 36352 ----a-w- c:\windows\system32\drivers\OLD11D.tmp

2010-12-08 21:24:40 36352 ----a-w- c:\windows\system32\drivers\OLD11A.tmp

2010-12-08 21:24:34 36352 ----a-w- c:\windows\system32\drivers\OLD117.tmp

2010-12-08 21:24:28 36352 ----a-w- c:\windows\system32\drivers\OLD114.tmp

2010-12-08 21:24:21 36352 ----a-w- c:\windows\system32\drivers\OLD111.tmp

2010-12-08 21:24:15 36352 ----a-w- c:\windows\system32\drivers\OLD10E.tmp

2010-12-08 21:24:09 36352 ----a-w- c:\windows\system32\drivers\OLD10B.tmp

2010-12-08 21:24:03 36352 ----a-w- c:\windows\system32\drivers\OLD108.tmp

2010-12-08 21:23:56 36352 ----a-w- c:\windows\system32\drivers\OLD105.tmp

2010-12-08 21:23:50 36352 ----a-w- c:\windows\system32\drivers\OLD102.tmp

2010-12-08 21:23:44 36352 ----a-w- c:\windows\system32\drivers\OLDFF.tmp

2010-12-08 21:23:38 36352 ----a-w- c:\windows\system32\drivers\OLDFC.tmp

2010-12-08 21:23:31 36352 ----a-w- c:\windows\system32\drivers\OLDF9.tmp

2010-12-08 21:23:25 36352 ----a-w- c:\windows\system32\drivers\OLDF6.tmp

2010-12-08 21:23:18 36352 ----a-w- c:\windows\system32\drivers\OLDF3.tmp

2010-12-08 21:23:11 36352 ----a-w- c:\windows\system32\drivers\OLDF0.tmp

2010-12-08 21:23:05 36352 ----a-w- c:\windows\system32\drivers\OLDED.tmp

2010-12-08 21:22:58 36352 ----a-w- c:\windows\system32\drivers\OLDEA.tmp

2010-12-08 21:22:52 36352 ----a-w- c:\windows\system32\drivers\OLDE7.tmp

2010-12-08 21:22:46 36352 ----a-w- c:\windows\system32\drivers\OLDE4.tmp

2010-12-08 21:22:39 36352 ----a-w- c:\windows\system32\drivers\OLDE1.tmp

2010-12-08 21:22:33 36352 ----a-w- c:\windows\system32\drivers\OLDDE.tmp

2010-12-08 21:22:26 36352 ----a-w- c:\windows\system32\drivers\OLDDB.tmp

2010-12-08 21:22:20 36352 ----a-w- c:\windows\system32\drivers\OLDD8.tmp

2010-12-08 21:22:13 36352 ----a-w- c:\windows\system32\drivers\OLDD5.tmp

2010-12-08 21:22:07 36352 ----a-w- c:\windows\system32\drivers\OLDD2.tmp

2010-12-08 21:22:01 36352 ----a-w- c:\windows\system32\drivers\OLDCF.tmp

2010-12-08 21:21:55 36352 ----a-w- c:\windows\system32\drivers\OLDCC.tmp

2010-12-08 21:21:46 36352 ----a-w- c:\windows\system32\drivers\OLDC9.tmp

2010-12-08 21:21:40 36352 ----a-w- c:\windows\system32\drivers\OLDC6.tmp

2010-12-08 21:21:34 36352 ----a-w- c:\windows\system32\drivers\OLDC3.tmp

2010-12-08 21:21:28 36352 ----a-w- c:\windows\system32\drivers\OLDC0.tmp

2010-12-08 21:21:22 36352 ----a-w- c:\windows\system32\drivers\OLDBD.tmp

2010-12-08 21:21:17 36352 ----a-w- c:\windows\system32\drivers\OLDBA.tmp

2010-12-08 21:21:11 36352 ----a-w- c:\windows\system32\drivers\OLDB7.tmp

2010-12-08 21:21:05 36352 ----a-w- c:\windows\system32\drivers\OLDB4.tmp

2010-12-08 21:20:59 36352 ----a-w- c:\windows\system32\drivers\OLDB1.tmp

2010-12-08 21:20:53 36352 ----a-w- c:\windows\system32\drivers\OLDAE.tmp

2010-12-08 21:20:47 36352 ----a-w- c:\windows\system32\drivers\OLDAB.tmp

2010-12-08 21:20:42 36352 ----a-w- c:\windows\system32\drivers\OLDA8.tmp

2010-12-08 21:20:36 36352 ----a-w- c:\windows\system32\drivers\OLDA5.tmp

2010-12-08 21:20:30 36352 ----a-w- c:\windows\system32\drivers\OLDA2.tmp

2010-12-08 21:20:24 36352 ----a-w- c:\windows\system32\drivers\OLD9F.tmp

2010-12-08 21:20:18 36352 ----a-w- c:\windows\system32\drivers\OLD9C.tmp

2010-12-08 21:20:13 36352 ----a-w- c:\windows\system32\drivers\OLD99.tmp

2010-12-08 21:20:07 36352 ----a-w- c:\windows\system32\drivers\OLD96.tmp

2010-12-08 21:20:01 36352 ----a-w- c:\windows\system32\drivers\OLD93.tmp

2010-12-08 21:19:55 36352 ----a-w- c:\windows\system32\drivers\OLD90.tmp

2010-12-08 21:19:49 36352 ----a-w- c:\windows\system32\drivers\OLD8D.tmp

2010-12-08 21:19:43 36352 ----a-w- c:\windows\system32\drivers\OLD8A.tmp

2010-12-08 21:19:38 36352 ----a-w- c:\windows\system32\drivers\OLD87.tmp

2010-12-08 21:19:32 36352 ----a-w- c:\windows\system32\drivers\OLD84.tmp

2010-12-08 21:19:27 36352 ----a-w- c:\windows\system32\drivers\OLD81.tmp

2010-12-08 21:19:21 36352 ----a-w- c:\windows\system32\drivers\OLD7E.tmp

2010-12-08 21:19:15 36352 ----a-w- c:\windows\system32\drivers\OLD7B.tmp

2010-12-08 21:19:09 36352 ----a-w- c:\windows\system32\drivers\OLD78.tmp

2010-12-08 21:19:03 36352 ----a-w- c:\windows\system32\drivers\OLD75.tmp

2010-12-08 21:18:57 36352 ----a-w- c:\windows\system32\drivers\OLD72.tmp

2010-12-08 21:18:51 36352 ----a-w- c:\windows\system32\drivers\OLD6F.tmp

2010-12-08 21:18:45 36352 ----a-w- c:\windows\system32\drivers\OLD6C.tmp

2010-12-08 21:18:40 36352 ----a-w- c:\windows\system32\drivers\OLD69.tmp

2010-12-08 21:18:34 36352 ----a-w- c:\windows\system32\drivers\OLD66.tmp

2010-12-08 21:18:28 36352 ----a-w- c:\windows\system32\drivers\OLD63.tmp

2010-12-08 21:18:23 36352 ----a-w- c:\windows\system32\drivers\OLD60.tmp

2010-12-08 21:18:17 36352 ----a-w- c:\windows\system32\drivers\OLD5D.tmp

2010-12-08 21:18:11 36352 ----a-w- c:\windows\system32\drivers\OLD5A.tmp

2010-12-08 21:18:06 36352 ----a-w- c:\windows\system32\drivers\OLD57.tmp

2010-12-08 21:18:00 36352 ----a-w- c:\windows\system32\drivers\OLD54.tmp

2010-12-08 21:17:54 36352 ----a-w- c:\windows\system32\drivers\OLD51.tmp

2010-12-08 21:17:49 36352 ----a-w- c:\windows\system32\drivers\OLD4E.tmp

2010-12-08 21:17:43 36352 ----a-w- c:\windows\system32\drivers\OLD4B.tmp

2010-12-08 21:17:37 36352 ----a-w- c:\windows\system32\drivers\OLD48.tmp

2010-12-08 21:17:31 36352 ----a-w- c:\windows\system32\drivers\OLD45.tmp

2010-12-08 21:17:25 36352 ----a-w- c:\windows\system32\drivers\OLD42.tmp

2010-12-08 21:17:19 36352 ----a-w- c:\windows\system32\drivers\OLD3F.tmp

2010-12-08 21:17:13 36352 ----a-w- c:\windows\system32\drivers\OLD3C.tmp

2010-12-08 21:17:08 36352 ----a-w- c:\windows\system32\drivers\OLD39.tmp

2010-12-08 21:17:02 36352 ----a-w- c:\windows\system32\drivers\OLD36.tmp

2010-12-08 21:16:56 36352 ----a-w- c:\windows\system32\drivers\OLD33.tmp

2010-12-08 21:16:50 36352 ----a-w- c:\windows\system32\drivers\OLD30.tmp

2010-12-08 21:16:45 36352 ----a-w- c:\windows\system32\drivers\OLD2D.tmp

2010-12-08 21:16:39 36352 ----a-w- c:\windows\system32\drivers\OLD2A.tmp

2010-12-08 21:16:33 36352 ----a-w- c:\windows\system32\drivers\OLD27.tmp

2010-12-08 21:16:27 36352 ----a-w- c:\windows\system32\drivers\OLD24.tmp

2010-12-08 21:16:21 36352 ----a-w- c:\windows\system32\drivers\OLD21.tmp

2010-12-08 21:16:15 36352 ----a-w- c:\windows\system32\drivers\OLD1E.tmp

2010-12-08 21:16:09 36352 ----a-w- c:\windows\system32\drivers\OLD1B.tmp

2010-12-08 21:16:03 36352 ----a-w- c:\windows\system32\drivers\OLD18.tmp

2010-12-08 21:15:56 36352 ----a-w- c:\windows\system32\drivers\OLD15.tmp

2010-12-08 21:15:56 36352 ----a-w- c:\windows\system32\drivers\OLD11.tmp

2010-12-08 19:48:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-08 19:48:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-08 19:48:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2004-08-10 04:30:22 40960 ----a-w- c:\program files\Uninstall_CDS.exe

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: ST912082 rev.3.04 -> Harddisk0\DR0 -> \Device\Scsi\UlSata1

device: opened successfully

user: MBR read successfully

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89E6DAC8]<<

c:\windows\system32\drivers\disk.sys

_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x50; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x88b827f8; SUB DWORD [EBP-0x4], 0x88b82100; PUSH EDI; CALL 0xffffffffffffe127; }

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A7D49C0]

3 CLASSPNP[0xBA908FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A80CA38]

[0x8A85D1B8] -> IRP_MJ_CREATE -> 0x89E6DAC8

error: Read The system cannot find the file specified.

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

\Device\Scsi\UlSata1Port1Path0Target4Lun0 -> \??\SCSI#Disk&Ven_ST912082&Prod_1A&Rev_3.04#5&1c766acb&0&040#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

============= FINISH: 21:29:57.98 ===============

Attach.zip

Link to post
Share on other sites

Hello sadlaptop! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, change it to Cure and then click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

In your next reply, please include these log(s):

  1. TDSSKiller log
  2. a new fresh DDS log only

Link to post
Share on other sites

Hi Maniac,

Thank you for your assistance. A couple of things to note: I did have to install winzip prior to posting the files in my initial post. Also, during the TDSKiller run, I received a couple of Norton pop-ups that flashed quickly "backdoor.tidserv.I!inf blocked"

I have pasted the contents of bot logs below:

TDSKiller log:

2010/12/13 14:50:02.0265 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40

2010/12/13 14:50:02.0265 ================================================================================

2010/12/13 14:50:02.0265 SystemInfo:

2010/12/13 14:50:02.0265

2010/12/13 14:50:02.0265 OS Version: 5.1.2600 ServicePack: 3.0

2010/12/13 14:50:02.0265 Product type: Workstation

2010/12/13 14:50:02.0265 ComputerName: AUTHORIZ-337800

2010/12/13 14:50:02.0265 UserName: Authorized User

2010/12/13 14:50:02.0265 Windows directory: C:\WINDOWS

2010/12/13 14:50:02.0265 System windows directory: C:\WINDOWS

2010/12/13 14:50:02.0265 Processor architecture: Intel x86

2010/12/13 14:50:02.0265 Number of processors: 2

2010/12/13 14:50:02.0265 Page size: 0x1000

2010/12/13 14:50:02.0265 Boot type: Normal boot

2010/12/13 14:50:02.0265 ================================================================================

2010/12/13 14:50:03.0546 !crdlk

2010/12/13 14:50:03.0703 Initialize success

2010/12/13 14:50:13.0421 ================================================================================

2010/12/13 14:50:13.0421 Scan started

2010/12/13 14:50:13.0421 Mode: Manual;

2010/12/13 14:50:13.0421 ================================================================================

2010/12/13 14:50:14.0390 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/12/13 14:50:14.0609 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2010/12/13 14:50:14.0750 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/12/13 14:50:14.0843 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/12/13 14:50:15.0015 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/12/13 14:50:15.0140 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/12/13 14:50:15.0187 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/12/13 14:50:15.0343 ati2mtag (1a12941c75be2003286c7787f21a7f81) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2010/12/13 14:50:15.0515 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/12/13 14:50:15.0609 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/12/13 14:50:15.0703 BCM43XX (ba58cf7f9e8243f19c3eed2f2dcec770) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

2010/12/13 14:50:15.0843 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/12/13 14:50:16.0171 BHDrvx86 (83a2fec59a0a0fc73bf6598e901b2fbd) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101123.003\BHDrvx86.sys

2010/12/13 14:50:16.0375 brfilt (4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\system32\Drivers\Brfilt.sys

2010/12/13 14:50:16.0453 BrPar (4a26f3d9d8a3383b236ad5989ab8e8e5) C:\WINDOWS\system32\Drivers\BrPar.sys

2010/12/13 14:50:16.0515 BrSerWDM (8e06cd96e00472c03770a697d04031c0) C:\WINDOWS\system32\Drivers\BrSerWdm.sys

2010/12/13 14:50:16.0593 BrUsbMdm (37e2d0b12ddf536cd64af6eb3b580ef8) C:\WINDOWS\system32\Drivers\BrUsbMdm.sys

2010/12/13 14:50:16.0734 BrUsbScn (1c5f014048e5b2748c1a8ad297c50b6f) C:\WINDOWS\system32\Drivers\BrUsbScn.sys

2010/12/13 14:50:16.0843 Cam5603C (5247534b82fa855f22f98b28e3e48de9) C:\WINDOWS\system32\Drivers\Bs350u2.sys

2010/12/13 14:50:16.0937 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/12/13 14:50:17.0078 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/12/13 14:50:17.0250 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys

2010/12/13 14:50:17.0375 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/12/13 14:50:17.0406 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/12/13 14:50:17.0484 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/12/13 14:50:17.0546 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2010/12/13 14:50:17.0578 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2010/12/13 14:50:17.0781 Disk (b0217934035a7c5ce9ae14ac1252a12d) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/12/13 14:50:17.0828 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\disk.sys. Real md5: b0217934035a7c5ce9ae14ac1252a12d, Fake md5: 044452051f3e02e7963599fc8f4f3e25

2010/12/13 14:50:17.0843 Disk - detected Rootkit.Win32.TDSS.tdl3 (0)

2010/12/13 14:50:17.0921 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/12/13 14:50:18.0046 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/12/13 14:50:18.0062 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/12/13 14:50:18.0125 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/12/13 14:50:18.0265 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys

2010/12/13 14:50:18.0437 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/12/13 14:50:18.0796 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

2010/12/13 14:50:18.0937 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

2010/12/13 14:50:19.0125 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/12/13 14:50:19.0171 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/12/13 14:50:19.0203 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/12/13 14:50:19.0281 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2010/12/13 14:50:19.0359 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/12/13 14:50:19.0421 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/12/13 14:50:19.0468 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/12/13 14:50:19.0531 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

2010/12/13 14:50:19.0625 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/12/13 14:50:19.0734 Hardlock (c1cc0c9742b881c42f1cc628e6f9ebd1) C:\WINDOWS\system32\drivers\hardlock.sys

2010/12/13 14:50:19.0796 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys

2010/12/13 14:50:19.0890 HdAudAddService (9131ede087af04a7d80f7ebadc164254) C:\WINDOWS\system32\drivers\HdAudio.sys

2010/12/13 14:50:20.0000 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/12/13 14:50:20.0046 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/12/13 14:50:20.0140 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/12/13 14:50:20.0218 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/12/13 14:50:20.0593 IDSxpx86 (0308238c582a55d83d34feee39542793) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101210.001\IDSxpx86.sys

2010/12/13 14:50:20.0718 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/12/13 14:50:20.0937 IntcAzAudAddService (b2b7af5dc5e1b6b171dfda681d105c7c) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2010/12/13 14:50:21.0078 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2010/12/13 14:50:21.0140 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/12/13 14:50:21.0234 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/12/13 14:50:21.0281 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/12/13 14:50:21.0296 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/12/13 14:50:21.0343 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/12/13 14:50:21.0375 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/12/13 14:50:21.0406 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys

2010/12/13 14:50:21.0437 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/12/13 14:50:21.0484 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/12/13 14:50:21.0515 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/12/13 14:50:21.0609 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/12/13 14:50:21.0671 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/12/13 14:50:21.0781 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys

2010/12/13 14:50:21.0875 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/12/13 14:50:21.0906 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/12/13 14:50:21.0984 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

2010/12/13 14:50:22.0031 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/12/13 14:50:22.0125 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/12/13 14:50:22.0156 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/12/13 14:50:22.0187 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/12/13 14:50:22.0250 MRxSmb (421f7b922cec5a5f340e7574a98f7b7c) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/12/13 14:50:22.0312 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/12/13 14:50:22.0359 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/12/13 14:50:22.0375 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/12/13 14:50:22.0421 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/12/13 14:50:22.0500 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/12/13 14:50:22.0546 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/12/13 14:50:22.0750 Mtlmnt5 (c81a67d4b4c1748aaa496605822f5261) C:\WINDOWS\system32\DRIVERS\SLDRV\Mtlmnt5.sys

2010/12/13 14:50:22.0890 Mtlstrm (6fe3986e727919f7ded38ae00bea954f) C:\WINDOWS\system32\DRIVERS\SLDRV\Mtlstrm.sys

2010/12/13 14:50:23.0000 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/12/13 14:50:23.0046 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/12/13 14:50:23.0437 NAVENG (01543b4f5b6fdac6761910ce44aff3f8) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101212.002\NAVENG.SYS

2010/12/13 14:50:23.0656 NAVEX15 (38814ee261cfc76ded4b5647fc082826) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101212.002\NAVEX15.SYS

2010/12/13 14:50:23.0843 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/12/13 14:50:23.0890 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/12/13 14:50:23.0937 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/12/13 14:50:23.0968 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/12/13 14:50:24.0000 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/12/13 14:50:24.0015 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/12/13 14:50:24.0046 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/12/13 14:50:24.0093 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/12/13 14:50:24.0140 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/12/13 14:50:24.0171 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/12/13 14:50:24.0203 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys

2010/12/13 14:50:24.0296 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/12/13 14:50:24.0343 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/12/13 14:50:24.0406 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/12/13 14:50:24.0437 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/12/13 14:50:24.0484 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/12/13 14:50:24.0562 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/12/13 14:50:24.0656 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/12/13 14:50:24.0906 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/12/13 14:50:24.0984 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/12/13 14:50:25.0062 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/12/13 14:50:25.0093 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2010/12/13 14:50:25.0343 pfc (957b82ec80ad7ead64e5e47df6b0dc40) C:\WINDOWS\system32\drivers\pfc.sys

2010/12/13 14:50:25.0437 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/12/13 14:50:25.0484 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/12/13 14:50:25.0515 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/12/13 14:50:25.0718 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/12/13 14:50:25.0781 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys

2010/12/13 14:50:25.0812 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/12/13 14:50:25.0828 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/12/13 14:50:25.0875 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/12/13 14:50:25.0937 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/12/13 14:50:25.0953 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/12/13 14:50:26.0000 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/12/13 14:50:26.0109 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/12/13 14:50:26.0187 RecAgent (f846aa089b10316d982f24322e15346b) C:\WINDOWS\system32\DRIVERS\SLDRV\RecAgent.sys

2010/12/13 14:50:26.0250 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/12/13 14:50:26.0359 RTL8023xp (4a0ae7891fcf74acc848b109294cb80f) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys

2010/12/13 14:50:26.0453 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/12/13 14:50:26.0546 Sentinel (8627c992b8a80504fc477b2e8ff8ec4f) C:\WINDOWS\System32\Drivers\SENTINEL.SYS

2010/12/13 14:50:26.0640 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/12/13 14:50:26.0703 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/12/13 14:50:26.0781 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

2010/12/13 14:50:26.0859 Slazldrv (e1094e4418d01ce6ffce1841340d1eb4) C:\WINDOWS\system32\DRIVERS\SLDRV\slazldrv.sys

2010/12/13 14:50:26.0921 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/12/13 14:50:26.0953 SlNtHal (a2b07b03c7964a945a796632817d6b7f) C:\WINDOWS\system32\DRIVERS\SLDRV\Slnthal.sys

2010/12/13 14:50:27.0000 SlWdmSup (92544868d0b8ff6500e90d968ff1caed) C:\WINDOWS\system32\DRIVERS\SLDRV\SlWdmSup.sys

2010/12/13 14:50:27.0046 Sntnlusb (87f799c486302aceff098e067d481d9c) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS

2010/12/13 14:50:27.0109 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/12/13 14:50:27.0156 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/12/13 14:50:27.0375 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS

2010/12/13 14:50:27.0453 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS

2010/12/13 14:50:27.0562 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/12/13 14:50:27.0625 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/12/13 14:50:27.0671 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/12/13 14:50:27.0703 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/12/13 14:50:27.0875 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS

2010/12/13 14:50:27.0968 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS

2010/12/13 14:50:28.0062 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

2010/12/13 14:50:28.0156 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS

2010/12/13 14:50:28.0265 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys

2010/12/13 14:50:28.0421 SYMTDI (41aad61f87ca8e3b5d0f7fe7fba0797d) C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS

2010/12/13 14:50:28.0578 SynTP (062e75f20d9bdca40344d85262f74748) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2010/12/13 14:50:28.0671 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/12/13 14:50:28.0718 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/12/13 14:50:28.0781 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/12/13 14:50:28.0843 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/12/13 14:50:28.0921 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/12/13 14:50:29.0000 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/12/13 14:50:29.0062 UlSata (fd565ddf31f857828606b69b050d9d09) C:\WINDOWS\system32\drivers\UlSata.sys

2010/12/13 14:50:29.0171 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/12/13 14:50:29.0296 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/12/13 14:50:29.0328 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/12/13 14:50:29.0390 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/12/13 14:50:29.0468 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/12/13 14:50:29.0562 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/12/13 14:50:29.0609 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/12/13 14:50:29.0656 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/12/13 14:50:29.0687 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/12/13 14:50:29.0734 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/12/13 14:50:29.0796 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/12/13 14:50:29.0859 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/12/13 14:50:29.0921 WinDriver (c365e01f5c6d288bb847a20a6c9f6252) C:\WINDOWS\System32\drivers\windrvr.sys

2010/12/13 14:50:30.0015 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2010/12/13 14:50:30.0093 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/12/13 14:50:30.0156 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/12/13 14:50:30.0859 ================================================================================

2010/12/13 14:50:30.0859 Scan finished

2010/12/13 14:50:30.0859 ================================================================================

2010/12/13 14:50:30.0875 Detected object count: 1

2010/12/13 14:52:33.0531 C:\WINDOWS\system32\DRIVERS\disk.sys - processing error

2010/12/13 14:52:33.0531 Rootkit.Win32.TDSS.tdl3(Disk) - User select action: Cure

DDS Log:

DDS (Ver_10-12-05.01) - NTFSx86

Run by Authorized User at 14:54:49.04 on Mon 12/13/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1146 [GMT -5:00]

AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\mHotkey.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\progra~1\scansoft\paperp~1\pptd40nt.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\BRMFRSMG.EXE

C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe

C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe

C:\Documents and Settings\Authorized User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll

BHO: FlpLauncher Class: {4401fdc3-7996-4774-8d2b-c1ae9cd6cc25} - c:\program files\e-book systems\flipalbum 6 pro\FpLaunch.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.3.0.5\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.3.0.5\IPSBHO.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.3.0.5\coIEPlg.dll

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"

uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10h_ActiveX.exe -update activex

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [CHotkey] mHotkey.exe

mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [Adobe Version Cue CS2] "c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe"

mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE

mRun: [PaperPort PTD] c:\progra~1\scansoft\paperp~1\pptd40nt.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

dRunOnce: [sWHelper] "c:\windows\system32\macromed\shockwave 10\PostUpdate.exe" 1014020

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

Trusted Zone: stumbleupon.com

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1250314071953

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-11-7 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-11-7 173104]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20101123.003\BHDrvx86.sys [2010-11-22 691248]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-11-7 501888]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-11-7 116784]

R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.3.0.5\ccsvchst.exe [2010-11-7 126392]

R2 WinDriver;WinDriver;c:\windows\system32\drivers\windrvr.sys [2006-9-17 90688]

R3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2009-9-30 2944]

R3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2009-9-30 60416]

R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2009-9-30 11008]

R3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2009-9-30 10368]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-27 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20101210.001\IDSXpx86.sys [2010-12-13 341944]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20101212.002\NAVENG.SYS [2010-12-13 86136]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20101212.002\NAVEX15.SYS [2010-12-13 1360248]

R3 Slazldrv;SmartLink AMR_PCI Driver;c:\windows\system32\drivers\sldrv\slazldrv.sys [2005-4-29 230448]

S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]

S3 diskchk;diskchk;\??\c:\windows\system32\diskchk.sys --> c:\windows\system32\diskchk.sys [?]

=============== Created Last 30 ================

2010-12-08 19:48:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-08 19:48:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-08 19:48:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2004-08-10 04:30:22 40960 ----a-w- c:\program files\Uninstall_CDS.exe

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: ST912082 rev.3.04 -> Harddisk0\DR0 -> \Device\Scsi\UlSata1

device: opened successfully

user: MBR read successfully

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89E7BAC8]<<

c:\windows\system32\drivers\disk.sys

_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x50; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x88b827f8; SUB DWORD [EBP-0x4], 0x88b82100; PUSH EDI; CALL 0xffffffffffffe127; }

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A83C9C0]

3 CLASSPNP[0xBA908FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A7FEA38]

[0x8A7F6030] -> IRP_MJ_CREATE -> 0x89E7BAC8

error: Read The system cannot find the file specified.

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

\Device\Scsi\UlSata1Port1Path0Target4Lun0 -> \??\SCSI#Disk&Ven_ST912082&Prod_1A&Rev_3.04#5&1c766acb&0&040#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

============= FINISH: 14:57:12.39 ===============

Link to post
Share on other sites

Thanks!

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

All done! One thing to note is that combi-fix downloaded and installed "Microsoft Windows Recovery Console" as part of the process. Everything else ran fine.

Here are the contents of the combo-fix.txt file:

ComboFix 10-12-14.07 - Authorized User 12/15/2010 9:50.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1261 [GMT -5:00]

Running from: c:\documents and settings\Authorized User\Desktop\Combo-Fix.exe

AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\drivers\wdreg.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_6TO4

-------\Legacy_WINDRIVER

-------\Service_WinDriver

((((((((((((((((((((((((( Files Created from 2010-11-15 to 2010-12-15 )))))))))))))))))))))))))))))))

.

2010-12-14 02:07 . 2010-12-14 02:07 1409 ----a-w- c:\windows\QTFont.for

2010-12-13 16:19 . 2010-12-13 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip

2010-12-12 15:27 . 2010-12-12 15:27 -------- d-----w- c:\documents and settings\Authorized User\Application Data\Ahead

2010-12-08 19:48 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-08 19:48 . 2010-12-08 19:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-12-08 19:48 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-15 01:43 . 2010-07-21 00:21 36352 ----a-w- c:\windows\system32\drivers\disk.sys

2004-08-10 04:30 . 2006-07-22 23:42 40960 ----a-w- c:\program files\Uninstall_CDS.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]

"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-22 1871872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-20 339968]

"CHotkey"="mHotkey.exe" [2001-12-26 472576]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-04-29 102490]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-04-29 708698]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064]

"PaperPort PTD"="c:\progra~1\scansoft\paperp~1\pptd40nt.exe" [2001-04-02 26624]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-08-12 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SWHelper"="c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe" [2010-12-14 53248]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk

backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk

backup=c:\windows\pss\Adobe Gamma.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer for HDD Camcorder.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ImageMixer for HDD Camcorder.lnk

backup=c:\windows\pss\ImageMixer for HDD Camcorder.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-04-29 07:58 57344 ----a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]

2005-04-29 07:58 2748928 ----a-w- c:\windows\ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

2004-08-12 22:45 61952 ------w- c:\windows\system32\Hdaudpropshortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]

2008-05-09 18:37 323216 ----a-w- c:\program files\Napster\napster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2006-08-12 09:56 282624 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2005-04-29 07:58 77824 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2006-11-21 18:27 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [11/7/2010 4:53 PM 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [11/7/2010 4:53 PM 173104]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [11/22/2010 9:20 PM 691248]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [11/7/2010 4:53 PM 501888]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [11/7/2010 4:53 PM 116784]

R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe [11/7/2010 4:53 PM 126392]

R3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [9/30/2009 1:31 PM 2944]

R3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [9/30/2009 1:31 PM 60416]

R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [9/30/2009 1:31 PM 11008]

R3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [9/30/2009 1:31 PM 10368]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/27/2010 2:26 PM 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101213.001\IDSXpx86.sys [12/14/2010 8:14 PM 341944]

R3 Slazldrv;SmartLink AMR_PCI Driver;c:\windows\system32\drivers\SLDRV\slazldrv.sys [4/29/2005 2:58 AM 230448]

S3 diskchk;diskchk;\??\c:\windows\system32\diskchk.sys --> c:\windows\system32\diskchk.sys [?]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uDefault_Search_URL = hxxp://www.google.com/ie

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: stumbleupon.com

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

- - - - ORPHANS REMOVED - - - -

SafeBoot-mcmscsvc

SafeBoot-MCODS

MSConfigStartUp-AnyDVD - c:\program files\SlySoft\AnyDVD\AnyDVD.exe

MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe

MSConfigStartUp-updateMgr - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-15 10:10

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: ST912082 rev.3.04 -> Harddisk0\DR0 -> \Device\Scsi\UlSata1

device: opened successfully

user: MBR read successfully

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89E77AC8]<<

_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x50; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x88b827f8; SUB DWORD [EBP-0x4], 0x88b82100; PUSH EDI; CALL 0xffffffffffffe127; }

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A7F3AB8]

3 CLASSPNP[0xBA908FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A829A38]

[0x8A81A768] -> IRP_MJ_CREATE -> 0x89E77AC8

error: Read The system cannot find the file specified.

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

\Device\Scsi\UlSata1Port1Path0Target4Lun0 -> \??\SCSI#Disk&Ven_ST912082&Prod_1A&Rev_3.04#5&1c766acb&0&040#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360]

"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1957994488-879983540-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-1957994488-879983540-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F5F475EF-5038-98D5-A154-556ED5EFB4B2}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"iacebnnplinhcfphob"=hex:6b,61,6c,67,6b,6e,6e,67,6a,61,70,64,67,65,69,6a,64,6e,

6d,6c,6f,6f,00,00

"haiedonmbidfllgo"=hex:6b,61,6c,67,6b,6e,6e,67,6a,61,70,64,67,65,69,6a,64,6e,

6d,6c,6f,6f,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]

"Version"=hex:cb,68,56,c2,a1,48,be,6c,57,f4,22,c9,ac,9c,dc,e5,0b,8a,d4,c6,a5,

e3,eb,9d,9a,2e,e2,02,5c,75,9f,ed,51,56,9c,4b,d3,71,f9,43,1b,32,a0,f9,b8,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\

Link to post
Share on other sites

Delete your copy of TDSSKiller and try again.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, change it to Cure and then click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

Link to post
Share on other sites

I've completed the delete and reinstall. Below are the results ( there was not prompt to be rebooted):

2010/12/15 17:19:02.0503 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40

2010/12/15 17:19:02.0503 ================================================================================

2010/12/15 17:19:02.0503 SystemInfo:

2010/12/15 17:19:02.0503

2010/12/15 17:19:02.0503 OS Version: 5.1.2600 ServicePack: 3.0

2010/12/15 17:19:02.0503 Product type: Workstation

2010/12/15 17:19:02.0503 ComputerName: AUTHORIZ-337800

2010/12/15 17:19:02.0503 UserName: Authorized User

2010/12/15 17:19:02.0503 Windows directory: C:\WINDOWS

2010/12/15 17:19:02.0503 System windows directory: C:\WINDOWS

2010/12/15 17:19:02.0503 Processor architecture: Intel x86

2010/12/15 17:19:02.0503 Number of processors: 2

2010/12/15 17:19:02.0503 Page size: 0x1000

2010/12/15 17:19:02.0503 Boot type: Normal boot

2010/12/15 17:19:02.0503 ================================================================================

2010/12/15 17:19:03.0347 !crdlk

2010/12/15 17:19:03.0441 Initialize success

2010/12/15 17:19:05.0644 ================================================================================

2010/12/15 17:19:05.0644 Scan started

2010/12/15 17:19:05.0644 Mode: Manual;

2010/12/15 17:19:05.0644 ================================================================================

2010/12/15 17:19:07.0144 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/12/15 17:19:07.0207 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2010/12/15 17:19:07.0300 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/12/15 17:19:07.0378 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/12/15 17:19:07.0535 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/12/15 17:19:07.0644 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/12/15 17:19:07.0691 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/12/15 17:19:07.0847 ati2mtag (1a12941c75be2003286c7787f21a7f81) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2010/12/15 17:19:08.0113 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/12/15 17:19:08.0191 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/12/15 17:19:08.0253 BCM43XX (ba58cf7f9e8243f19c3eed2f2dcec770) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

2010/12/15 17:19:08.0316 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/12/15 17:19:08.0785 BHDrvx86 (83a2fec59a0a0fc73bf6598e901b2fbd) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101123.003\BHDrvx86.sys

2010/12/15 17:19:08.0863 brfilt (4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\system32\Drivers\Brfilt.sys

2010/12/15 17:19:08.0925 BrPar (4a26f3d9d8a3383b236ad5989ab8e8e5) C:\WINDOWS\system32\Drivers\BrPar.sys

2010/12/15 17:19:08.0972 BrSerWDM (8e06cd96e00472c03770a697d04031c0) C:\WINDOWS\system32\Drivers\BrSerWdm.sys

2010/12/15 17:19:08.0988 BrUsbMdm (37e2d0b12ddf536cd64af6eb3b580ef8) C:\WINDOWS\system32\Drivers\BrUsbMdm.sys

2010/12/15 17:19:09.0035 BrUsbScn (1c5f014048e5b2748c1a8ad297c50b6f) C:\WINDOWS\system32\Drivers\BrUsbScn.sys

2010/12/15 17:19:09.0128 Cam5603C (5247534b82fa855f22f98b28e3e48de9) C:\WINDOWS\system32\Drivers\Bs350u2.sys

2010/12/15 17:19:09.0207 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/12/15 17:19:09.0285 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/12/15 17:19:09.0378 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys

2010/12/15 17:19:09.0457 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/12/15 17:19:09.0488 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/12/15 17:19:09.0566 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/12/15 17:19:09.0613 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2010/12/15 17:19:09.0660 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2010/12/15 17:19:09.0769 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/12/15 17:19:09.0847 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/12/15 17:19:09.0957 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/12/15 17:19:09.0972 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/12/15 17:19:10.0003 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/12/15 17:19:10.0066 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys

2010/12/15 17:19:10.0144 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/12/15 17:19:10.0472 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

2010/12/15 17:19:10.0582 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

2010/12/15 17:19:10.0644 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/12/15 17:19:10.0675 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/12/15 17:19:10.0707 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/12/15 17:19:10.0738 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2010/12/15 17:19:10.0816 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/12/15 17:19:10.0832 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/12/15 17:19:10.0863 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/12/15 17:19:10.0941 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

2010/12/15 17:19:10.0972 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/12/15 17:19:11.0082 Hardlock (c1cc0c9742b881c42f1cc628e6f9ebd1) C:\WINDOWS\system32\drivers\hardlock.sys

2010/12/15 17:19:11.0144 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys

2010/12/15 17:19:11.0191 HdAudAddService (9131ede087af04a7d80f7ebadc164254) C:\WINDOWS\system32\drivers\HdAudio.sys

2010/12/15 17:19:11.0269 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/12/15 17:19:11.0300 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/12/15 17:19:11.0394 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/12/15 17:19:11.0457 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/12/15 17:19:11.0800 IDSxpx86 (0308238c582a55d83d34feee39542793) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101213.001\IDSxpx86.sys

2010/12/15 17:19:11.0957 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/12/15 17:19:12.0160 IntcAzAudAddService (b2b7af5dc5e1b6b171dfda681d105c7c) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2010/12/15 17:19:12.0316 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2010/12/15 17:19:12.0394 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/12/15 17:19:12.0472 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/12/15 17:19:12.0519 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/12/15 17:19:12.0566 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/12/15 17:19:12.0628 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/12/15 17:19:12.0660 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/12/15 17:19:12.0753 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys

2010/12/15 17:19:12.0785 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/12/15 17:19:12.0832 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/12/15 17:19:12.0863 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/12/15 17:19:12.0910 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/12/15 17:19:12.0957 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/12/15 17:19:13.0050 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys

2010/12/15 17:19:13.0128 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/12/15 17:19:13.0160 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/12/15 17:19:13.0207 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

2010/12/15 17:19:13.0253 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/12/15 17:19:13.0472 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/12/15 17:19:13.0519 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/12/15 17:19:13.0550 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/12/15 17:19:13.0613 MRxSmb (421f7b922cec5a5f340e7574a98f7b7c) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/12/15 17:19:13.0660 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/12/15 17:19:13.0691 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/12/15 17:19:13.0738 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/12/15 17:19:13.0800 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/12/15 17:19:13.0863 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/12/15 17:19:13.0925 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/12/15 17:19:14.0019 Mtlmnt5 (c81a67d4b4c1748aaa496605822f5261) C:\WINDOWS\system32\DRIVERS\SLDRV\Mtlmnt5.sys

2010/12/15 17:19:14.0097 Mtlstrm (6fe3986e727919f7ded38ae00bea954f) C:\WINDOWS\system32\DRIVERS\SLDRV\Mtlstrm.sys

2010/12/15 17:19:14.0207 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/12/15 17:19:14.0222 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/12/15 17:19:14.0582 NAVENG (01543b4f5b6fdac6761910ce44aff3f8) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101215.003\NAVENG.SYS

2010/12/15 17:19:14.0753 NAVEX15 (38814ee261cfc76ded4b5647fc082826) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101215.003\NAVEX15.SYS

2010/12/15 17:19:14.0941 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/12/15 17:19:14.0972 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/12/15 17:19:15.0019 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/12/15 17:19:15.0050 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/12/15 17:19:15.0082 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/12/15 17:19:15.0113 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/12/15 17:19:15.0144 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/12/15 17:19:15.0175 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/12/15 17:19:15.0253 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/12/15 17:19:15.0269 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/12/15 17:19:15.0285 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys

2010/12/15 17:19:15.0363 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/12/15 17:19:15.0441 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/12/15 17:19:15.0503 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/12/15 17:19:15.0535 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/12/15 17:19:15.0613 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/12/15 17:19:15.0644 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/12/15 17:19:15.0675 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/12/15 17:19:15.0722 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/12/15 17:19:15.0738 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/12/15 17:19:15.0785 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/12/15 17:19:15.0816 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2010/12/15 17:19:16.0035 pfc (957b82ec80ad7ead64e5e47df6b0dc40) C:\WINDOWS\system32\drivers\pfc.sys

2010/12/15 17:19:16.0097 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/12/15 17:19:16.0128 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/12/15 17:19:16.0175 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/12/15 17:19:16.0316 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/12/15 17:19:16.0394 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys

2010/12/15 17:19:16.0425 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/12/15 17:19:16.0457 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/12/15 17:19:16.0472 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/12/15 17:19:16.0535 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/12/15 17:19:16.0566 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/12/15 17:19:16.0613 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/12/15 17:19:16.0660 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/12/15 17:19:16.0722 RecAgent (f846aa089b10316d982f24322e15346b) C:\WINDOWS\system32\DRIVERS\SLDRV\RecAgent.sys

2010/12/15 17:19:16.0816 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/12/15 17:19:16.0910 RTL8023xp (4a0ae7891fcf74acc848b109294cb80f) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys

2010/12/15 17:19:16.0988 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/12/15 17:19:17.0050 Sentinel (8627c992b8a80504fc477b2e8ff8ec4f) C:\WINDOWS\System32\Drivers\SENTINEL.SYS

2010/12/15 17:19:17.0097 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/12/15 17:19:17.0113 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/12/15 17:19:17.0160 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

2010/12/15 17:19:17.0253 Slazldrv (e1094e4418d01ce6ffce1841340d1eb4) C:\WINDOWS\system32\DRIVERS\SLDRV\slazldrv.sys

2010/12/15 17:19:17.0285 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/12/15 17:19:17.0347 SlNtHal (a2b07b03c7964a945a796632817d6b7f) C:\WINDOWS\system32\DRIVERS\SLDRV\Slnthal.sys

2010/12/15 17:19:17.0378 SlWdmSup (92544868d0b8ff6500e90d968ff1caed) C:\WINDOWS\system32\DRIVERS\SLDRV\SlWdmSup.sys

2010/12/15 17:19:17.0457 Sntnlusb (87f799c486302aceff098e067d481d9c) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS

2010/12/15 17:19:17.0519 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/12/15 17:19:17.0566 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/12/15 17:19:17.0675 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS

2010/12/15 17:19:17.0722 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS

2010/12/15 17:19:17.0800 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/12/15 17:19:17.0863 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/12/15 17:19:17.0894 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/12/15 17:19:17.0925 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/12/15 17:19:18.0050 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS

2010/12/15 17:19:18.0113 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS

2010/12/15 17:19:18.0207 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

2010/12/15 17:19:18.0316 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS

2010/12/15 17:19:18.0394 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys

2010/12/15 17:19:18.0472 SYMTDI (41aad61f87ca8e3b5d0f7fe7fba0797d) C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS

2010/12/15 17:19:18.0613 SynTP (062e75f20d9bdca40344d85262f74748) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2010/12/15 17:19:18.0691 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/12/15 17:19:18.0753 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/12/15 17:19:18.0816 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/12/15 17:19:18.0847 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/12/15 17:19:18.0894 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/12/15 17:19:18.0972 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/12/15 17:19:19.0066 UlSata (fd565ddf31f857828606b69b050d9d09) C:\WINDOWS\system32\drivers\UlSata.sys

2010/12/15 17:19:19.0175 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/12/15 17:19:19.0238 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/12/15 17:19:19.0285 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/12/15 17:19:19.0363 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/12/15 17:19:19.0441 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/12/15 17:19:19.0488 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/12/15 17:19:19.0503 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/12/15 17:19:19.0535 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/12/15 17:19:19.0597 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/12/15 17:19:19.0644 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/12/15 17:19:19.0691 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/12/15 17:19:19.0753 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/12/15 17:19:19.0863 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2010/12/15 17:19:19.0910 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/12/15 17:19:19.0972 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/12/15 17:19:20.0160 ================================================================================

2010/12/15 17:19:20.0160 Scan finished

2010/12/15 17:19:20.0160 ================================================================================

Link to post
Share on other sites

Please download to your Desktop: Dr.Web CureIt

  • After the file has downloaded, disable your current Anti-Virus and disconnect from the Internet
  • Doubleclick the drweb-cureit.exe file, then click the Start button, then the OK button to perform an Express Scan.
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click on the Complete scan radio button.
  • Then click on the Settings menu on top, the select Change Settings or press the F9 key. You can also change the Language
  • Choose the Scanning tab and I recomend leaving the Heuristic analysis enabled (this can lead to False Positives though)
  • On the File types tab ensure you select All files
  • Click on the Actions tab and set the following:
    • Objects Infected objects = Cure, Incurable objects = Move, Suspicious objects = Report
    • Infected packages Archive = Move, E-mails = Report, Containers = Move
    • Malware Adware = Move, Dialers = Move, Jokes = Move, Riskware = Move, Hacktools = Move
    • Do not change the Rename extension - default is: #??
    • Leave the default save path for Moved files here: %USERPROFILE%\DoctorWeb\Quarantine\
    • Leave prompt on Action checked

    [*]On the Log file tab leave the Log to file checked.

    [*]Leave the log file path alone: %USERPROFILE%\DoctorWeb\CureIt.log

    [*]Log mode = Append

    [*]Encoding = ANSI

    [*]Details Leave Names of file packers and Statistics checked.

    [*]Limit log file size = 2048 KB and leave the check mark on the Maximum log file size.

    [*]On the General tab leave the Scan Priority on High

    [*]Click the Apply button at the bottom, and then the OK button.

    [*]On the right side under the Dr Web Anti-Virus Logo you will see 3 little buttons. Click the left VCR style Start button.

    [*]In this mode it will scan Boot sectors of all disks, All removable media, and all local drives

    [*]The more files and folders you have the longer the scan will take. On large drives it can take hours to complete.

    [*]When the Cure option is selected, an additional context menu will open. Select the necessary action of the program, if the curing fails.

    [*]Click 'Yes to all' if it asks if you want to cure/move the files.

    [*]This will move it to the %USERPROFILE%\DoctorWeb\Quarantine\ folder if it can't be cured. (in this case we need samples)

    [*]After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list

    [*]Save the report to your Desktop. The report will be called DrWeb.csv

    [*]Close Dr.Web Cureit.

    [*]Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

    [*]After reboot, post the contents of the log from Dr.Web you saved previously to your Desktop in your next reply.

    drweb.jpg

Link to post
Share on other sites

Here is the post from Dr.Web CureIt:

Process in memory: C:\WINDOWS\system32\svchost.exe:1604;;BackDoor.Tdss.565;Eradicated.;

Wdreg.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers;Dialer.Accessor.origin;Incurable.Moved.;

A0000054.exe;C:\System Volume Information\_restore{352575D3-11E6-4C3E-9D4E-B532F8A10805}\RP1;Dialer.Accessor.origin;Incurable.Moved.;

Thanks!

Link to post
Share on other sites

Thanks again for the help. I am going to be working late the next few days but will be back to my computer on monday morning. - Just wanted to let you know the reason i won't be able to respond until then.

Here are the dds contents after deleting the system restore points:

DDS (Ver_10-12-05.01) - NTFSx86

Run by Authorized User at 1:39:41.68 on Fri 12/17/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1314 [GMT -5:00]

AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\mHotkey.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\progra~1\scansoft\paperp~1\pptd40nt.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe

C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Authorized User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/

uDefault_Search_URL = hxxp://www.google.com/ie

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll

BHO: FlpLauncher Class: {4401fdc3-7996-4774-8d2b-c1ae9cd6cc25} - c:\program files\e-book systems\flipalbum 6 pro\FpLaunch.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.3.0.5\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.3.0.5\IPSBHO.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.3.0.5\coIEPlg.dll

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"

uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [CHotkey] mHotkey.exe

mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [Adobe Version Cue CS2] "c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe"

mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE

mRun: [PaperPort PTD] c:\progra~1\scansoft\paperp~1\pptd40nt.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

dRunOnce: [sWHelper] "c:\windows\system32\macromed\shockwave 10\PostUpdate.exe" 1014020

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

Trusted Zone: stumbleupon.com

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1250314071953

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-11-7 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-11-7 173104]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20101123.003\BHDrvx86.sys [2010-11-22 691248]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-11-7 501888]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-11-7 116784]

R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.3.0.5\ccsvchst.exe [2010-11-7 126392]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-27 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20101215.001\IDSXpx86.sys [2010-12-17 341944]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20101216.018\NAVENG.SYS [2010-12-17 86008]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20101216.018\NAVEX15.SYS [2010-12-17 1360760]

R3 Slazldrv;SmartLink AMR_PCI Driver;c:\windows\system32\drivers\sldrv\slazldrv.sys [2005-4-29 230448]

S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]

S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2009-9-30 2944]

S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2009-9-30 60416]

S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2009-9-30 11008]

S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2009-9-30 10368]

S3 diskchk;diskchk;\??\c:\windows\system32\diskchk.sys --> c:\windows\system32\diskchk.sys [?]

=============== Created Last 30 ================

2010-12-16 02:00:35 -------- d-----w- c:\documents and settings\authorized user\DoctorWeb

2010-12-15 14:45:43 -------- d-sha-r- C:\cmdcons

2010-12-15 14:36:52 98816 ----a-w- c:\windows\sed.exe

2010-12-15 14:36:52 89088 ----a-w- c:\windows\MBR.exe

2010-12-15 14:36:52 256512 ----a-w- c:\windows\PEV.exe

2010-12-15 14:36:52 161792 ----a-w- c:\windows\SWREG.exe

2010-12-14 02:07:21 1409 ----a-w- c:\windows\QTFont.for

2010-12-08 19:48:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-08 19:48:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-08 19:48:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2004-08-10 04:30:22 40960 ----a-w- c:\program files\Uninstall_CDS.exe

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: ST912082 rev.3.04 -> Harddisk0\DR0 -> \Device\Scsi\UlSata1

device: opened successfully

user: MBR read successfully

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89E68AC8]<<

_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x50; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x88b827f8; SUB DWORD [EBP-0x4], 0x88b82100; PUSH EDI; CALL 0xffffffffffffe127; }

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A83AAB8]

3 CLASSPNP[0xBA908FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A815A38]

[0x8A7F9DF8] -> IRP_MJ_CREATE -> 0x89E68AC8

error: Read The system cannot find the file specified.

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

\Device\Scsi\UlSata1Port1Path0Target4Lun0 -> \??\SCSI#Disk&Ven_ST912082&Prod_1A&Rev_3.04#5&1c766acb&0&040#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

============= FINISH: 1:41:52.92 ===============

Link to post
Share on other sites

Sure thing, here's the report I just ran...

DDS (Ver_10-12-05.01) - NTFSx86

Run by Authorized User at 10:30:58.48 on Mon 12/20/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1379 [GMT -5:00]

AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\mHotkey.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\progra~1\scansoft\paperp~1\pptd40nt.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\WINDOWS\system32\ctfmon.exe

svchost.exe

C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe

C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe

C:\Documents and Settings\Authorized User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/

uDefault_Search_URL = hxxp://www.google.com/ie

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll

BHO: FlpLauncher Class: {4401fdc3-7996-4774-8d2b-c1ae9cd6cc25} - c:\program files\e-book systems\flipalbum 6 pro\FpLaunch.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.3.0.5\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.3.0.5\IPSBHO.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.3.0.5\coIEPlg.dll

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"

uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [CHotkey] mHotkey.exe

mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [Adobe Version Cue CS2] "c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe"

mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE

mRun: [PaperPort PTD] c:\progra~1\scansoft\paperp~1\pptd40nt.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

dRunOnce: [sWHelper] "c:\windows\system32\macromed\shockwave 10\PostUpdate.exe" 1014020

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

Trusted Zone: stumbleupon.com

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1250314071953

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-11-7 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-11-7 173104]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20101123.003\BHDrvx86.sys [2010-11-22 691248]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-11-7 501888]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-11-7 116784]

R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.3.0.5\ccsvchst.exe [2010-11-7 126392]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-27 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20101215.001\IDSXpx86.sys [2010-12-17 341944]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20101216.018\NAVENG.SYS [2010-12-17 86008]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20101216.018\NAVEX15.SYS [2010-12-17 1360760]

R3 Slazldrv;SmartLink AMR_PCI Driver;c:\windows\system32\drivers\sldrv\slazldrv.sys [2005-4-29 230448]

S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]

S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2009-9-30 2944]

S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2009-9-30 60416]

S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2009-9-30 11008]

S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2009-9-30 10368]

S3 diskchk;diskchk;\??\c:\windows\system32\diskchk.sys --> c:\windows\system32\diskchk.sys [?]

=============== Created Last 30 ================

2010-12-16 02:00:35 -------- d-----w- c:\documents and settings\authorized user\DoctorWeb

2010-12-15 14:45:43 -------- d-sha-r- C:\cmdcons

2010-12-15 14:36:52 98816 ----a-w- c:\windows\sed.exe

2010-12-15 14:36:52 89088 ----a-w- c:\windows\MBR.exe

2010-12-15 14:36:52 256512 ----a-w- c:\windows\PEV.exe

2010-12-15 14:36:52 161792 ----a-w- c:\windows\SWREG.exe

2010-12-14 02:07:21 1409 ----a-w- c:\windows\QTFont.for

2010-12-08 19:48:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-08 19:48:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-08 19:48:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2004-08-10 04:30:22 40960 ----a-w- c:\program files\Uninstall_CDS.exe

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: ST912082 rev.3.04 -> Harddisk0\DR0 -> \Device\Scsi\UlSata1

device: opened successfully

user: MBR read successfully

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89E7AAC8]<<

_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x50; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x88b827f8; SUB DWORD [EBP-0x4], 0x88b82100; PUSH EDI; CALL 0xffffffffffffe127; }

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A830030]

3 CLASSPNP[0xBA908FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A834A38]

[0x8A82C190] -> IRP_MJ_CREATE -> 0x89E7AAC8

error: Read The system cannot find the file specified.

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

\Device\Scsi\UlSata1Port1Path0Target4Lun0 -> \??\SCSI#Disk&Ven_ST912082&Prod_1A&Rev_3.04#5&1c766acb&0&040#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

============= FINISH: 10:33:06.21 ===============

Link to post
Share on other sites

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

Delete your copy of TDSSKiller and let's try again.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, change it to Cure and then click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

Link to post
Share on other sites

Sadly, it reported no issues found... Here are the results:

2010/12/21 13:29:53.0140 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46

2010/12/21 13:29:53.0140 ================================================================================

2010/12/21 13:29:53.0140 SystemInfo:

2010/12/21 13:29:53.0140

2010/12/21 13:29:53.0140 OS Version: 5.1.2600 ServicePack: 3.0

2010/12/21 13:29:53.0140 Product type: Workstation

2010/12/21 13:29:53.0140 ComputerName: AUTHORIZ-337800

2010/12/21 13:29:53.0140 UserName: Authorized User

2010/12/21 13:29:53.0140 Windows directory: C:\WINDOWS

2010/12/21 13:29:53.0140 System windows directory: C:\WINDOWS

2010/12/21 13:29:53.0140 Processor architecture: Intel x86

2010/12/21 13:29:53.0140 Number of processors: 2

2010/12/21 13:29:53.0140 Page size: 0x1000

2010/12/21 13:29:53.0140 Boot type: Normal boot

2010/12/21 13:29:53.0140 ================================================================================

2010/12/21 13:29:54.0968 !crdlk

2010/12/21 13:29:55.0109 Initialize success

2010/12/21 13:31:50.0937 ================================================================================

2010/12/21 13:31:50.0937 Scan started

2010/12/21 13:31:50.0937 Mode: Manual;

2010/12/21 13:31:50.0937 ================================================================================

2010/12/21 13:31:52.0250 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/12/21 13:31:52.0328 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2010/12/21 13:31:52.0484 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/12/21 13:31:52.0625 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/12/21 13:31:52.0953 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/12/21 13:31:53.0125 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/12/21 13:31:53.0187 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/12/21 13:31:53.0312 ati2mtag (1a12941c75be2003286c7787f21a7f81) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2010/12/21 13:31:53.0453 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/12/21 13:31:53.0515 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/12/21 13:31:53.0593 BCM43XX (ba58cf7f9e8243f19c3eed2f2dcec770) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

2010/12/21 13:31:53.0671 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/12/21 13:31:54.0000 BHDrvx86 (83a2fec59a0a0fc73bf6598e901b2fbd) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101123.003\BHDrvx86.sys

2010/12/21 13:31:54.0187 brfilt (4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\system32\Drivers\Brfilt.sys

2010/12/21 13:31:54.0312 BrPar (4a26f3d9d8a3383b236ad5989ab8e8e5) C:\WINDOWS\system32\Drivers\BrPar.sys

2010/12/21 13:31:54.0453 BrSerWDM (8e06cd96e00472c03770a697d04031c0) C:\WINDOWS\system32\Drivers\BrSerWdm.sys

2010/12/21 13:31:54.0578 BrUsbMdm (37e2d0b12ddf536cd64af6eb3b580ef8) C:\WINDOWS\system32\Drivers\BrUsbMdm.sys

2010/12/21 13:31:54.0656 BrUsbScn (1c5f014048e5b2748c1a8ad297c50b6f) C:\WINDOWS\system32\Drivers\BrUsbScn.sys

2010/12/21 13:31:54.0781 Cam5603C (5247534b82fa855f22f98b28e3e48de9) C:\WINDOWS\system32\Drivers\Bs350u2.sys

2010/12/21 13:31:55.0109 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/12/21 13:31:55.0156 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/12/21 13:31:55.0265 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys

2010/12/21 13:31:55.0359 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/12/21 13:31:55.0406 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/12/21 13:31:55.0500 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/12/21 13:31:55.0593 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2010/12/21 13:31:55.0656 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2010/12/21 13:31:55.0765 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/12/21 13:31:55.0828 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/12/21 13:31:56.0046 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/12/21 13:31:56.0093 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/12/21 13:31:56.0140 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/12/21 13:31:56.0203 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys

2010/12/21 13:31:56.0296 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/12/21 13:31:56.0625 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

2010/12/21 13:31:56.0687 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

2010/12/21 13:31:56.0859 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/12/21 13:31:56.0953 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/12/21 13:31:57.0031 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/12/21 13:31:57.0156 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2010/12/21 13:31:57.0281 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/12/21 13:31:57.0390 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/12/21 13:31:57.0468 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/12/21 13:31:57.0546 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

2010/12/21 13:31:57.0640 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/12/21 13:31:57.0812 Hardlock (c1cc0c9742b881c42f1cc628e6f9ebd1) C:\WINDOWS\system32\drivers\hardlock.sys

2010/12/21 13:31:57.0937 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys

2010/12/21 13:31:58.0062 HdAudAddService (9131ede087af04a7d80f7ebadc164254) C:\WINDOWS\system32\drivers\HdAudio.sys

2010/12/21 13:31:58.0187 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/12/21 13:31:58.0250 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/12/21 13:31:58.0406 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/12/21 13:31:58.0500 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/12/21 13:31:58.0890 IDSxpx86 (0308238c582a55d83d34feee39542793) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101217.001\IDSxpx86.sys

2010/12/21 13:31:59.0015 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/12/21 13:31:59.0234 IntcAzAudAddService (b2b7af5dc5e1b6b171dfda681d105c7c) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2010/12/21 13:31:59.0390 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2010/12/21 13:31:59.0468 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/12/21 13:31:59.0531 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/12/21 13:31:59.0593 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/12/21 13:31:59.0656 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/12/21 13:31:59.0703 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/12/21 13:31:59.0734 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/12/21 13:31:59.0750 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys

2010/12/21 13:31:59.0781 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/12/21 13:31:59.0843 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/12/21 13:31:59.0906 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/12/21 13:31:59.0984 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/12/21 13:32:00.0046 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/12/21 13:32:00.0171 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys

2010/12/21 13:32:00.0250 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/12/21 13:32:00.0312 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/12/21 13:32:00.0375 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

2010/12/21 13:32:00.0406 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/12/21 13:32:00.0484 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/12/21 13:32:00.0515 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/12/21 13:32:00.0609 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/12/21 13:32:00.0671 MRxSmb (421f7b922cec5a5f340e7574a98f7b7c) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/12/21 13:32:00.0765 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/12/21 13:32:00.0843 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/12/21 13:32:00.0890 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/12/21 13:32:00.0937 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/12/21 13:32:01.0000 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/12/21 13:32:01.0031 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/12/21 13:32:01.0109 Mtlmnt5 (c81a67d4b4c1748aaa496605822f5261) C:\WINDOWS\system32\DRIVERS\SLDRV\Mtlmnt5.sys

2010/12/21 13:32:01.0203 Mtlstrm (6fe3986e727919f7ded38ae00bea954f) C:\WINDOWS\system32\DRIVERS\SLDRV\Mtlstrm.sys

2010/12/21 13:32:01.0296 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/12/21 13:32:01.0359 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/12/21 13:32:01.0765 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101220.002\NAVENG.SYS

2010/12/21 13:32:01.0937 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101220.002\NAVEX15.SYS

2010/12/21 13:32:02.0093 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/12/21 13:32:02.0140 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/12/21 13:32:02.0187 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/12/21 13:32:02.0265 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/12/21 13:32:02.0328 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/12/21 13:32:02.0359 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/12/21 13:32:02.0390 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/12/21 13:32:02.0468 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/12/21 13:32:02.0546 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/12/21 13:32:02.0578 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/12/21 13:32:02.0640 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys

2010/12/21 13:32:02.0703 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/12/21 13:32:02.0734 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/12/21 13:32:02.0781 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/12/21 13:32:02.0843 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/12/21 13:32:02.0890 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/12/21 13:32:02.0921 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/12/21 13:32:02.0953 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/12/21 13:32:03.0187 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/12/21 13:32:03.0218 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/12/21 13:32:03.0281 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/12/21 13:32:03.0312 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2010/12/21 13:32:03.0468 pfc (957b82ec80ad7ead64e5e47df6b0dc40) C:\WINDOWS\system32\drivers\pfc.sys

2010/12/21 13:32:03.0562 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/12/21 13:32:03.0656 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/12/21 13:32:03.0687 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/12/21 13:32:03.0828 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/12/21 13:32:03.0890 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys

2010/12/21 13:32:03.0906 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/12/21 13:32:03.0937 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/12/21 13:32:04.0000 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/12/21 13:32:04.0046 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/12/21 13:32:04.0125 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/12/21 13:32:04.0140 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/12/21 13:32:04.0203 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/12/21 13:32:04.0265 RecAgent (f846aa089b10316d982f24322e15346b) C:\WINDOWS\system32\DRIVERS\SLDRV\RecAgent.sys

2010/12/21 13:32:04.0328 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/12/21 13:32:04.0546 RTL8023xp (4a0ae7891fcf74acc848b109294cb80f) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys

2010/12/21 13:32:04.0625 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/12/21 13:32:04.0703 Sentinel (8627c992b8a80504fc477b2e8ff8ec4f) C:\WINDOWS\System32\Drivers\SENTINEL.SYS

2010/12/21 13:32:04.0765 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/12/21 13:32:04.0781 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/12/21 13:32:04.0812 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

2010/12/21 13:32:04.0906 Slazldrv (e1094e4418d01ce6ffce1841340d1eb4) C:\WINDOWS\system32\DRIVERS\SLDRV\slazldrv.sys

2010/12/21 13:32:04.0937 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/12/21 13:32:04.0984 SlNtHal (a2b07b03c7964a945a796632817d6b7f) C:\WINDOWS\system32\DRIVERS\SLDRV\Slnthal.sys

2010/12/21 13:32:05.0015 SlWdmSup (92544868d0b8ff6500e90d968ff1caed) C:\WINDOWS\system32\DRIVERS\SLDRV\SlWdmSup.sys

2010/12/21 13:32:05.0046 Sntnlusb (87f799c486302aceff098e067d481d9c) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS

2010/12/21 13:32:05.0140 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/12/21 13:32:05.0218 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/12/21 13:32:05.0296 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS

2010/12/21 13:32:05.0328 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS

2010/12/21 13:32:05.0421 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/12/21 13:32:05.0515 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/12/21 13:32:05.0562 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/12/21 13:32:05.0640 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/12/21 13:32:05.0812 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS

2010/12/21 13:32:05.0875 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS

2010/12/21 13:32:05.0937 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

2010/12/21 13:32:06.0031 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS

2010/12/21 13:32:06.0125 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys

2010/12/21 13:32:06.0234 SYMTDI (41aad61f87ca8e3b5d0f7fe7fba0797d) C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS

2010/12/21 13:32:06.0359 SynTP (062e75f20d9bdca40344d85262f74748) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2010/12/21 13:32:06.0437 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/12/21 13:32:06.0531 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/12/21 13:32:06.0578 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/12/21 13:32:06.0625 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/12/21 13:32:06.0687 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/12/21 13:32:06.0765 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/12/21 13:32:06.0843 UlSata (fd565ddf31f857828606b69b050d9d09) C:\WINDOWS\system32\drivers\UlSata.sys

2010/12/21 13:32:06.0937 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/12/21 13:32:07.0062 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/12/21 13:32:07.0093 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/12/21 13:32:07.0203 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/12/21 13:32:07.0265 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/12/21 13:32:07.0296 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/12/21 13:32:07.0359 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/12/21 13:32:07.0421 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/12/21 13:32:07.0484 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/12/21 13:32:07.0531 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/12/21 13:32:07.0562 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/12/21 13:32:07.0671 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/12/21 13:32:07.0812 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2010/12/21 13:32:07.0890 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/12/21 13:32:08.0000 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/12/21 13:32:08.0234 ================================================================================

2010/12/21 13:32:08.0234 Scan finished

2010/12/21 13:32:08.0234 ================================================================================

Link to post
Share on other sites

  • Download OTL to your desktop. Otherwise, try OTL.com or OTL.scr .
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

  • :\_OTL\Moved Files
    • in most cases this will be C:\_OTL\Moved Files

Link to post
Share on other sites

Here you go...

File #1

OTL logfile created on: 12/21/2010 2:15:27 PM - Run 1

OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Authorized User\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 111.78 Gb Total Space | 81.18 Gb Free Space | 72.63% Space Free | Partition Type: NTFS

Computer Name: AUTHORIZ-337800 | User Name: Authorized User | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Authorized User\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe (Symantec Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()

PRC - C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe ()

PRC - C:\WINDOWS\system32\slserv.exe ( )

PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

PRC - C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe ()

PRC - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Adobe Systems Incorporated)

PRC - C:\WINDOWS\mHotkey.exe (Chicony)

PRC - C:\Program Files\ScanSoft\PaperPort\Pptd40nt.exe (Scansoft Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Authorized User\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\asoehook.dll (Symantec Corporation)

MOD - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\microsoft.vc90.crt\msvcr90.dll (Microsoft Corporation)

MOD - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\microsoft.vc90.crt\msvcp90.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found

SRV - (N360) -- C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe (Symantec Corporation)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (ScsiAccess) -- C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe ()

SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)

SRV - (SLService) -- C:\WINDOWS\System32\slserv.exe ( )

SRV - (Adobe Version Cue CS2) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Adobe Systems Incorporated)

========== Driver Services (SafeList) ==========

DRV - (Pcouffin) -- C:\WINDOWS\System32\Drivers\Pcouffin.sys File not found

DRV - (DS1410D) -- C:\WINDOWS\System32\drivers\ds1410d.sys File not found

DRV - (diskchk) -- C:\WINDOWS\System32\diskchk.sys File not found

DRV - (catchme) -- C:\DOCUME~1\AUTHOR~1\LOCALS~1\Temp\catchme.sys File not found

DRV - (Ad-Watch Connect Filter) -- C:\WINDOWS\System32\drivers\NSDriver.sys File not found

DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101220.002\NAVEX15.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101220.002\NAVENG.SYS (Symantec Corporation)

DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101123.003\BHDrvx86.sys (Symantec Corporation)

DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101217.001\IDSXpx86.sys (Symantec Corporation)

DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS (Symantec Corporation)

DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS (Symantec Corporation)

DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS (Symantec Corporation)

DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS (Symantec Corporation)

DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS (Symantec Corporation)

DRV - (ccHP) -- C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys (Symantec Corporation)

DRV - (SymDS) -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS (Symantec Corporation)

DRV - (NSCIRDA) -- C:\WINDOWS\system32\drivers\nscirda.sys (National Semiconductor Corporation)

DRV - (mf) -- C:\WINDOWS\system32\drivers\mf.sys (Microsoft Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (Haspnt) -- C:\WINDOWS\system32\drivers\Haspnt.sys (Aladdin Knowledge Systems)

DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)

DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)

DRV - (Hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (Mtlstrm) -- C:\WINDOWS\system32\drivers\SLDRV\mtlstrm.sys ( )

DRV - (Slazldrv) -- C:\WINDOWS\system32\drivers\SLDRV\slazldrv.sys ( )

DRV - (Mtlmnt5) -- C:\WINDOWS\system32\drivers\SLDRV\mtlmnt5.sys ( )

DRV - (SlNtHal) -- C:\WINDOWS\system32\drivers\SLDRV\slnthal.sys ( )

DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )

DRV - (RecAgent) -- C:\WINDOWS\system32\DRIVERS\SLDRV\RecAgent.sys ( )

DRV - (SlWdmSup) -- C:\WINDOWS\system32\drivers\SLDRV\slwdmsup.sys ( )

DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (UlSata) -- C:\WINDOWS\system32\drivers\UlSata.sys (Promise Technology, Inc.)

DRV - (Cam5603C) -- C:\WINDOWS\system32\drivers\Bs350u2.sys (Bison Electronics. Inc. )

DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows ® Server 2003 DDK provider)

DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)

DRV - (BrUsbScn) -- C:\WINDOWS\system32\drivers\BrUsbScn.sys (Brother Industries Ltd.)

DRV - (BrSerWDM) -- C:\WINDOWS\system32\drivers\BrSerWdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\WINDOWS\system32\drivers\BrUsbMdm.sys (Brother Industries Ltd.)

DRV - (brfilt) -- C:\WINDOWS\system32\drivers\BrFilt.sys (Brother Industries Ltd.)

DRV - (Sentinel) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS (Rainbow Technologies, Inc.)

DRV - (Sntnlusb) -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS (Rainbow Technologies Inc.)

DRV - (BrPar) -- C:\WINDOWS\system32\drivers\BrPar.sys (Brother Industries Ltd.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/07/01 10:09:40 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/06/27 14:26:46 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/07/02 14:12:56 | 000,000,000 | ---D | M]

[2010/07/08 12:43:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2006/08/06 18:25:33 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2010/07/02 14:13:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2006/09/03 14:12:48 | 000,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll

[2010/07/02 14:12:55 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2007/10/24 16:49:16 | 000,036,864 | ---- | M] (Homestead Technologies, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nphssb.dll

[2006/12/12 11:48:22 | 001,440,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll

[2006/11/21 13:27:54 | 000,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

[2006/11/21 13:28:02 | 000,024,576 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll

[2006/11/21 13:27:52 | 000,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

[2008/05/09 13:37:52 | 000,106,128 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npstrlnk.dll

O1 HOSTS File: ([2010/12/15 10:05:11 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()

O2 - BHO: (FlpLauncher Class) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipAlbum 6 Pro\FpLaunch.dll ()

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)

O4 - HKLM..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)

O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)

O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\mHotkey.exe (Chicony)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [PaperPort PTD] c:\Program Files\ScanSoft\PaperPort\Pptd40nt.exe (Scansoft Inc.)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()

O4 - HKCU..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O15 - HKCU\..Trusted Domains: stumbleupon.com ([]* in Trusted sites)

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/sit...b?1250314071953 (MUCatalogWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 () - http://p.airliners.net/photos/photos/6/4/1/1085146.jpg

O24 - Desktop Components:1 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/05/02 16:00:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/12/21 14:10:55 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Authorized User\Desktop\OTL.exe

[2010/12/21 13:26:41 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010/12/20 21:54:11 | 000,000,000 | ---D | C] -- C:\Combo-Fix

[2010/12/16 09:47:52 | 001,345,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Authorized User\Desktop\TDSSKiller.exe

[2010/12/15 21:00:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Authorized User\DoctorWeb

[2010/12/15 09:45:43 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/12/15 09:36:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/12/15 09:36:52 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/12/15 09:36:52 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/12/15 09:36:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/12/15 09:36:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/12/15 09:35:52 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/12/13 11:19:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2010/12/13 11:19:43 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip

[2010/12/12 10:27:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Authorized User\Application Data\Ahead

[2010/12/12 10:11:38 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Authorized User\My Documents\My Data Sources

[2010/12/11 13:58:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Authorized User\Desktop\holiday selection

[2010/12/08 14:48:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/12/08 14:48:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/12/08 14:48:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/12/08 14:47:37 | 007,622,112 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Authorized User\Desktop\mbam-setup-1.50.0.0.exe

[2006/05/02 16:08:17 | 000,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/21 14:10:56 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Authorized User\Desktop\OTL.exe

[2010/12/21 13:27:30 | 001,232,020 | ---- | M] () -- C:\Documents and Settings\Authorized User\Desktop\tdsskiller.zip

[2010/12/21 13:17:55 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/12/21 12:32:43 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/12/21 12:31:34 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2010/12/21 12:30:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\TempFile

[2010/12/21 12:30:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/12/20 21:53:19 | 003,995,496 | R--- | M] () -- C:\Documents and Settings\Authorized User\Desktop\Combo-Fix.exe

[2010/12/17 07:23:06 | 000,416,768 | ---- | M] () -- C:\Documents and Settings\Authorized User\Desktop\CheckTDL.exe

[2010/12/16 09:47:52 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Authorized User\Desktop\TDSSKiller.exe

[2010/12/16 07:17:16 | 000,000,328 | ---- | M] () -- C:\Documents and Settings\Authorized User\My Documents\DrWeb.csv

[2010/12/15 20:54:31 | 000,002,738 | ---- | M] () -- C:\WINDOWS\BrmfBidi.ini

[2010/12/15 20:53:58 | 053,374,552 | ---- | M] () -- C:\Documents and Settings\Authorized User\Desktop\drweb-cureit.exe

[2010/12/15 13:16:08 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\disk.sys

[2010/12/15 10:11:52 | 000,383,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/12/15 10:11:52 | 000,053,806 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/12/15 10:05:11 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/12/15 09:45:53 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2010/12/14 17:50:18 | 000,016,935 | ---- | M] () -- C:\Documents and Settings\Authorized User\Desktop\re-run.zip

[2010/12/13 21:07:21 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for

[2010/12/13 11:21:56 | 000,008,069 | ---- | M] () -- C:\Documents and Settings\Authorized User\Desktop\Attach.zip

[2010/12/13 11:13:28 | 019,973,448 | ---- | M] () -- C:\Documents and Settings\Authorized User\Desktop\winzip150.exe

[2010/12/11 14:00:34 | 000,002,579 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ACDSee Pro 2.lnk

[2010/12/11 13:47:57 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010/12/08 21:35:54 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Authorized User\Desktop\3oqi30j2.exe

[2010/12/08 21:27:08 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Authorized User\Desktop\dds.scr

[2010/12/08 21:26:21 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Authorized User\defogger_reenable

[2010/12/08 21:24:20 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Authorized User\Desktop\Defogger.exe

[2010/12/08 20:28:45 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Authorized User\Desktop\precisesecurity.doc

[2010/12/08 14:48:54 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/12/08 14:47:44 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Authorized User\Desktop\mbam-setup-1.50.0.0.exe

[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/20 21:41:56 | 003,995,496 | R--- | C] () -- C:\Documents and Settings\Authorized User\Desktop\Combo-Fix.exe

[2010/12/17 07:23:06 | 000,416,768 | ---- | C] () -- C:\Documents and Settings\Authorized User\Desktop\CheckTDL.exe

[2010/12/16 07:17:16 | 000,000,328 | ---- | C] () -- C:\Documents and Settings\Authorized User\My Documents\DrWeb.csv

[2010/12/15 20:53:51 | 053,374,552 | ---- | C] () -- C:\Documents and Settings\Authorized User\Desktop\drweb-cureit.exe

[2010/12/15 09:45:52 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010/12/15 09:45:48 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2010/12/15 09:36:52 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/12/15 09:36:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/12/15 09:36:52 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/12/15 09:36:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/12/15 09:36:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/12/14 17:50:18 | 000,016,935 | ---- | C] () -- C:\Documents and Settings\Authorized User\Desktop\re-run.zip

[2010/12/13 21:07:21 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn

[2010/12/13 21:07:21 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for

[2010/12/13 14:47:17 | 001,232,020 | ---- | C] () -- C:\Documents and Settings\Authorized User\Desktop\tdsskiller.zip

[2010/12/13 11:21:56 | 000,008,069 | ---- | C] () -- C:\Documents and Settings\Authorized User\Desktop\Attach.zip

[2010/12/13 11:13:26 | 019,973,448 | ---- | C] () -- C:\Documents and Settings\Authorized User\Desktop\winzip150.exe

[2010/12/08 21:35:52 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Authorized User\Desktop\3oqi30j2.exe

[2010/12/08 21:27:06 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Authorized User\Desktop\dds.scr

[2010/12/08 21:25:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Authorized User\defogger_reenable

[2010/12/08 21:24:20 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Authorized User\Desktop\Defogger.exe

[2010/12/08 20:28:45 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Authorized User\Desktop\precisesecurity.doc

[2010/12/08 14:48:54 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/09/30 17:06:29 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll

[2009/09/30 16:41:18 | 000,001,046 | ---- | C] () -- C:\WINDOWS\maxlink.ini

[2009/09/30 16:41:18 | 000,000,090 | ---- | C] () -- C:\WINDOWS\calera.ini

[2009/09/30 16:41:12 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL

[2009/09/30 16:41:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL

[2009/09/30 16:41:12 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL

[2009/09/30 16:41:03 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL

[2009/08/25 17:06:46 | 000,000,032 | ---- | C] () -- C:\WINDOWS\BrmfXCh1.ini

[2008/05/25 00:42:25 | 000,000,063 | ---- | C] () -- C:\WINDOWS\cralog.ini

[2008/02/04 14:44:17 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll

[2007/08/28 10:42:58 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\ftx32.dll

[2007/08/20 09:56:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhotoNow.INI

[2006/12/25 13:03:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI

[2006/12/19 15:53:29 | 000,001,498 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2006/12/18 12:40:51 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Authorized User\Local Settings\Application Data\fusioncache.dat

[2006/12/14 10:54:14 | 000,001,372 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2006/12/10 09:46:32 | 000,001,009 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2006/09/17 13:25:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI

[2006/09/17 13:23:19 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll

[2006/09/17 13:23:19 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll

[2006/09/17 13:23:17 | 000,006,688 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys

[2006/07/22 18:42:20 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe

[2006/07/03 14:37:32 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2006/05/20 10:11:34 | 000,041,984 | ---- | C] () -- C:\Documents and Settings\Authorized User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2006/05/14 16:55:18 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\vfolx32n.dll

[2006/05/14 16:45:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2006/05/14 16:00:28 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys

[2006/05/05 13:12:00 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M1000Twn.ini

[2006/05/05 10:42:49 | 000,002,048 | ---- | C] () -- C:\Documents and Settings\Authorized User\Application Data\user60.rdb

[2006/05/05 10:36:47 | 000,000,095 | ---- | C] () -- C:\Documents and Settings\Authorized User\Application Data\sversion.ini

[2006/05/02 16:13:32 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll

[2006/05/02 16:13:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll

[2006/05/02 16:08:17 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll

[2006/05/02 16:08:17 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll

[2006/05/02 16:08:17 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\SLMOHServ.dll

[2006/05/02 16:07:52 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll

[2006/05/02 10:49:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2005/04/29 02:58:20 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll

[2005/04/29 02:58:20 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll

[2005/04/29 02:58:20 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\slcoinst.dll

[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2002/03/21 15:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL

[2001/04/04 10:16:20 | 000,002,738 | ---- | C] () -- C:\WINDOWS\BrmfBidi.ini

========== LOP Check ==========

[2008/02/01 13:15:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems

[2008/02/01 13:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus

[2006/10/31 10:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES

[2006/07/03 16:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software

[2006/11/30 18:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster

[2009/05/14 11:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings

[2010/04/29 09:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard

[2007/07/19 18:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc

[2007/06/16 13:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Smilebox

[2010/05/07 22:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!

[2007/01/09 19:41:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/12/13 11:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2008/10/12 18:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

[2009/08/20 20:11:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}

[2010/04/12 21:59:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\ABB50BD3F3F6041C55FE23015D53EBA4

[2006/05/14 15:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\ACD Systems

[2008/02/15 17:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\Azureus

[2006/09/04 13:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\BitTorrent

[2010/11/28 19:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\EBookSys

[2009/08/09 16:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\MSNInstaller

[2007/07/02 08:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\Netscape

[2006/06/24 13:20:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\Nova Development

[2006/08/03 13:06:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\Opera

[2007/07/09 18:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\Photodex

[2007/06/25 18:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\Pixela

[2007/06/16 13:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\Smilebox

[2007/08/16 15:48:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\StumbleUpon

[2010/08/26 12:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\Tific

[2007/07/24 10:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\Walgreens

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C895616B

< End of report >

And the other

File #2:

OTL Extras logfile created on: 12/21/2010 2:15:27 PM - Run 1

OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Authorized User\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 111.78 Gb Total Space | 81.18 Gb Free Space | 72.63% Space Free | Partition Type: NTFS

Computer Name: AUTHORIZ-337800 | User Name: Authorized User | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" File not found

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [ACDSee Pro 2.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee Pro\2.0\ACDSeeQVPro2.exe" "%1" (ACD Systems)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3

"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{08F9879C-0AA3-4B0A-AACE-3498BBCAE175}" = Scrapbook Factory Deluxe 3.0

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{1B2DBF55-05D4-4072-87D8-689141E262BD}" = Creative ZEN

"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server

"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth

"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs

"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{44E5B47F-870E-4E38-A458-8A5FC4DCFECF}" = ImageMixer for HDD Camcorder

"{46548E80-0409-0000-7E8A-45000F855001}" = Adobe GoLive CS2

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin

"{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}" = ACDSee Pro 2

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service

"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup

"{6A5D1A94-624A-4D20-B178-3A283B500370}" = Adobe Setup

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3

"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files

"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash

"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{708F9BEF-2B8C-421D-813E-8CA9EA29B1B8}" = Napster 3.5 MP3 Encoder

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{77D2A9D3-5800-43E3-B274-87841BC87DB2}" = Adobe ExtendScript Toolkit 2

"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0

"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3

"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3

"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}" = Adobe Setup

"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver

"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{A0BD89C0-D39D-11D5-BBEC-00D0B740900A}" = Multimedia / Internet Keyboard Driver VerR8.16

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2

"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0

"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster

"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3

"{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime

"{C347D234-93D8-4595-BDAA-C04638B23B48}" = Adobe Creative Suite 3 Web Premium

"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific

"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3

"{C62D7344-8709-4443-9C95-F90659CBC27F}" = Art Explosion Publisher Pro Silver Edition

"{C9E3ACAB-1A3B-4B67-A653-916F250ABAD4}" = BisonCam, USB2.0

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0

"{D09A4E8E-1989-4021-A78A-49D3BF4D0C09}" = FlipAlbum 6.0 Pro

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D10EC365-8936-4B40-AE2E-FCDA61C326D3}" = Alias DirectConnect 2.0

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0

"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F99F74B4-972B-4B06-B893-6B3B0DB0128B}" = ACDSee Pro

"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player

"Adobe SVG Viewer" = Adobe SVG Viewer 3.0

"Adobe_247961ef275e20c5cb073c36394ac32" = Add or Remove Adobe Creative Suite 3 Web Premium

"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2

"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings

"All ATI Software" = ATI - Software Uninstall Utility

"ATI Display Driver" = ATI Display Driver

"AudibleManager" = AudibleManager

"Azureus Vuze" = Azureus Vuze

"Brother Extensions for Paperport" = Brother Extensions for Paperport

"Creative Software AutoUpdate" = Creative Software AutoUpdate

"FLV Player" = FLV Player 2.0, build 24

"HijackThis" = HijackThis 2.0.2

"ie8" = Windows Internet Explorer 8

"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin

"InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"InterActual Player" = InterActual Player

"Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"N360" = Norton Security Suite

"Nero - Burning Rom!UninstallKey" = Nero OEM

"PaperPort 6.5" = PaperPort 6.5

"Photodex Presenter" = Photodex Presenter

"Picasa 3" = Picasa 3

"ProShow Producer" = ProShow Producer

"Rainbow Sentinel Driver" = Sentinel System Driver

"RealPlayer 6.0" = RealPlayer

"SLAMRNTV" = Smart Link 56K Voice Modem

"Supreme Office Suite 3.0" = Supreme Office Suite 3.0

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"SysInfo" = Creative System Information

"WGA" = Windows Genuine Advantage Validation Tool

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = WinRAR archiver

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"ZENcast Organizer" = ZENcast Organizer

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Vuze Launcher" = Vuze Launcher

========== Last 10 Event Log Errors ==========

[ System Events ]

Error - 12/8/2010 9:16:13 PM | Computer Name = AUTHORIZ-337800 | Source = MRxSmb | ID = 8003

Description = The master browser has received a server announcement from the computer

MADELINELEMI-PC that believes that it is the master browser for the domain on transport

NetBT_Tcpip_{86D22217-0AC. The master browser is stopping or an election is being

forced.

Error - 12/8/2010 10:28:14 PM | Computer Name = AUTHORIZ-337800 | Source = MRxSmb | ID = 8003

Description = The master browser has received a server announcement from the computer

MADELINELEMI-PC that believes that it is the master browser for the domain on transport

NetBT_Tcpip_{86D22217-0AC. The master browser is stopping or an election is being

forced.

< End of report >

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.