Post by: ba5852 on January 14, 2012, 02:15:25 PM
Ran Malwarebytes in chameleon mode and found 11 files labeled as Rootkit.0access. Malwarebytes stated that it successfully quarantined and deleted all 11 files. Ran Malwarebytes again and found no other infected files.
When I try to run Malwarebytes, superantispyware or Norton Internet Security I get the following message:
"Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."
Therefore I am unable to run any antivirus or antimalware software at this point. Would appreciate any help you might be able to render.
Post by: guestolo on January 14, 2012, 02:47:55 PM
Right click on dds.scr and choose to "Run as Admin" if running Vista or Windows 7 to run it, double click on dds.scr if running other OS
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop. Post them back to this topic.
Post by: ba5852 on January 14, 2012, 02:54:04 PM
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Bruce at 13:04:57 on 2012-01-14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.414 [GMT -5:00]
.
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ===============
.
"\\.\globalroot\Device\svchost.exe\svchost.exe"
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\ULI5289\ALi5289.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Common Files\AOL\1228527480\ee\AOLSoftware.exe
C:\Program Files\Maxtor\ManagerApp\msssort.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
mRun: [ALi5289] "c:\program files\uli5289\ALi5289.exe"
mRun: [SoundMan] "SOUNDMAN.EXE"
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] "nwiz.exe" /install
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NeroCheck] "c:\windows\system32\NeroCheck.exe"
mRun: [EasyTuneV] "c:\program files\gigabyte\et5\GUI.exe"
mRun: [WheelMouse] Amoumain.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [OCAudioIni] "c:\program files\one-click audio converter\OCAudioIni.exe"
mRun: [HostManager] "c:\program files\common files\aol\1228527480\ee\AOLSoftware.exe"
mRun: [mssSort] "c:\program files\maxtor\managerapp\msssort.exe"
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [<NO NAME>]
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\printk~1.lnk - c:\program files\printkey2000\Printkey2000.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1151899614577
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4C667E55-A13A-427B-9BB2-9028CB4ACB7E} : DhcpNameServer = 192.168.0.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bruce\application data\mozilla\firefox\profiles\9o218xc0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R0 m5289;m5289;c:\windows\system32\drivers\m5289.sys [2006-7-2 51840]
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [2006-7-2 45056]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 Maxtor Sync Services;Maxtor Service;c:\program files\maxtor\sync\SyncServices.exe [2008-4-1 161120]
R2 NAVAPEL;NAVAPEL;c:\program files\symantec_client_security\symantec antivirus\Navapel.sys [2002-6-19 29184]
R2 StarWindService;StarWind iSCSI Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindService.exe [2005-4-1 217600]
R3 Amps2prt;A4Tech PS/2 Port Mouse Filter Driver;c:\windows\system32\drivers\Amps2prt.sys [2006-7-3 10195]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-1-13 24064]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-1-14 40776]
R3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2006-8-6 223128]
S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;"c:\program files\webroot\security\current\plugins\antimalware\aei.exe" --> c:\program files\webroot\security\current\plugins\antimalware\AEI.exe [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-1-13 106104]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 NAVAP;NAVAP;c:\program files\symantec_client_security\symantec antivirus\Navap.sys [2002-6-19 218112]
S3 Norton AntiVirus Server;Symantec AntiVirus Client;c:\program files\symantec_client_security\symantec antivirus\Rtvscan.exe [2002-7-30 573440]
.
=============== Created Last 30 ================
.
2012-01-14 14:46:48 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-01-14 04:42:26 24064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-01-13 21:49:18 -------- d-----w- c:\documents and settings\bruce\application data\Tific
2012-01-13 20:40:25 -------- d-----w- c:\windows\Internet Logs
2012-01-13 20:37:04 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
2012-01-13 20:34:36 -------- d-----w- c:\documents and settings\all users\application data\Norton
2012-01-13 20:13:03 -------- d-----w- c:\documents and settings\all users\application data\IsolatedStorage
2012-01-13 20:13:00 -------- d-----w- c:\documents and settings\bruce\local settings\application data\ID Vault
2012-01-13 20:11:18 -------- d-----w- c:\documents and settings\bruce\application data\ID Vault
2012-01-13 20:09:11 -------- d-----w- c:\program files\Constant Guard Protection Suite
2012-01-13 20:06:04 -------- d-----w- c:\windows\system32\XPSViewer
2012-01-13 20:05:34 27648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-01-13 20:05:12 14048 ------w- c:\windows\system32\spmsg2.dll
2012-01-13 20:01:32 -------- d-----w- c:\documents and settings\all users\application data\White Sky, Inc
.
==================== Find3M ====================
.
2012-01-13 22:27:36 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-01-13 22:27:36 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe >>UNKNOWN [0x86F99BF8]<<
_asm { MOV EAX, 0x86f99b18; XCHG [ESP], EAX; PUSH EAX; PUSH 0x86fa0c94; RET ; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk1\DR1[0x86F66AB8]
\Driver\Disk[0x86F68940] -> IRP_MJ_CREATE -> 0x86F99BF8
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\Disk -> 0x86f99bf8
user & kernel MBR OK
Warning: possible MBR rootkit infection !
.
============= FINISH: 13:05:21.01 ===============
attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume4
Install Date: 7/2/2006 11:55:05 AM
System Uptime: 1/14/2012 12:18:41 AM (13 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | M1689D
Processor: AMD Athlon(tm) 64 Processor 3300+ | Socket 7 | 2411/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 148 GiB total, 74.997 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (FAT32) - 6 GiB total, 4.323 GiB free.
G: is FIXED (NTFS) - 4 GiB total, 0.271 GiB free.
I: is CDROM ()
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
A4Tech iWheelWorks V7.0
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20030807.3)
Athlon 64 Processor Driver
BitTorrent
CamStudio
Critical Update for Windows Media Player 11 (KB959772)
dBpowerAMP FLAC Codec
dBpowerAMP Music Converter
dBpowerAMP Ogg Vorbis Codec
DNA
EasyTune5
FLAC Installer 1.1.2a (remove only)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Officejet Pro 8500 A910 Basic Device Software
HP Officejet Pro 8500 A910 Help
HP Officejet Pro 8500 A910 Product Improvement Study
HP Update
I.R.I.S. OCR
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 13
Java(TM) 6 Update 3
Java(TM) 6 Update 7
Learn2 Player (Uninstall Only)
LiveUpdate 1.7 (Symantec Corporation)
Malwarebytes Anti-Malware version 1.60.0.1800
Marketsplash Shortcuts
Maxtor Central Axis Manager
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Premium
Microsoft Plus! for Windows XP
Microsoft Reader
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Mozilla Firefox 6.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
Nero - Burning Rom
NVIDIA Drivers
One-click Audio Converter Uninstall
PrintKey2000
QuickTime
RealPlayer Basic
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Spybot - Search & Destroy
SUPERAntiSpyware
Symantec AntiVirus Client
TeamViewer 6
TorrentMan Toolbar
ULi M5289 SATA Controller Driver
ULi PCI to AGP Controller Driver
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC 9.0 Runtime
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Vuze
WebFldrs XP
Windows Communication Foundation
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
1/13/2012 5:32:55 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
1/13/2012 5:32:55 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Norton Security Suite\Engine\5.0.0.125\coIEPlg.dll. Reference error message: The operation completed successfully. .
1/13/2012 5:32:55 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
1/13/2012 5:16:08 PM, error: Service Control Manager [7000] - The CGPS Service service failed to start due to the following error: The system cannot find the file specified.
1/13/2012 4:58:45 PM, error: Service Control Manager [7000] - The Norton Security Suite service failed to start due to the following error: Access is denied.
1/13/2012 4:45:44 PM, error: Service Control Manager [7031] - The Norton Security Suite service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/13/2012 4:37:07 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
1/13/2012 4:36:30 PM, error: Service Control Manager [7000] - The Webroot Spy Sweeper Engine service failed to start due to the following error: The system cannot find the path specified.
1/13/2012 4:36:09 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000043' while processing the file 'cdrom.sys' on the volume 'HarddiskVolume4'. It has stopped monitoring the volume.
1/13/2012 4:22:39 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'cdrom.sys' on the volume 'HarddiskVolume4'. It has stopped monitoring the volume.
1/13/2012 4:10:29 PM, error: Service Control Manager [7000] - The Webroot Spy Sweeper Engine service failed to start due to the following error: Access is denied.
1/13/2012 4:10:29 PM, error: DCOM [10005] - DCOM got error "%5" attempting to start the service WebrootSpySweeperService with arguments "" in order to run the server: {2302C9AF-7F45-4A95-94F8-575F962090AC}
1/13/2012 3:42:34 PM, error: Service Control Manager [7034] - The Webroot Spy Sweeper Engine service terminated unexpectedly. It has done this 1 time(s).
1/13/2012 10:49:38 PM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
1/13/2012 10:43:38 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 eeCtrl Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
1/13/2012 10:43:38 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
1/13/2012 10:43:38 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/13/2012 10:43:38 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/13/2012 10:43:38 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
1/13/2012 10:43:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
1/13/2012 10:42:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
.
==== End Of File ===========================
Post by: guestolo on January 14, 2012, 03:05:44 PM
[color="#0000FF"]Link 1[/color] (http://"http://download.bleepingcomputer.com/sUBs/ComboFix.exe")
Save it ONLY to your Desktop
--------------------------------------------------------------------
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
[color="#2e8b57"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]
(http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif)
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://img.photobucket.com/albums/v706/ried7/whatnext.png)
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply
NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please
Post by: ba5852 on January 14, 2012, 03:51:48 PM
"ComboFix has detected the following real time scanner(s) to be active:
antivirus: Norton Security Suite
Antivirus and intrusion prevention programs are known to interfere
with ComboFix's running. This may lead to unpredictable results or possible machine damage.
Please disable these scaners before clicking 'OK'."
I had previously installed and uninstalled Norton Internet Security in an attempt to get it to load properly. It is currently uninstalled but it seems to think it's still there.
I noticed that Norton Antivirus Corporate Edition ver 8 is program list. It has somehow been disabled so that it does not run on boot up. Just for the heck of it I ran it from the Start Menu ran a scan. The scan completed and it did not find any problems.
I have not clicked OK on the warning message.
Post by: guestolo on January 14, 2012, 03:58:50 PM
Can you do the following please
Download TDSSKiller:
http://support.kaspersky.com/downloads/utils/tdsskiller.exe
Save it to your desktop then double click on it to run it
Click the START SCAN, when done
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.
Then try running ComboFix again
Edit: I was posting when you were possibly editing your above reply?
Not sure, but please carry on with these instructions please if not to late
If you have carried on with running ComboFix, post it's log then we will carry on
Post by: ba5852 on January 14, 2012, 04:11:16 PM
It's probably the infection causing the problem with ComboFix
Can you do the following please
Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe (http://"http://support.kaspersky.com/downloads/utils/tdsskiller.exe")
Save it to your desktop then double click on it to run it
Click the START SCAN, when done
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.
Then try running ComboFix again
Edit: I was posting when you were possibly editing your above reply?
Not sure, but please carry on with these instructions please if not to late
If you have carried on with running ComboFix, post it's log then we will carry on
[/quote]
Post by: ba5852 on January 14, 2012, 04:14:34 PM
It's probably the infection causing the problem with ComboFix
Can you do the following please
Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe (http://"http://support.kaspersky.com/downloads/utils/tdsskiller.exe")
Save it to your desktop then double click on it to run it
Click the START SCAN, when done
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.
Then try running ComboFix again
Edit: I was posting when you were possibly editing your above reply?
Not sure, but please carry on with these instructions please if not to late
If you have carried on with running ComboFix, post it's log then we will carry on
[/quote]
How do you insert dialogue boxes showing error messages in this editor. When I try I get a page of code instead of the image I'm trying to send.
Post by: guestolo on January 14, 2012, 04:25:27 PM
you should upload to something like Photobucket or Imageshack and link to it
I think that's what you mean
Anyway's, can you carry on with my previous reply please
Post by: ba5852 on January 14, 2012, 10:57:32 PM
22:44:02.0671 2848 ============================================================
22:44:02.0671 2848 Current date / time: 2012/01/14 22:44:02.0671
22:44:02.0671 2848 SystemInfo:
22:44:02.0671 2848
22:44:02.0671 2848 OS Version: 5.1.2600 ServicePack: 3.0
22:44:02.0671 2848 Product type: Workstation
22:44:02.0671 2848 ComputerName: AMD3300
22:44:02.0671 2848 UserName: Bruce
22:44:02.0671 2848 Windows directory: C:\WINDOWS
22:44:02.0671 2848 System windows directory: C:\WINDOWS
22:44:02.0671 2848 Processor architecture: Intel x86
22:44:02.0671 2848 Number of processors: 1
22:44:02.0671 2848 Page size: 0x1000
22:44:02.0671 2848 Boot type: Normal boot
22:44:02.0671 2848 ============================================================
22:44:03.0484 2848 Drive \Device\Harddisk0\DR0 - Size: 0x4C54C7E00, SectorSize: 0x200, Cylinders: 0x9BB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000054
22:44:03.0500 2848 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2DC00, SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000058
22:44:03.0656 2848 Initialize success
22:44:21.0859 0948 ============================================================
22:44:21.0859 0948 Scan started
22:44:21.0859 0948 Mode: Manual;
22:44:21.0859 0948 ============================================================
22:44:22.0531 0948 Abiosdsk - ok
22:44:22.0687 0948 abp480n5 - ok
22:44:22.0937 0948 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:44:23.0031 0948 ACPI - ok
22:44:23.0312 0948 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:44:23.0343 0948 ACPIEC - ok
22:44:23.0500 0948 adpu160m - ok
22:44:23.0546 0948 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:44:23.0546 0948 aec - ok
22:44:23.0593 0948 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
22:44:23.0609 0948 AFD - ok
22:44:23.0625 0948 Aha154x - ok
22:44:23.0656 0948 aic78u2 - ok
22:44:23.0671 0948 aic78xx - ok
22:44:23.0781 0948 ALCXWDM (f5d4d3899e16e1f75398297844386226) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
22:44:23.0828 0948 ALCXWDM - ok
22:44:23.0890 0948 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
22:44:23.0890 0948 AliIde - ok
22:44:23.0921 0948 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
22:44:23.0921 0948 AmdK8 - ok
22:44:23.0968 0948 Amps2prt (8e14139857d820b54f27aa2ec24cddff) C:\WINDOWS\system32\Drivers\Amps2prt.sys
22:44:23.0968 0948 Amps2prt - ok
22:44:24.0000 0948 amsint - ok
22:44:24.0015 0948 asc - ok
22:44:24.0031 0948 asc3350p - ok
22:44:24.0062 0948 asc3550 - ok
22:44:24.0109 0948 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
22:44:24.0109 0948 ASCTRM - ok
22:44:24.0171 0948 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:44:24.0171 0948 AsyncMac - ok
22:44:24.0203 0948 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:44:24.0203 0948 atapi - ok
22:44:24.0218 0948 Atdisk - ok
22:44:24.0250 0948 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:44:24.0265 0948 Atmarpc - ok
22:44:24.0296 0948 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:44:24.0296 0948 audstub - ok
22:44:24.0343 0948 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:44:24.0343 0948 Beep - ok
22:44:24.0390 0948 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:44:24.0390 0948 cbidf2k - ok
22:44:24.0406 0948 cd20xrnt - ok
22:44:24.0437 0948 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:44:24.0437 0948 Cdaudio - ok
22:44:24.0453 0948 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:44:24.0453 0948 Cdfs - ok
22:44:24.0500 0948 Cdrom (89bd2e81c34dbf16cc2bcec90a912781) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:44:24.0500 0948 Cdrom ( Rootkit.Win32.ZAccess.e ) - infected
22:44:24.0500 0948 Cdrom - detected Rootkit.Win32.ZAccess.e (0)
22:44:24.0515 0948 Changer - ok
22:44:24.0546 0948 CmdIde - ok
22:44:24.0578 0948 Cpqarray - ok
22:44:24.0609 0948 dac2w2k - ok
22:44:24.0625 0948 dac960nt - ok
22:44:24.0656 0948 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:44:24.0656 0948 Disk - ok
22:44:24.0718 0948 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:44:24.0734 0948 dmboot - ok
22:44:24.0765 0948 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:44:24.0765 0948 dmio - ok
22:44:24.0781 0948 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:44:24.0781 0948 dmload - ok
22:44:24.0828 0948 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:44:24.0828 0948 DMusic - ok
22:44:24.0859 0948 dpti2o - ok
22:44:24.0875 0948 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:44:24.0875 0948 drmkaud - ok
22:44:24.0937 0948 dtscsi (12aca694b50ea53563c1e7c99e7bb27d) C:\WINDOWS\System32\Drivers\dtscsi.sys
22:44:24.0937 0948 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\dtscsi.sys. md5: 12aca694b50ea53563c1e7c99e7bb27d
22:44:24.0937 0948 dtscsi ( LockedFile.Multi.Generic ) - warning
22:44:24.0937 0948 dtscsi - detected LockedFile.Multi.Generic (1)
22:44:25.0046 0948 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
22:44:25.0046 0948 eeCtrl - ok
22:44:25.0078 0948 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:44:25.0078 0948 EraserUtilRebootDrv - ok
22:44:25.0125 0948 ET5Drv (57af1036880449056dd8adac9f2d1fe1) C:\WINDOWS\system32\Drivers\ET5Drv.sys
22:44:25.0140 0948 ET5Drv - ok
22:44:25.0187 0948 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:44:25.0187 0948 Fastfat - ok
22:44:25.0218 0948 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:44:25.0218 0948 Fdc - ok
22:44:25.0234 0948 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:44:25.0234 0948 Fips - ok
22:44:25.0265 0948 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:44:25.0265 0948 Flpydisk - ok
22:44:25.0281 0948 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:44:25.0296 0948 FltMgr - ok
22:44:25.0312 0948 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:44:25.0312 0948 Fs_Rec - ok
22:44:25.0343 0948 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:44:25.0343 0948 Ftdisk - ok
22:44:25.0359 0948 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
22:44:25.0375 0948 gameenum - ok
22:44:25.0390 0948 gdrv (36cf9048cee590c13fa8f007d1cb45ff) C:\WINDOWS\gdrv.sys
22:44:25.0671 0948 gdrv - ok
22:44:25.0781 0948 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:44:25.0781 0948 Gpc - ok
22:44:25.0859 0948 HCF_MSFT (4236e014632f4163f53ebb717f41594c) C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys
22:44:25.0890 0948 HCF_MSFT - ok
22:44:25.0921 0948 hpn - ok
22:44:25.0937 0948 hpt3xx - ok
22:44:26.0000 0948 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:44:26.0000 0948 HTTP - ok
22:44:26.0015 0948 i2omgmt - ok
22:44:26.0046 0948 i2omp - ok
22:44:26.0078 0948 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:44:26.0078 0948 i8042prt - ok
22:44:26.0109 0948 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:44:26.0109 0948 Imapi - ok
22:44:26.0140 0948 ini910u - ok
22:44:26.0171 0948 IntelIde - ok
22:44:26.0203 0948 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:44:26.0203 0948 ip6fw - ok
22:44:26.0234 0948 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:44:26.0250 0948 IpFilterDriver - ok
22:44:26.0265 0948 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:44:26.0281 0948 IpInIp - ok
22:44:26.0312 0948 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:44:26.0312 0948 IpNat - ok
22:44:26.0343 0948 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:44:26.0343 0948 IPSec - ok
22:44:26.0375 0948 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:44:26.0375 0948 IRENUM - ok
22:44:26.0421 0948 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:44:26.0421 0948 isapnp - ok
22:44:26.0453 0948 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:44:26.0453 0948 Kbdclass - ok
22:44:26.0484 0948 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:44:26.0500 0948 kmixer - ok
22:44:26.0531 0948 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:44:26.0531 0948 KSecDD - ok
22:44:26.0578 0948 Lavasoft Kernexplorer - ok
22:44:26.0609 0948 lbrtfdc - ok
22:44:26.0656 0948 m5289 (2424b13987360840b4bf4e5fb5a66d3f) C:\WINDOWS\system32\drivers\m5289.sys
22:44:26.0656 0948 m5289 - ok
22:44:26.0687 0948 mbamchameleon (7ffd29fafcde7aaf89b689b6e156d5b0) C:\WINDOWS\system32\drivers\mbamchameleon.sys
22:44:26.0687 0948 mbamchameleon - ok
22:44:26.0718 0948 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
22:44:26.0718 0948 MBAMSwissArmy - ok
22:44:26.0750 0948 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:44:26.0750 0948 mnmdd - ok
22:44:26.0796 0948 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:44:26.0796 0948 Modem - ok
22:44:26.0828 0948 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:44:26.0828 0948 Mouclass - ok
22:44:26.0859 0948 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:44:26.0859 0948 MountMgr - ok
22:44:26.0875 0948 mraid35x - ok
22:44:26.0890 0948 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:44:26.0906 0948 MRxDAV - ok
22:44:26.0968 0948 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:44:26.0984 0948 MRxSmb - ok
22:44:27.0000 0948 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:44:27.0000 0948 Msfs - ok
22:44:27.0062 0948 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:44:27.0062 0948 MSKSSRV - ok
22:44:27.0078 0948 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:44:27.0093 0948 MSPCLOCK - ok
22:44:27.0109 0948 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:44:27.0109 0948 MSPQM - ok
22:44:27.0156 0948 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:44:27.0156 0948 mssmbios - ok
22:44:27.0187 0948 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:44:27.0187 0948 Mup - ok
22:44:27.0296 0948 NAVAP (70c4d2474833b6ef16342e5d33359ff6) C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys
22:44:27.0312 0948 NAVAP - ok
22:44:27.0328 0948 NAVAPEL (f81a56a1be2c0ea8c2ff320cd5dc9aad) C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS
22:44:27.0328 0948 NAVAPEL - ok
22:44:27.0375 0948 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:44:27.0390 0948 NDIS - ok
22:44:27.0437 0948 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:44:27.0437 0948 NdisTapi - ok
22:44:27.0468 0948 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:44:27.0484 0948 Ndisuio - ok
22:44:27.0500 0948 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:44:27.0500 0948 NdisWan - ok
22:44:27.0531 0948 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:44:27.0531 0948 NDProxy - ok
22:44:27.0562 0948 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:44:27.0562 0948 NetBIOS - ok
22:44:27.0593 0948 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:44:27.0593 0948 NetBT - ok
22:44:27.0656 0948 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:44:27.0656 0948 Npfs - ok
22:44:27.0703 0948 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:44:27.0718 0948 Ntfs - ok
22:44:27.0750 0948 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:44:27.0750 0948 Null - ok
22:44:27.0875 0948 nv (7fe3f1721856365c882dae13f3600223) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:44:27.0937 0948 nv - ok
22:44:27.0984 0948 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:44:27.0984 0948 NwlnkFlt - ok
22:44:28.0000 0948 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:44:28.0000 0948 NwlnkFwd - ok
22:44:28.0046 0948 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:44:28.0062 0948 Parport - ok
22:44:28.0078 0948 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:44:28.0078 0948 PartMgr - ok
22:44:28.0125 0948 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:44:28.0140 0948 ParVdm - ok
22:44:28.0156 0948 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:44:28.0156 0948 PCI - ok
22:44:28.0171 0948 PCIDump - ok
22:44:28.0187 0948 PCIIde - ok
22:44:28.0234 0948 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:44:28.0234 0948 Pcmcia - ok
22:44:28.0250 0948 PDCOMP - ok
22:44:28.0281 0948 PDFRAME - ok
22:44:28.0296 0948 PDRELI - ok
22:44:28.0312 0948 PDRFRAME - ok
22:44:28.0328 0948 perc2 - ok
22:44:28.0343 0948 perc2hib - ok
22:44:28.0421 0948 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:44:28.0421 0948 PptpMiniport - ok
22:44:28.0437 0948 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
22:44:28.0453 0948 Processor - ok
22:44:28.0468 0948 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:44:28.0468 0948 PSched - ok
22:44:28.0484 0948 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:44:28.0500 0948 Ptilink - ok
22:44:28.0515 0948 ql1080 - ok
22:44:28.0531 0948 Ql10wnt - ok
22:44:28.0546 0948 ql12160 - ok
22:44:28.0578 0948 ql1240 - ok
22:44:28.0593 0948 ql1280 - ok
22:44:28.0609 0948 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:44:28.0609 0948 RasAcd - ok
22:44:28.0640 0948 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:44:28.0640 0948 Rasl2tp - ok
22:44:28.0671 0948 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:44:28.0671 0948 RasPppoe - ok
22:44:28.0687 0948 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:44:28.0687 0948 Raspti - ok
22:44:28.0750 0948 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:44:28.0750 0948 Rdbss - ok
22:44:28.0781 0948 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:44:28.0781 0948 RDPCDD - ok
22:44:28.0812 0948 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:44:28.0828 0948 rdpdr - ok
22:44:28.0890 0948 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:44:28.0890 0948 RDPWD - ok
22:44:28.0921 0948 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:44:28.0921 0948 redbook - ok
22:44:29.0000 0948 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
22:44:29.0000 0948 RTL8023xp - ok
22:44:29.0046 0948 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
22:44:29.0046 0948 rtl8139 - ok
22:44:29.0156 0948 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:44:29.0156 0948 SASDIFSV - ok
22:44:29.0156 0948 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:44:29.0171 0948 SASKUTIL - ok
22:44:29.0218 0948 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:44:29.0218 0948 Secdrv - ok
22:44:29.0265 0948 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:44:29.0265 0948 serenum - ok
22:44:29.0296 0948 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:44:29.0296 0948 Serial - ok
22:44:29.0328 0948 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:44:29.0343 0948 Sfloppy - ok
22:44:29.0359 0948 Simbad - ok
22:44:29.0390 0948 Sparrow - ok
22:44:29.0406 0948 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:44:29.0406 0948 splitter - ok
22:44:29.0500 0948 sptd (1669769eb21ba54c217b2764a31b58d0) C:\WINDOWS\system32\Drivers\sptd.sys
22:44:29.0500 0948 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 1669769eb21ba54c217b2764a31b58d0
22:44:29.0500 0948 sptd ( LockedFile.Multi.Generic ) - warning
22:44:29.0500 0948 sptd - detected LockedFile.Multi.Generic (1)
22:44:29.0515 0948 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\System32\DRIVERS\sr.sys
22:44:29.0515 0948 sr - ok
22:44:29.0562 0948 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:44:29.0578 0948 Srv - ok
22:44:29.0625 0948 SSKBFD (8564bc9598be1705477b7fa61d657c2b) C:\WINDOWS\system32\Drivers\sskbfd.sys
22:44:29.0625 0948 SSKBFD - ok
22:44:29.0687 0948 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
22:44:29.0687 0948 StillCam - ok
22:44:29.0703 0948 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:44:29.0718 0948 swenum - ok
22:44:29.0750 0948 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:44:29.0750 0948 swmidi - ok
22:44:29.0781 0948 symc810 - ok
22:44:29.0796 0948 symc8xx - ok
22:44:29.0859 0948 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
22:44:29.0859 0948 SymEvent - ok
22:44:29.0875 0948 sym_hi - ok
22:44:29.0890 0948 sym_u3 - ok
22:44:29.0921 0948 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:44:29.0921 0948 sysaudio - ok
22:44:30.0000 0948 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:44:30.0015 0948 Tcpip - ok
22:44:30.0046 0948 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:44:30.0046 0948 TDPIPE - ok
22:44:30.0078 0948 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:44:30.0078 0948 TDTCP - ok
22:44:30.0109 0948 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:44:30.0109 0948 TermDD - ok
22:44:30.0140 0948 TosIde - ok
22:44:30.0187 0948 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:44:30.0187 0948 Udfs - ok
22:44:30.0234 0948 uliagpkx (67ab641cc203081780e8483faa959549) C:\WINDOWS\system32\DRIVERS\agpkx.sys
22:44:30.0234 0948 uliagpkx - ok
22:44:30.0250 0948 ultra - ok
22:44:30.0281 0948 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:44:30.0296 0948 Update - ok
22:44:30.0328 0948 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:44:30.0328 0948 usbehci - ok
22:44:30.0359 0948 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:44:30.0359 0948 usbhub - ok
22:44:30.0375 0948 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:44:30.0375 0948 usbohci - ok
22:44:30.0406 0948 vaxscsi (92cebc2bc7be2c8d49391b365569f306) C:\WINDOWS\System32\Drivers\vaxscsi.sys
22:44:30.0406 0948 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\vaxscsi.sys. md5: 92cebc2bc7be2c8d49391b365569f306
22:44:30.0406 0948 vaxscsi ( LockedFile.Multi.Generic ) - warning
22:44:30.0406 0948 vaxscsi - detected LockedFile.Multi.Generic (1)
22:44:30.0437 0948 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:44:30.0437 0948 VgaSave - ok
22:44:30.0453 0948 ViaIde - ok
22:44:30.0468 0948 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:44:30.0484 0948 VolSnap - ok
22:44:30.0531 0948 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:44:30.0531 0948 Wanarp - ok
22:44:30.0593 0948 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
22:44:30.0593 0948 wanatw - ok
22:44:30.0609 0948 WDICA - ok
22:44:30.0640 0948 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:44:30.0656 0948 wdmaud - ok
22:44:30.0765 0948 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:44:30.0765 0948 WudfPf - ok
22:44:30.0796 0948 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:44:30.0796 0948 WudfRd - ok
22:44:30.0843 0948 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:44:31.0015 0948 \Device\Harddisk0\DR0 - ok
22:44:31.0031 0948 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
22:44:31.0187 0948 \Device\Harddisk1\DR1 - ok
22:44:31.0203 0948 Boot (0x1200) (48e13a6aaacad536e1ae907175eac47b) \Device\Harddisk0\DR0\Partition0
22:44:31.0203 0948 \Device\Harddisk0\DR0\Partition0 - ok
22:44:31.0250 0948 Boot (0x1200) (b0bace90a67378428fdc1cd3d096194e) \Device\Harddisk0\DR0\Partition1
22:44:31.0250 0948 \Device\Harddisk0\DR0\Partition1 - ok
22:44:31.0281 0948 Boot (0x1200) (b1e27aa018409de6bfd73f8afb883a65) \Device\Harddisk0\DR0\Partition2
22:44:31.0281 0948 \Device\Harddisk0\DR0\Partition2 - ok
22:44:31.0281 0948 Boot (0x1200) (4e418a58d367408e286c4310b75e2d34) \Device\Harddisk1\DR1\Partition0
22:44:31.0281 0948 \Device\Harddisk1\DR1\Partition0 - ok
22:44:31.0281 0948 ============================================================
22:44:31.0281 0948 Scan finished
22:44:31.0296 0948 ============================================================
22:44:31.0312 0764 Detected object count: 4
22:44:31.0312 0764 Actual detected object count: 4
22:46:52.0046 0764 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\cdrom.sys) error 1813
22:46:53.0421 0764 Backup copy found, using it..
22:46:53.0421 0764 C:\WINDOWS\system32\DRIVERS\cdrom.sys - will be cured on reboot
22:46:55.0046 0764 Cdrom ( Rootkit.Win32.ZAccess.e ) - User select action: Cure
22:46:55.0046 0764 dtscsi ( LockedFile.Multi.Generic ) - skipped by user
22:46:55.0046 0764 dtscsi ( LockedFile.Multi.Generic ) - User select action: Skip
22:46:55.0062 0764 sptd ( LockedFile.Multi.Generic ) - skipped by user
22:46:55.0062 0764 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
22:46:55.0062 0764 vaxscsi ( LockedFile.Multi.Generic ) - skipped by user
22:46:55.0062 0764 vaxscsi ( LockedFile.Multi.Generic ) - User select action: Skip
22:47:10.0468 2948 Deinitialize success
I tried to run ComboFix after this but I get the same warning message as earlier saying that it detected Norton Security Suite and asking me to disable it before clicking OK.
Post by: guestolo on January 14, 2012, 11:07:44 PM
Post by: ba5852 on January 14, 2012, 11:49:37 PM
ComboFix 12-01-13.05 - Bruce 01/14/2012 23:30:44.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.752 [GMT -5:00]
Running from: c:\documents and settings\Bruce\Desktop\ComboFix.exe
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Bruce\WINDOWS
c:\windows\$NtUninstallKB54814$
c:\windows\$NtUninstallKB54814$\1740983844\Desktop.ini
c:\windows\$NtUninstallKB54814$\1740983844\L\akygdmgo
c:\windows\$NtUninstallKB54814$\3673378331
c:\windows\alcrmv.exe
c:\windows\system32\install.exe
c:\windows\system32\SET309.tmp
c:\windows\system32\SET30C.tmp
c:\windows\system32\SET310.tmp
c:\windows\system32\SET311.tmp
c:\windows\system32\SET318.tmp
c:\windows\system32\SET31A.tmp
.
c:\windows\system32\drivers\dtscsi.sys . . . is infected!! . . . Failed to find a valid replacement.
.
((((((((((((((((((((((((( Files Created from 2011-12-15 to 2012-01-15 )))))))))))))))))))))))))))))))
.
.
2012-01-14 14:46 . 2012-01-14 14:46 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-01-14 04:42 . 2012-01-14 05:23 24064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-01-14 03:43 . 2012-01-14 03:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2012-01-14 03:43 . 2012-01-14 03:43 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-01-13 21:49 . 2012-01-13 21:49 -------- d-----w- c:\documents and settings\Bruce\Application Data\Tific
2012-01-13 21:06 . 2012-01-13 21:06 -------- d-----w- c:\program files\Windows Sidebar
2012-01-13 20:40 . 2012-01-13 20:40 -------- d-----w- c:\windows\Internet Logs
2012-01-13 20:34 . 2012-01-13 23:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2012-01-13 20:32 . 2012-01-13 20:32 -------- d-----w- c:\documents and settings\LocalService\Application Data\ID Vault
2012-01-13 20:13 . 2012-01-13 20:13 -------- d-----w- c:\documents and settings\All Users\Application Data\IsolatedStorage
2012-01-13 20:13 . 2012-01-13 20:23 -------- d-----w- c:\documents and settings\Bruce\Local Settings\Application Data\ID Vault
2012-01-13 20:11 . 2012-01-13 23:13 -------- d-----w- c:\documents and settings\Bruce\Application Data\ID Vault
2012-01-13 20:09 . 2012-01-13 23:13 -------- d-----w- c:\program files\Constant Guard Protection Suite
2012-01-13 20:08 . 2012-01-13 20:08 -------- d-----w- c:\program files\MSBuild
2012-01-13 20:06 . 2012-01-13 20:06 -------- d-----w- c:\windows\system32\XPSViewer
2012-01-13 20:05 . 2012-01-13 20:05 -------- d-----w- c:\program files\Reference Assemblies
2012-01-13 20:05 . 2006-10-14 21:43 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-01-13 20:05 . 2006-06-29 18:07 14048 ------w- c:\windows\system32\spmsg2.dll
2012-01-13 20:01 . 2012-01-13 20:01 -------- d-----w- c:\documents and settings\All Users\Application Data\White Sky, Inc
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-15 03:48 . 2001-08-23 22:09 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-01-13 22:27 . 2006-07-03 14:00 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-01-13 22:27 . 2006-07-03 14:00 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-12-10 20:24 . 2010-01-02 13:05 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-02 20:22 . 2011-04-26 14:00 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-22 323392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALi5289"="c:\program files\ULI5289\ALi5289.exe" [2005-03-10 405504]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 77824]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2005-07-21 7110656]
"nwiz"="nwiz.exe" [2005-07-21 1519616]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2005-07-21 86016]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-08-07 155648]
"EasyTuneV"="c:\program files\Gigabyte\ET5\GUI.exe" [2007-05-22 207680]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-07-03 77824]
"OCAudioIni"="c:\program files\One-click Audio Converter\OCAudioIni.exe" [2006-01-23 57344]
"HostManager"="c:\program files\Common Files\AOL\1228527480\ee\AOLSoftware.exe" [2008-06-24 41824]
"mssSort"="c:\program files\Maxtor\ManagerApp\msssort.exe" [2008-04-01 1647960]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-04-01 169312]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Printkey2000.lnk - c:\program files\PrintKey2000\Printkey2000.exe [2009-11-25 869376]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Gigabyte\\ET5\\update.exe"=
"c:\\Program Files\\America Online 9.0\\wEmail Removedexe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
.
R0 m5289;m5289;c:\windows\system32\drivers\m5289.sys [7/2/2006 5:40 PM 51840]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/6/2006 10:01 AM 642560]
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [7/2/2006 11:01 PM 45056]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 Maxtor Sync Services;Maxtor Service;c:\program files\Maxtor\Sync\SyncServices.exe [4/1/2008 1:46 PM 161120]
R3 Amps2prt;A4Tech PS/2 Port Mouse Filter Driver;c:\windows\system32\drivers\Amps2prt.sys [7/3/2006 10:19 AM 10195]
R3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [8/6/2006 10:33 AM 223128]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/13/2012 4:06 PM 106104]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [1/13/2012 11:42 PM 24064]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1/14/2012 9:46 AM 40776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-14 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-06-14 21:07]
.
2012-01-15 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-06-14 21:07]
.
2012-01-14 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-06-14 21:07]
.
2012-01-14 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-06-14 21:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Bruce\Application Data\Mozilla\Firefox\Profiles\9o218xc0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
ShellIconOverlayIdentifiers-{b75ab0c8-03d5-4592-9821-a48d54d66b14} - MssShellExt.dll
HKLM-Run-WheelMouse - Amoumain.exe
SafeBoot-38145882.sys
SafeBoot-svcWRSSSDK
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-14 23:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(716)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3228)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\wanmpsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2012-01-14 23:44:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-15 04:44
.
Pre-Run: 80,458,866,688 bytes free
Post-Run: 80,410,353,664 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 92BCC7EA291BF945EF8B700F0E4B5C84
Post by: guestolo on January 15, 2012, 01:04:36 AM
A legit file from Alcohol 120 may have been removed
Can you do the following:
Download TFC by Old Timer and save it to your desktop.
http://oldtimer.geekstogo.com/TFC.exe
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately.
Back in Windows
If possible, disable your AntiVirus scanner so it won't interrupt the next scan
Download and save to desktop the installer to Eset Online Scanner from here
[color="#0000FF"]esetsmartinstaller_enu.exe[/color] (http://"http://download.eset.com/special/eos/esetsmartinstaller_enu.exe")
Double click on the file to run it, check YES to accept the agreement
Ensure "Remove Found Threats" and "Scan Archives" are both checked
Then click START>> It should now download virus signature database
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic
Post by: ba5852 on January 15, 2012, 11:01:26 AM
"Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."
I'll go ahead and follow your last instructions.
Post by: ba5852 on January 15, 2012, 01:18:23 PM
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4d342da963de634fa08a236829d7f3d5
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-15 06:13:06
# local_time=2012-01-15 01:13:06 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9730 16764926 0 8 70165 63228839 0 0
# scanned=96210
# found=2
# cleaned=2
# scan_time=7309
C:\Documents and Settings\All Users\Documents\Torrent Downloads\Pinnacle Studio Plus v.10 Titanium Edition\Pinnacle.Studio.Plus.v10.5.1.Titanium.Edition.Multilanguage CD1.ISO a variant of Win32/Keygen.AZ application (deleted - quarantined) 00000000000000000000000000000000 C
G:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPQROPQR\searchit[1].htm JS/AdWare.SearchPage.A virus (deleted - quarantined) 00000000000000000000000000000000 C
Post by: guestolo on January 15, 2012, 01:29:26 PM
- Double click the aswMBR.exe to run it
- If prompted to download Avast AV free edition, simply select NO
- Click the "Scan" button to start the scan
On completion of the scan click save log, save it to your desktop and post in your next reply
(http://public.avast.com/~gmerek/aswMBR2.png)
In addition:
download Junction.zip and save it
- Unzip it and put junction.exe in the Windows directory (C:\Windows).
- Go to Start > Run, alternatively, press the Windows key + r Copy and paste the following command in the run box and click OK:
[color="#0000FF"]cmd /c junction -s c:\ >log.txt&log.txt& del log.txt[/color]
- A command window opens starting to scan the system. Wait until a log file opens. Copy and paste or attach the contents of it.
Post by: ba5852 on January 15, 2012, 01:41:44 PM
Run date: 2012-01-15 13:38:09
-----------------------------
13:38:09.015 OS Version: Windows 5.1.2600 Service Pack 3
13:38:09.015 Number of processors: 1 586 0x40A
13:38:09.015 ComputerName: AMD3300 UserName: Bruce
13:38:09.437 Initialize success
13:39:24.062 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3
13:39:24.062 Disk 0 Vendor: Maxtor_32049H3 BAC51KJ0 Size: 19540MB BusType: 3
13:39:24.062 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Scsi\m52891Port2Path0Target0Lun0
13:39:24.062 Disk 1 Vendor: VT10 Size: 238475MB BusType: 1
13:39:24.062 Device \Driver\m5289 -> DriverStartIo SPTD1725.SYS f733640e
13:39:24.062 Device \Driver\m5289 -> MajorFunction 86f99e30
13:39:24.078 Disk 1 MBR read successfully
13:39:24.078 Disk 1 MBR scan
13:39:24.078 Disk 1 Windows XP default MBR code
13:39:24.078 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 151801 MB offset 63
13:39:24.078 Disk 1 scanning sectors +310889880
13:39:24.125 Disk 1 scanning C:\WINDOWS\system32\drivers
13:39:29.312 Service scanning
13:39:29.609 Service dtscsi C:\WINDOWS\System32\Drivers\dtscsi.sys **LOCKED** 32
13:39:30.250 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
13:39:30.265 Service vaxscsi C:\WINDOWS\System32\Drivers\vaxscsi.sys **LOCKED** 32
13:39:30.796 Modules scanning
13:39:44.765 Disk 1 trace - called modules:
13:39:44.781 ntkrnlpa.exe >>UNKNOWN [0x86f99b78]<<
13:39:44.781 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x86f11ab8]
13:39:44.781 \Driver\Disk[0x86ec5940] -> IRP_MJ_CREATE -> 0x86f99b78
13:39:44.781 Scan finished successfully
13:40:17.843 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Bruce\Desktop\MBR.dat"
13:40:17.843 The log file has been saved successfully to "C:\Documents and Settings\Bruce\Desktop\aswMBR.txt"
You didn't give me a link to Junction.zip so I was unable to download it.
Post by: guestolo on January 15, 2012, 01:50:00 PM
Quote
You didn't give me a link to Junction.zip so I was unable to download it.
Woops, sorry about that
Let's do the following instead please
Download [color="#FF0000"]AntiZeroAccess[/color] (http://"http://anywhere.webrootcloudav.com/antizeroaccess.exe")[/url] to Desktop
- Double click on AntiZeroAccess to run it
- Type y and press enter to run the scan
- Please attach the AntiZeroAccess_Log.txt log to your next message. This file is saved in the same location as AntiZeroAccess program.
Download [color="#0000FF"]Junction.zip (http://"http://download.sysinternals.com/Files/Junction.zip")[/color] and save it
- Unzip it and put junction.exe in the Windows directory (C:\Windows).
- Go to Start > Run, alternatively, press the Windows key + r Copy and paste the following command in the run box and click OK:
[color="#0000FF"]cmd /c junction -s c:\ >log.txt&log.txt& del log.txt[/color]
- A command window opens starting to scan the system. Wait until a log file opens. Copy and paste or attach the contents of it.
Post by: ba5852 on January 15, 2012, 02:01:05 PM
Execution time: 15/01/2012 - 14:00
Host operation System: Windows Xp X86 version 5.1.2600 Service Pack 3
14:00:33 - CheckSystem - Begin to check system...
14:00:33 - OpenRootDrive - Opening system root volume and physical drive....
14:00:33 - C Root Drive: Disk number: 1 Start sector: 0x0000003F Partition Size: 0x1287CD59 sectors.
14:00:33 - PrevX Main driver extracted in "C:\WINDOWS\system32\drivers\ZeroAccess.sys".
14:00:33 - InstallAndStartDriver - Main driver was installed and now is running.
14:00:33 - CheckSystem - Warning! Disk class driver is INFECTED.
14:00:34 - CheckFile - Unable to read "dtscsi.sys" file. CreateFile last eror: 0x00000020.
14:00:35 - CheckFile - Unable to read "sptd.sys" file. CreateFile last eror: 0x00000020.
14:00:35 - CheckFile - Unable to read "sptd1725.sys" file. CreateFile last eror: 0x00000020.
14:00:36 - CheckFile - Unable to read "vaxscsi.sys" file. CreateFile last eror: 0x00000020.
14:00:36 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed.
14:00:36 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted!
14:00:36 - Execution Ended!
Post by: ba5852 on January 15, 2012, 02:08:44 PM
Copyright (C) 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com
Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.
...
...
...
...
...
.
Failed to open \\?\c:\\Documents and Settings\Bruce\Desktop\OTL.exe: Access is denied.
..
...
...
...
...
...
...
Failed to open \\?\c:\\Program Files\Malwarebytes' Anti-Malware\mbam.exe: Access is denied.
...
..
Failed to open \\?\c:\\Program Files\Spybot - Search & Destroy\SpybotSD.exe: Access is denied.
Failed to open \\?\c:\\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe: Access is denied.
.
Failed to open \\?\c:\\Qoobox\BackEnv: Access is denied.
...
...
...
...
...
...
...\\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
\\?\c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
...
...
...
...
...
...
...
.
Failed to open \\?\c:\\WINDOWS\system32\MRT.exe: Access is denied.
..
...
...
Post by: guestolo on January 15, 2012, 02:22:47 PM
Please download GrantPerms.zip (http://"http://download.bleepingcomputer.com/farbar/GrantPerms.zip") and save it to your desktop.
- Unzip the file and depending on the system run GrantPerms.exe
- Copy and paste the following in the quote box, don't include the word 'quote':
Quote
c:\\Program Files\Malwarebytes' Anti-Malware\mbam.exe
c:\\Program Files\Spybot - Search & Destroy\SpybotSD.exe
c:\\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
c:\\Qoobox\BackEnv
c:\\WINDOWS\system32\MRT.exe
- Click Unlock. When it is done click "OK".
- Click List Permissions and post the result (Perms.txt) that pops up. A copy of Perms.txt will be saved in the same directory the tool is run.
Don't run a scan yet
Post by: ba5852 on January 15, 2012, 02:45:07 PM
Ran by Bruce (administrator) at 2012-01-15 14:45:18
===============================================
\\?\c:\\Program Files\Malwarebytes' Anti-Malware\mbam.exe
Owner: BUILTIN\Administrators
DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)
\\?\c:\\Program Files\Spybot - Search & Destroy\SpybotSD.exe
Owner: BUILTIN\Administrators
DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)
\\?\c:\\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Owner: BUILTIN\Administrators
DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)
\\?\c:\\Qoobox\BackEnv
Owner: BUILTIN\Administrators
DACL(NP)(AI):
BUILTIN\Administrators FULL ALLOW (CI)(OI)(I)
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)(I)
CREATOR OWNER FULL ALLOW (CI)(OI)(IO)(I)
BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)(I)
BUILTIN\Users ADD SUBDIRECTORY ALLOW (CI)(I)
BUILTIN\Users ADD FILE ALLOW (CI)(I)
\\?\c:\\WINDOWS\system32\MRT.exe
Owner: BUILTIN\Administrators
DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)
Post by: guestolo on January 15, 2012, 02:49:30 PM
Quote
In addition, can you try opening Malwarebytes anti-malware now and let me know if it will open
Post by: ba5852 on January 15, 2012, 02:55:06 PM
The scan completed successfully and did not find anything.
Post by: guestolo on January 15, 2012, 03:00:27 PM
Wanted to make sure you updated before you ran it, and it might be a good idea to run
A Full system scan
Post the log afterwards
Post by: ba5852 on January 15, 2012, 04:21:31 PM
I found one item.
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org
Database version: v2012.01.15.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Bruce :: AMD3300 [administrator]
1/15/2012 3:05:58 PM
mbam-log-2012-01-15 (15-05-58).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 267865
Time elapsed: 1 hour(s), 11 minute(s), 36 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
F:\WINDOWS\SYSTEM\HLINK.DLL (Trojan.FakeMS) -> Quarantined and deleted successfully.
(end)
Post by: guestolo on January 15, 2012, 04:45:50 PM
and possibly if you had Daemon tools installed at one time, did you?
Can you delete your copy of TDSKiller.exe and also it's text file it made in the C:\ folder
Redownload it and run another scan and post the new log
http://support.kaspersky.com/downloads/utils/tdsskiller.exe
Keep me informed how things are now running please
Post by: ba5852 on January 15, 2012, 04:51:48 PM
I got the following error message:
Cannot delete OTL: Access is denied.
Make sure the disk is not full or write-protected
and that the file is not currently in use.
I just tried to delete it again now and it does the same thing.
Post by: ba5852 on January 15, 2012, 04:59:03 PM
I deleted TDSKiller and the associated .txt file and then redownloaded it.
This is the new .txt file
16:57:04.0468 2544 TDSS rootkit removing tool 2.7.1.0 Jan 13 2012 15:24:05
16:57:04.0796 2544 ============================================================
16:57:04.0796 2544 Current date / time: 2012/01/15 16:57:04.0796
16:57:04.0796 2544 SystemInfo:
16:57:04.0796 2544
16:57:04.0796 2544 OS Version: 5.1.2600 ServicePack: 3.0
16:57:04.0796 2544 Product type: Workstation
16:57:04.0796 2544 ComputerName: AMD3300
16:57:04.0796 2544 UserName: Bruce
16:57:04.0796 2544 Windows directory: C:\WINDOWS
16:57:04.0796 2544 System windows directory: C:\WINDOWS
16:57:04.0796 2544 Processor architecture: Intel x86
16:57:04.0796 2544 Number of processors: 1
16:57:04.0796 2544 Page size: 0x1000
16:57:04.0796 2544 Boot type: Normal boot
16:57:04.0796 2544 ============================================================
16:57:05.0218 2544 Drive \Device\Harddisk0\DR0 - Size: 0x4C54C7E00, SectorSize: 0x200, Cylinders: 0x9BB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000054
16:57:05.0250 2544 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2DC00, SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000058
16:57:05.0421 2544 Initialize success
16:57:15.0875 2532 ============================================================
16:57:15.0875 2532 Scan started
16:57:15.0875 2532 Mode: Manual;
16:57:15.0875 2532 ============================================================
16:57:16.0062 2532 Abiosdsk - ok
16:57:16.0078 2532 abp480n5 - ok
16:57:16.0125 2532 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:57:16.0125 2532 ACPI - ok
16:57:16.0171 2532 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:57:16.0171 2532 ACPIEC - ok
16:57:16.0203 2532 adpu160m - ok
16:57:16.0234 2532 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:57:16.0250 2532 aec - ok
16:57:16.0296 2532 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
16:57:16.0296 2532 AFD - ok
16:57:16.0312 2532 Aha154x - ok
16:57:16.0343 2532 aic78u2 - ok
16:57:16.0359 2532 aic78xx - ok
16:57:16.0468 2532 ALCXWDM (f5d4d3899e16e1f75398297844386226) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
16:57:16.0500 2532 ALCXWDM - ok
16:57:16.0562 2532 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
16:57:16.0562 2532 AliIde - ok
16:57:16.0609 2532 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
16:57:16.0609 2532 AmdK8 - ok
16:57:16.0656 2532 Amps2prt (8e14139857d820b54f27aa2ec24cddff) C:\WINDOWS\system32\Drivers\Amps2prt.sys
16:57:16.0656 2532 Amps2prt - ok
16:57:16.0671 2532 amsint - ok
16:57:16.0703 2532 asc - ok
16:57:16.0718 2532 asc3350p - ok
16:57:16.0750 2532 asc3550 - ok
16:57:16.0812 2532 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
16:57:16.0812 2532 ASCTRM - ok
16:57:16.0875 2532 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:57:16.0875 2532 AsyncMac - ok
16:57:16.0906 2532 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:57:16.0906 2532 atapi - ok
16:57:16.0937 2532 Atdisk - ok
16:57:16.0984 2532 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:57:16.0984 2532 Atmarpc - ok
16:57:17.0031 2532 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:57:17.0031 2532 audstub - ok
16:57:17.0093 2532 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:57:17.0093 2532 Beep - ok
16:57:17.0109 2532 catchme - ok
16:57:17.0156 2532 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:57:17.0156 2532 cbidf2k - ok
16:57:17.0171 2532 cd20xrnt - ok
16:57:17.0203 2532 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:57:17.0203 2532 Cdaudio - ok
16:57:17.0218 2532 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:57:17.0218 2532 Cdfs - ok
16:57:17.0265 2532 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:57:17.0265 2532 Cdrom - ok
16:57:17.0281 2532 Changer - ok
16:57:17.0312 2532 CmdIde - ok
16:57:17.0343 2532 Cpqarray - ok
16:57:17.0359 2532 dac2w2k - ok
16:57:17.0390 2532 dac960nt - ok
16:57:17.0421 2532 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:57:17.0421 2532 Disk - ok
16:57:17.0468 2532 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:57:17.0484 2532 dmboot - ok
16:57:17.0515 2532 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:57:17.0531 2532 dmio - ok
16:57:17.0546 2532 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:57:17.0546 2532 dmload - ok
16:57:17.0578 2532 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:57:17.0578 2532 DMusic - ok
16:57:17.0609 2532 dpti2o - ok
16:57:17.0640 2532 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:57:17.0640 2532 drmkaud - ok
16:57:17.0687 2532 dtscsi (12aca694b50ea53563c1e7c99e7bb27d) C:\WINDOWS\System32\Drivers\dtscsi.sys
16:57:17.0687 2532 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\dtscsi.sys. md5: 12aca694b50ea53563c1e7c99e7bb27d
16:57:17.0687 2532 dtscsi ( LockedFile.Multi.Generic ) - warning
16:57:17.0687 2532 dtscsi - detected LockedFile.Multi.Generic (1)
16:57:17.0796 2532 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
16:57:17.0796 2532 eeCtrl - ok
16:57:17.0828 2532 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:57:17.0828 2532 EraserUtilRebootDrv - ok
16:57:17.0890 2532 ET5Drv (57af1036880449056dd8adac9f2d1fe1) C:\WINDOWS\system32\Drivers\ET5Drv.sys
16:57:17.0890 2532 ET5Drv - ok
16:57:17.0937 2532 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:57:17.0937 2532 Fastfat - ok
16:57:17.0953 2532 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:57:17.0953 2532 Fdc - ok
16:57:17.0968 2532 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:57:17.0984 2532 Fips - ok
16:57:18.0000 2532 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:57:18.0000 2532 Flpydisk - ok
16:57:18.0031 2532 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:57:18.0031 2532 FltMgr - ok
16:57:18.0062 2532 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:57:18.0062 2532 Fs_Rec - ok
16:57:18.0078 2532 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:57:18.0093 2532 Ftdisk - ok
16:57:18.0125 2532 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
16:57:18.0125 2532 gameenum - ok
16:57:18.0140 2532 gdrv (36cf9048cee590c13fa8f007d1cb45ff) C:\WINDOWS\gdrv.sys
16:57:18.0156 2532 gdrv - ok
16:57:18.0203 2532 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:57:18.0203 2532 Gpc - ok
16:57:18.0265 2532 HCF_MSFT (4236e014632f4163f53ebb717f41594c) C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys
16:57:18.0281 2532 HCF_MSFT - ok
16:57:18.0328 2532 hpn - ok
16:57:18.0343 2532 hpt3xx - ok
16:57:18.0406 2532 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:57:18.0406 2532 HTTP - ok
16:57:18.0437 2532 i2omgmt - ok
16:57:18.0453 2532 i2omp - ok
16:57:18.0484 2532 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:57:18.0484 2532 i8042prt - ok
16:57:18.0515 2532 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:57:18.0515 2532 Imapi - ok
16:57:18.0546 2532 ini910u - ok
16:57:18.0562 2532 IntelIde - ok
16:57:18.0593 2532 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:57:18.0609 2532 ip6fw - ok
16:57:18.0640 2532 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:57:18.0640 2532 IpFilterDriver - ok
16:57:18.0671 2532 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:57:18.0671 2532 IpInIp - ok
16:57:18.0703 2532 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:57:18.0718 2532 IpNat - ok
16:57:18.0734 2532 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:57:18.0750 2532 IPSec - ok
16:57:18.0781 2532 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:57:18.0781 2532 IRENUM - ok
16:57:18.0812 2532 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:57:18.0812 2532 isapnp - ok
16:57:18.0828 2532 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:57:18.0843 2532 Kbdclass - ok
16:57:18.0875 2532 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:57:18.0875 2532 kmixer - ok
16:57:18.0921 2532 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:57:18.0921 2532 KSecDD - ok
16:57:18.0968 2532 Lavasoft Kernexplorer - ok
16:57:18.0984 2532 lbrtfdc - ok
16:57:19.0031 2532 m5289 (2424b13987360840b4bf4e5fb5a66d3f) C:\WINDOWS\system32\drivers\m5289.sys
16:57:19.0031 2532 m5289 - ok
16:57:19.0062 2532 mbamchameleon (7ffd29fafcde7aaf89b689b6e156d5b0) C:\WINDOWS\system32\drivers\mbamchameleon.sys
16:57:19.0062 2532 mbamchameleon - ok
16:57:19.0093 2532 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:57:19.0093 2532 mnmdd - ok
16:57:19.0140 2532 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:57:19.0140 2532 Modem - ok
16:57:19.0203 2532 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:57:19.0203 2532 Mouclass - ok
16:57:19.0234 2532 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:57:19.0250 2532 MountMgr - ok
16:57:19.0250 2532 mraid35x - ok
16:57:19.0281 2532 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:57:19.0281 2532 MRxDAV - ok
16:57:19.0343 2532 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:57:19.0359 2532 MRxSmb - ok
16:57:19.0390 2532 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:57:19.0390 2532 Msfs - ok
16:57:19.0421 2532 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:57:19.0437 2532 MSKSSRV - ok
16:57:19.0453 2532 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:57:19.0453 2532 MSPCLOCK - ok
16:57:19.0484 2532 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:57:19.0484 2532 MSPQM - ok
16:57:19.0515 2532 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:57:19.0515 2532 mssmbios - ok
16:57:19.0546 2532 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:57:19.0546 2532 Mup - ok
16:57:19.0656 2532 NAVAP (70c4d2474833b6ef16342e5d33359ff6) C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys
16:57:19.0671 2532 NAVAP - ok
16:57:19.0687 2532 NAVAPEL (f81a56a1be2c0ea8c2ff320cd5dc9aad) C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS
16:57:19.0687 2532 NAVAPEL - ok
16:57:19.0734 2532 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:57:19.0734 2532 NDIS - ok
16:57:19.0781 2532 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:57:19.0796 2532 NdisTapi - ok
16:57:19.0812 2532 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:57:19.0812 2532 Ndisuio - ok
16:57:19.0843 2532 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:57:19.0843 2532 NdisWan - ok
16:57:19.0890 2532 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:57:19.0890 2532 NDProxy - ok
16:57:19.0906 2532 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:57:19.0906 2532 NetBIOS - ok
16:57:19.0937 2532 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:57:19.0937 2532 NetBT - ok
16:57:19.0984 2532 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:57:19.0984 2532 Npfs - ok
16:57:20.0031 2532 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:57:20.0031 2532 Ntfs - ok
16:57:20.0062 2532 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:57:20.0062 2532 Null - ok
16:57:20.0203 2532 nv (7fe3f1721856365c882dae13f3600223) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:57:20.0250 2532 nv - ok
16:57:20.0312 2532 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:57:20.0312 2532 NwlnkFlt - ok
16:57:20.0328 2532 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:57:20.0328 2532 NwlnkFwd - ok
16:57:20.0375 2532 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:57:20.0375 2532 Parport - ok
16:57:20.0421 2532 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:57:20.0421 2532 PartMgr - ok
16:57:20.0453 2532 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:57:20.0453 2532 ParVdm - ok
16:57:20.0468 2532 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:57:20.0468 2532 PCI - ok
16:57:20.0484 2532 PCIDump - ok
16:57:20.0500 2532 PCIIde - ok
16:57:20.0546 2532 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:57:20.0546 2532 Pcmcia - ok
16:57:20.0562 2532 PDCOMP - ok
16:57:20.0593 2532 PDFRAME - ok
16:57:20.0609 2532 PDRELI - ok
16:57:20.0625 2532 PDRFRAME - ok
16:57:20.0640 2532 perc2 - ok
16:57:20.0671 2532 perc2hib - ok
16:57:20.0734 2532 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:57:20.0734 2532 PptpMiniport - ok
16:57:20.0765 2532 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
16:57:20.0765 2532 Processor - ok
16:57:20.0781 2532 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:57:20.0781 2532 PSched - ok
16:57:20.0812 2532 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:57:20.0812 2532 Ptilink - ok
16:57:20.0828 2532 ql1080 - ok
16:57:20.0843 2532 Ql10wnt - ok
16:57:20.0859 2532 ql12160 - ok
16:57:20.0890 2532 ql1240 - ok
16:57:20.0906 2532 ql1280 - ok
16:57:20.0937 2532 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:57:20.0953 2532 RasAcd - ok
16:57:20.0968 2532 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:57:20.0968 2532 Rasl2tp - ok
16:57:21.0000 2532 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:57:21.0000 2532 RasPppoe - ok
16:57:21.0015 2532 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:57:21.0015 2532 Raspti - ok
16:57:21.0046 2532 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:57:21.0046 2532 Rdbss - ok
16:57:21.0078 2532 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:57:21.0078 2532 RDPCDD - ok
16:57:21.0109 2532 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:57:21.0109 2532 rdpdr - ok
16:57:21.0171 2532 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
16:57:21.0171 2532 RDPWD - ok
16:57:21.0203 2532 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:57:21.0218 2532 redbook - ok
16:57:21.0281 2532 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
16:57:21.0296 2532 RTL8023xp - ok
16:57:21.0343 2532 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
16:57:21.0343 2532 rtl8139 - ok
16:57:21.0437 2532 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:57:21.0437 2532 SASDIFSV - ok
16:57:21.0453 2532 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:57:21.0453 2532 SASKUTIL - ok
16:57:21.0515 2532 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:57:21.0515 2532 Secdrv - ok
16:57:21.0562 2532 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:57:21.0562 2532 serenum - ok
16:57:21.0593 2532 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:57:21.0593 2532 Serial - ok
16:57:21.0656 2532 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:57:21.0656 2532 Sfloppy - ok
16:57:21.0671 2532 Simbad - ok
16:57:21.0703 2532 Sparrow - ok
16:57:21.0718 2532 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:57:21.0734 2532 splitter - ok
16:57:21.0812 2532 sptd (1669769eb21ba54c217b2764a31b58d0) C:\WINDOWS\system32\Drivers\sptd.sys
16:57:21.0812 2532 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 1669769eb21ba54c217b2764a31b58d0
16:57:21.0812 2532 sptd ( LockedFile.Multi.Generic ) - warning
16:57:21.0812 2532 sptd - detected LockedFile.Multi.Generic (1)
16:57:21.0843 2532 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:57:21.0843 2532 sr - ok
16:57:21.0890 2532 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:57:21.0906 2532 Srv - ok
16:57:21.0953 2532 SSKBFD (8564bc9598be1705477b7fa61d657c2b) C:\WINDOWS\system32\Drivers\sskbfd.sys
16:57:21.0953 2532 SSKBFD - ok
16:57:22.0015 2532 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
16:57:22.0015 2532 StillCam - ok
16:57:22.0031 2532 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:57:22.0046 2532 swenum - ok
16:57:22.0062 2532 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:57:22.0078 2532 swmidi - ok
16:57:22.0093 2532 symc810 - ok
16:57:22.0125 2532 symc8xx - ok
16:57:22.0171 2532 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
16:57:22.0187 2532 SymEvent - ok
16:57:22.0203 2532 sym_hi - ok
16:57:22.0218 2532 sym_u3 - ok
16:57:22.0250 2532 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:57:22.0250 2532 sysaudio - ok
16:57:22.0328 2532 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:57:22.0328 2532 Tcpip - ok
16:57:22.0375 2532 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:57:22.0375 2532 TDPIPE - ok
16:57:22.0390 2532 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:57:22.0406 2532 TDTCP - ok
16:57:22.0437 2532 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:57:22.0437 2532 TermDD - ok
16:57:22.0468 2532 TosIde - ok
16:57:22.0515 2532 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:57:22.0515 2532 Udfs - ok
16:57:22.0562 2532 uliagpkx (67ab641cc203081780e8483faa959549) C:\WINDOWS\system32\DRIVERS\agpkx.sys
16:57:22.0562 2532 uliagpkx - ok
16:57:22.0593 2532 ultra - ok
16:57:22.0625 2532 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:57:22.0625 2532 Update - ok
16:57:22.0687 2532 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:57:22.0687 2532 usbehci - ok
16:57:22.0703 2532 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:57:22.0703 2532 usbhub - ok
16:57:22.0734 2532 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
16:57:22.0734 2532 usbohci - ok
16:57:22.0765 2532 vaxscsi (92cebc2bc7be2c8d49391b365569f306) C:\WINDOWS\System32\Drivers\vaxscsi.sys
16:57:22.0765 2532 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\vaxscsi.sys. md5: 92cebc2bc7be2c8d49391b365569f306
16:57:22.0765 2532 vaxscsi ( LockedFile.Multi.Generic ) - warning
16:57:22.0765 2532 vaxscsi - detected LockedFile.Multi.Generic (1)
16:57:22.0781 2532 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:57:22.0796 2532 VgaSave - ok
16:57:22.0812 2532 ViaIde - ok
16:57:22.0828 2532 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:57:22.0828 2532 VolSnap - ok
16:57:22.0875 2532 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:57:22.0875 2532 Wanarp - ok
16:57:22.0921 2532 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
16:57:22.0937 2532 wanatw - ok
16:57:22.0953 2532 WDICA - ok
16:57:22.0984 2532 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:57:22.0984 2532 wdmaud - ok
16:57:23.0093 2532 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:57:23.0093 2532 WS2IFSL - ok
16:57:23.0187 2532 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:57:23.0187 2532 WudfPf - ok
16:57:23.0203 2532 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:57:23.0203 2532 WudfRd - ok
16:57:23.0265 2532 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:57:23.0437 2532 \Device\Harddisk0\DR0 - ok
16:57:23.0453 2532 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
16:57:23.0609 2532 \Device\Harddisk1\DR1 - ok
16:57:23.0625 2532 Boot (0x1200) (2314995e85f23b8fd554933192813196) \Device\Harddisk0\DR0\Partition0
16:57:23.0625 2532 \Device\Harddisk0\DR0\Partition0 - ok
16:57:23.0656 2532 Boot (0x1200) (b0bace90a67378428fdc1cd3d096194e) \Device\Harddisk0\DR0\Partition1
16:57:23.0656 2532 \Device\Harddisk0\DR0\Partition1 - ok
16:57:23.0687 2532 Boot (0x1200) (b1e27aa018409de6bfd73f8afb883a65) \Device\Harddisk0\DR0\Partition2
16:57:23.0687 2532 \Device\Harddisk0\DR0\Partition2 - ok
16:57:23.0687 2532 Boot (0x1200) (4e418a58d367408e286c4310b75e2d34) \Device\Harddisk1\DR1\Partition0
16:57:23.0687 2532 \Device\Harddisk1\DR1\Partition0 - ok
16:57:23.0703 2532 ============================================================
16:57:23.0703 2532 Scan finished
16:57:23.0703 2532 ============================================================
16:57:23.0718 2552 Detected object count: 3
16:57:23.0718 2552 Actual detected object count: 3
16:57:35.0859 2552 dtscsi ( LockedFile.Multi.Generic ) - skipped by user
16:57:35.0859 2552 dtscsi ( LockedFile.Multi.Generic ) - User select action: Skip
16:57:35.0859 2552 sptd ( LockedFile.Multi.Generic ) - skipped by user
16:57:35.0859 2552 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
16:57:35.0859 2552 vaxscsi ( LockedFile.Multi.Generic ) - skipped by user
16:57:35.0859 2552 vaxscsi ( LockedFile.Multi.Generic ) - User select action: Skip
Post by: guestolo on January 15, 2012, 04:59:30 PM
Thanks for the info, we'll deal with that in a bit
Post by: guestolo on January 15, 2012, 05:23:51 PM
Properly uninstall ComboFix
Go to START>>RUN
Copy/paste the next command and then hit OK
ComboFix /uninstall
follow the prompts
If you didn't uninstall Eset online scanner
delete (esetsmartinstaller_enu.exe)
navigate to Eset folder C:\Program Files\EsetOnlineScanner
and run the uninstaller
Go ahead and manually delete TDSSKiller and it's associated files/folder
delete DDS and it's reports
Delete Junction.zip and the file junction.exe in the Windows directory (C:\Windows)
Delete AntiZeroAccess and it's log
run GrantPerms.exe
Copy and paste the following in the quote box, don't include the word 'quote':
Quote
c:\\Documents and Settings\Bruce\Desktop\OTL.exe
Click Unlock. When it is done click "OK".
Then go ahead and delete OTL.exe and GrantPerms.exe and logs
Let's uninstall old outdated Java products, they are insecure and open to infections
Close down all browser windows and access Add and Remove Programs and uninstall the following
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Javaâ„¢ 6 Update 13
Javaâ„¢ 6 Update 3
Javaâ„¢ 6 Update 7
Don't reboot if prompted, just carry on removing all versions/updates
Afterwards:Download and save to desktop JavaRA from the following link
http://sourceforge.net/projects/javara/files/javara/JavaRa/JavaRa.zip/download
Extract to it's own folder
Open the folder and double click on JavaRa.exe
Choose 'English' then click "Select"
Under "Additional tasks" select the top 3 selections and also the bottom 2 selections
Then click GO
OK all the prompts, close the box afterwards
Ensure all browser windows are closed and choose "Remove older versions"
A log will open, you can just close it and delete JavaRa
In addition, remove
Viewpoint Media Player
It may of been preinstalled, or unintentionally installed
Reboot the computer
Back in Windows
Install the latest version of Sun Java from the following location:
http://www.java.com/en/download/index.jsp
Download [color="#FF0000"]OTL.exe[/color] (http://"http://oldtimer.geekstogo.com/OTL.exe")[/url] by OldTimer to your Desktop.
- Close all windows and double click on OTL.exe to run it
- Under "Extra Registry" ensure that 'Use Safelist' is selected
- Click Run Scan and let the program run uninterrupted.
- It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
Post by: ba5852 on January 15, 2012, 07:15:49 PM
Here are the two logs you requested.
OTL logfile created on: 1/15/2012 7:03:28 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Bruce\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1023.48 Mb Total Physical Memory | 281.27 Mb Available Physical Memory | 27.48% Memory free
2.40 Gb Paging File | 1.77 Gb Available in Paging File | 73.73% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.24 Gb Total Space | 75.06 Gb Free Space | 50.63% Space Free | Partition Type: NTFS
Drive F: | 6.29 Gb Total Space | 4.32 Gb Free Space | 68.70% Space Free | Partition Type: FAT32
Drive G: | 3.91 Gb Total Space | 0.27 Gb Free Space | 6.93% Space Free | Partition Type: NTFS
Computer Name: AMD3300 | User Name: Bruce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/01/15 19:00:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.exe
PRC - [2011/12/17 12:15:17 | 000,063,048 | ---- | M] (White Sky, Inc.) -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
PRC - [2011/12/17 12:15:12 | 004,689,992 | ---- | M] (White Sky, Inc.) -- C:\Program Files\Constant Guard Protection Suite\IDVault.exe
PRC - [2011/07/05 10:24:06 | 000,395,528 | ---- | M] (StrikeForce Technologies Inc.) -- C:\Program Files\SFT\GuardedID\GIDD.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe
PRC - [2009/11/22 17:16:28 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/08/19 12:25:52 | 001,589,208 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
PRC - [2009/06/17 12:49:44 | 000,616,408 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
PRC - [2008/06/24 13:34:50 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\1228527480\ee\aolsoftware.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/01 13:46:22 | 000,161,120 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2008/04/01 13:46:08 | 001,647,960 | ---- | M] (Seagate) -- C:\Program Files\Maxtor\ManagerApp\msssort.exe
PRC - [2008/04/01 13:46:02 | 000,169,312 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
PRC - [2007/09/26 13:55:04 | 000,283,912 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
PRC - [2005/04/01 12:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PRC - [2005/03/10 01:56:32 | 000,405,504 | ---- | M] (ALi Corporation) -- C:\Program Files\ULI5289\ALi5289.exe
PRC - [2004/12/22 04:09:44 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/04/21 11:16:02 | 001,434,848 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe
PRC - [2003/01/10 16:13:04 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [2000/12/11 18:41:52 | 000,139,264 | ---- | M] (A4Tech Co.,Ltd.) -- C:\Program Files\A4Tech\Mouse\Amoumain.exe
PRC - [1999/09/30 21:31:38 | 000,869,376 | ---- | M] (Fred's Software) -- C:\Program Files\PrintKey2000\Printkey2000.exe
========== Modules (No Company Name) ==========
MOD - [2012/01/15 18:14:21 | 000,240,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a2c1bb3c5b1447b398e72c56091ca571\WindowsFormsIntegration.ni.dll
MOD - [2012/01/15 18:13:58 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c2ebcc8d60422f224b4088f3d7a2ac1f\PresentationFramework.Luna.ni.dll
MOD - [2012/01/15 18:13:52 | 000,141,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\29d7091f6eab0ec61c4eb625ed221b73\System.Configuration.Install.ni.dll
MOD - [2012/01/15 18:13:51 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2012/01/15 18:13:33 | 001,840,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f63ae1310e004777e880f28377bcddd2\System.Web.Services.ni.dll
MOD - [2012/01/15 18:13:29 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\62e34cfb5a8b233667c7c5a47a32ad93\System.Web.ni.dll
MOD - [2012/01/15 18:12:41 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll
MOD - [2012/01/15 18:12:34 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll
MOD - [2012/01/15 18:10:29 | 014,328,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\054488924fcc579cce9fa0209dafe28b\PresentationFramework.ni.dll
MOD - [2012/01/15 18:07:28 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2012/01/15 18:07:15 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2012/01/15 18:07:10 | 000,060,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll
MOD - [2012/01/15 18:07:00 | 012,215,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2f0318713eca304eaa9d86fc17edb96\PresentationCore.ni.dll
MOD - [2012/01/15 18:06:43 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e896a1402749ca495\WindowsBase.ni.dll
MOD - [2012/01/15 18:06:39 | 000,679,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\36c12de583ee81e9c99acb72b09d77ac\System.Security.ni.dll
MOD - [2012/01/15 18:06:35 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2012/01/15 18:06:31 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2012/01/15 18:06:28 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2012/01/15 18:06:10 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2012/01/15 18:05:34 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/01/15 18:05:31 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2012/01/15 18:05:29 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/01/15 17:44:17 | 005,967,872 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
MOD - [2012/01/15 17:44:17 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\SystemWebsite removed for spammingntime.Serialization\3.0.0.0__b77a5c561934e089\SystemWebsite removed for spammingntime.Serialization.dll
MOD - [2012/01/15 17:44:16 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
MOD - [2012/01/15 17:44:16 | 000,110,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMDiagnostics.dll
MOD - [2012/01/15 10:50:07 | 000,507,904 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
MOD - [2012/01/15 10:50:06 | 000,569,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
MOD - [2011/12/17 12:15:16 | 000,091,720 | ---- | M] () -- C:\Program Files\Constant Guard Protection Suite\IdVaultCore.XmlSerializers.dll
MOD - [2009/08/19 12:25:52 | 001,589,208 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
MOD - [2009/06/17 12:49:44 | 000,616,408 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
MOD - [2009/06/12 16:32:16 | 000,104,456 | ---- | M] () -- C:\WINDOWS\system32\EasyHook32.dll
MOD - [2006/08/06 12:52:25 | 000,110,592 | ---- | M] () -- C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll
MOD - [2006/04/18 17:15:22 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2002/07/30 10:33:00 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\NavLogon.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (WebrootSpySweeperService)
SRV - File not found [On_Demand | Stopped] -- -- (Norton AntiVirus Server)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (DefWatch)
SRV - [2011/12/17 12:15:17 | 000,063,048 | ---- | M] (White Sky, Inc.) [Auto | Running] -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe -- (IDVaultSvc)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2010/03/29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/06/17 12:49:44 | 000,616,408 | ---- | M] () [Auto | Running] -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
SRV - [2008/04/01 13:46:22 | 000,161,120 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Services)
SRV - [2007/09/26 13:55:04 | 000,283,912 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)
SRV - [2005/04/01 12:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService)
SRV - [2004/04/21 11:16:02 | 001,434,848 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS)
SRV - [2003/01/10 16:13:04 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)
========== Driver Services (SafeList) ==========
DRV - [2012/01/15 17:23:30 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/01/14 00:23:28 | 000,024,064 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2012/01/13 16:28:14 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120113.002\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/01/13 01:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120114.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/01/13 01:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120114.019\NAVENG.SYS -- (NAVENG)
DRV - [2011/12/23 22:17:32 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111223.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/07/05 10:24:24 | 000,025,232 | ---- | M] (StrikeForce Technologies, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\gidv2.sys -- (GIDv2)
DRV - [2011/03/30 22:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 22:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 19:39:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/14 21:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 01:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2010/11/15 20:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/03/25 06:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/01/04 19:34:36 | 000,023,920 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2007/05/21 21:24:52 | 000,040,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ET5Drv.sys -- (ET5Drv)
DRV - [2006/08/06 10:33:00 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\vaxscsi.sys -- (vaxscsi)
DRV - [2006/08/06 10:04:46 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2006/08/06 10:01:09 | 000,642,560 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006/07/03 12:19:55 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/07/03 10:10:01 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2005/05/03 04:31:56 | 000,045,056 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\agpkx.sys -- (uliagpkx)
DRV - [2005/03/09 14:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/12/22 04:07:12 | 002,304,320 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/11/30 21:49:18 | 000,051,840 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\m5289.sys -- (m5289)
DRV - [2004/08/03 21:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 08:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)
DRV - [2000/11/13 18:04:10 | 000,010,195 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Amps2prt.sys -- (Amps2prt)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/?cid=cgps01152012
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/01/15 17:31:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn\ [2012/01/15 17:22:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/02 15:22:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/15 18:55:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Browser 8.1.2.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Browser 8.1.2.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2012/01/15 10:39:13 | 000,000,000 | ---D | M]
[2009/12/11 16:44:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Extensions
[2011/04/25 21:21:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\9o218xc0.default\extensions
[2012/01/15 17:25:41 | 000,000,000 | ---D | M] (XFINITY Toolbar) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\9o218xc0.default\extensions\{4b9bcce8-a70b-402a-a7e1-db96831ee26f}
[2010/05/01 10:26:44 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\9o218xc0.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012/01/15 18:56:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/15 18:56:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2012/01/13 15:11:21 | 000,000,000 | ---D | M] (XFINITY Constant Guard Protection Suite) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WHITE SKY, INC\ID VAULT\XPCOM6
[2012/01/15 18:55:46 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/01/15 17:48:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/02 15:22:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/15 18:55:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/02 15:22:39 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
O1 HOSTS File: ([2012/01/14 23:38:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files\xfin_portal\comcastdx.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Constant Guard Protection Suite (COM)) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files\Constant Guard Protection Suite\NativeBHO.dll (WhiteSky)
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files\xfin_portal\auxi\comcastAu.dll (Visicom Media)
O3 - HKLM\..\Toolbar: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files\xfin_portal\comcastdx.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe (ALi Corporation)
O4 - HKLM..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe ()
O4 - HKLM..\Run: [GIDDesktop] C:\Program Files\SFT\GuardedID\gidd.exe (StrikeForce Technologies Inc.)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1228527480\ee\AOLSoftware.exe (AOL LLC)
O4 - HKLM..\Run: [mssSort] C:\Program Files\Maxtor\ManagerApp\msssort.exe (Seagate)
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [OCAudioIni] C:\Program Files\One-click Audio Converter\OCAudioIni.exe (Streamware Development)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WheelMouse] Amoumain.exe File not found
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [ComcastAntispyClient] C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Constant Guard.lnk = C:\Program Files\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe (Fred's Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: Email Removed ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: internet ([]about in Internet)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1151899614577 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C667E55-A13A-427B-9BB2-9028CB4ACB7E}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GIDLogonXP: DllName - (GIDLogonXP.dll) - C:\WINDOWS\System32\GIDLogonXP.dll (StrikeForce Technologies Inc)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/02 10:53:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/02/10 23:13:42 | 000,000,194 | -H-- | M] () - F:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2003/02/10 23:13:42 | 000,000,194 | ---- | M] () - F:\AUTOEXEC.BAK -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/01/15 19:00:06 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.exe
[2012/01/15 18:56:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/01/15 18:55:59 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/01/15 18:55:59 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/01/15 18:55:59 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/01/15 18:55:59 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/01/15 18:55:59 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/01/15 18:55:41 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/01/15 18:41:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Desktop\JavaRa
[2012/01/15 18:17:05 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/01/15 17:23:27 | 000,369,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symtdi.sys
[2012/01/15 17:23:27 | 000,331,384 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symtdiv.sys
[2012/01/15 17:23:26 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symefa.sys
[2012/01/15 17:23:26 | 000,340,088 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symds.sys
[2012/01/15 17:23:26 | 000,296,568 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnets.sys
[2012/01/15 17:23:26 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.sys
[2012/01/15 17:23:25 | 000,516,216 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.sys
[2012/01/15 17:23:25 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\ironx86.sys
[2012/01/15 17:22:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0501000.01D
[2012/01/15 17:19:48 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2012/01/15 17:19:48 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2012/01/15 17:19:48 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/01/15 17:19:39 | 000,106,928 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2012/01/15 17:19:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2012/01/15 17:19:30 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Suite
[2012/01/15 17:19:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Security Suite
[2012/01/15 17:19:19 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012/01/15 17:11:27 | 000,025,232 | ---- | C] (StrikeForce Technologies, Inc.) -- C:\WINDOWS\System32\drivers\gidv2.sys
[2012/01/15 17:11:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\GID
[2012/01/15 17:11:23 | 000,000,000 | ---D | C] -- C:\Program Files\SFT
[2012/01/15 17:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Application Data\CallingID
[2012/01/15 17:10:24 | 000,000,000 | ---D | C] -- C:\Program Files\comcasttb
[2012/01/15 17:10:15 | 000,000,000 | ---D | C] -- C:\Program Files\CA
[2012/01/15 17:09:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Application Data\xfin_portal
[2012/01/15 17:09:45 | 000,000,000 | ---D | C] -- C:\Program Files\xfin_portal
[2012/01/15 13:36:23 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Bruce\Desktop\aswMBR.exe
[2012/01/15 12:52:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Local Settings\Application Data\Temp
[2012/01/15 11:29:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Start Menu\Programs\A4Tech Hardware
[2012/01/15 11:02:58 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\TFC.exe
[2012/01/15 10:56:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/15 10:49:02 | 000,000,000 | ---D | C] -- C:\e59a1f2380de95b036bcbb9eef27
[2012/01/15 10:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012/01/14 23:25:46 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/14 23:22:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/14 12:59:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Bruce\Start Menu\Programs\Administrative Tools
[2012/01/14 12:58:09 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Bruce\Desktop\dds.scr
[2012/01/13 16:49:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Application Data\Tific
[2012/01/13 16:06:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2012/01/13 15:40:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2012/01/13 15:37:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2012/01/13 15:37:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\My Documents\Symantec
[2012/01/13 15:34:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2012/01/13 15:34:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2012/01/13 15:32:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\ID Vault
[2012/01/13 15:13:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2012/01/13 15:13:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Local Settings\Application Data\ID Vault
[2012/01/13 15:11:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Application Data\ID Vault
[2012/01/13 15:09:11 | 000,000,000 | ---D | C] -- C:\Program Files\Constant Guard Protection Suite
[2012/01/13 15:08:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2012/01/13 15:06:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2012/01/13 15:05:44 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2012/01/13 15:05:12 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2012/01/13 15:03:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2012/01/13 15:01:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\White Sky, Inc
========== Files - Modified Within 30 Days ==========
[2012/01/15 19:00:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.exe
[2012/01/15 18:55:46 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/01/15 18:55:46 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/01/15 18:55:46 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/01/15 18:55:46 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/01/15 18:55:46 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/01/15 18:51:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/15 18:51:31 | 000,029,204 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/01/15 18:50:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/15 18:40:28 | 000,160,350 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\JavaRa.zip
[2012/01/15 18:09:14 | 000,181,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/15 18:05:40 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/15 18:05:40 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/15 18:00:25 | 000,724,242 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\Cat.DB
[2012/01/15 18:00:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/15 17:30:40 | 000,002,021 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK
[2012/01/15 17:23:30 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2012/01/15 17:23:30 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2012/01/15 17:23:30 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2012/01/15 17:23:30 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2012/01/15 17:19:10 | 000,000,866 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Norton Installation Files.lnk
[2012/01/15 17:09:39 | 000,001,962 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Constant Guard.lnk
[2012/01/15 17:09:39 | 000,001,950 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Constant Guard.lnk
[2012/01/15 15:34:48 | 000,920,384 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Norton_Removal_Tool.exe
[2012/01/15 14:00:00 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/01/15 13:40:17 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\MBR.dat
[2012/01/15 13:36:40 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Bruce\Desktop\aswMBR.exe
[2012/01/15 12:56:25 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/01/15 11:02:56 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\TFC.exe
[2012/01/15 10:43:27 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Microsoft Word.lnk
[2012/01/15 10:10:00 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/01/14 23:58:00 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/01/14 23:38:08 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/14 23:25:49 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/14 20:40:00 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/01/14 12:58:04 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Bruce\Desktop\dds.scr
[2012/01/14 00:23:28 | 000,024,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/01/13 22:38:59 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
========== Files Created - No Company Name ==========
[2012/01/15 18:40:31 | 000,160,350 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\JavaRa.zip
[2012/01/15 18:07:43 | 000,115,664 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/01/15 17:29:32 | 000,724,242 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\Cat.DB
[2012/01/15 17:23:27 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnetv.inf
[2012/01/15 17:23:26 | 000,007,877 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnetv.cat
[2012/01/15 17:23:26 | 000,007,458 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnet.cat
[2012/01/15 17:23:26 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symefa.cat
[2012/01/15 17:23:26 | 000,007,454 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.cat
[2012/01/15 17:23:26 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symefa.inf
[2012/01/15 17:23:26 | 000,002,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symds.inf
[2012/01/15 17:23:26 | 000,001,446 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnet.inf
[2012/01/15 17:23:26 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.inf
[2012/01/15 17:23:25 | 000,007,528 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\iron.cat
[2012/01/15 17:23:25 | 000,007,450 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.cat
[2012/01/15 17:23:25 | 000,001,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.inf
[2012/01/15 17:23:25 | 000,000,742 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\iron.inf
[2012/01/15 17:22:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symds.cat
[2012/01/15 17:22:49 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\isolate.ini
[2012/01/15 17:19:48 | 000,007,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2012/01/15 17:19:48 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2012/01/15 17:19:45 | 000,002,021 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK
[2012/01/15 17:19:10 | 000,000,866 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\Norton Installation Files.lnk
[2012/01/15 17:09:39 | 000,001,962 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Constant Guard.lnk
[2012/01/15 17:09:39 | 000,001,956 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Constant Guard.lnk
[2012/01/15 17:09:39 | 000,001,950 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Constant Guard.lnk
[2012/01/15 15:34:50 | 000,920,384 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\Norton_Removal_Tool.exe
[2012/01/15 13:40:17 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\MBR.dat
[2012/01/15 10:39:13 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/01/14 23:25:49 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/01/14 23:25:46 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/13 23:42:26 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/01/13 22:38:59 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/04/27 21:48:39 | 000,030,424 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2011/04/26 08:19:15 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/26 08:19:15 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2009/06/12 16:32:16 | 000,104,456 | ---- | C] () -- C:\WINDOWS\System32\EasyHook32.dll
[2009/03/03 12:18:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/02/24 15:21:20 | 000,000,116 | ---- | C] () -- C:\WINDOWS\asym.ini
[2009/02/24 15:19:58 | 000,000,048 | ---- | C] () -- C:\WINDOWS\IVCI.INI
[2008/04/02 21:23:37 | 000,102,912 | ---- | C] () -- C:\WINDOWS\System32\islzma.dll
[2007/03/22 15:47:35 | 000,046,344 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/11/28 11:03:43 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/08/06 14:15:30 | 000,002,656 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP FLAC Codec.dat
[2006/08/06 13:02:56 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Ogg Vorbis Codec.dat
[2006/08/06 12:52:35 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2006/08/06 12:52:35 | 000,036,104 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
[2006/08/06 10:33:00 | 000,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\vaxscsi.sys
[2006/08/06 10:04:46 | 000,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2006/08/06 10:01:09 | 000,096,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd1725.sys
[2006/07/11 23:11:08 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Bruce\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/07/11 21:56:44 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2006/07/11 21:56:33 | 000,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2006/07/03 15:20:40 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/07/03 15:20:40 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/07/03 13:34:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/03 12:21:08 | 000,000,715 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2006/07/03 10:48:12 | 000,003,104 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/07/03 10:48:01 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/07/03 10:10:01 | 000,004,096 | ---- | C] () -- C:\WINDOWS\gdrv.sys
[2006/07/03 09:06:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/07/02 23:11:53 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/07/02 23:05:52 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2006/07/02 23:02:43 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2006/07/02 23:02:43 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2006/07/02 23:02:41 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/07/02 23:02:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\unM5289.exe
[2006/07/02 23:01:56 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\UnAGP.exe
[2006/07/02 10:55:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/07/02 10:51:32 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/07/02 06:43:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/07/02 06:42:45 | 000,181,040 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/07/20 20:07:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/02/03 22:59:48 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\metaflac.exe
[2005/02/03 22:59:44 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\flac.exe
[2004/08/02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002/07/30 10:33:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2001/08/23 17:09:38 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 17:09:38 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 17:09:38 | 000,432,686 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 17:09:38 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 17:09:38 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 17:09:38 | 000,067,516 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 17:09:38 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 17:09:38 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 17:09:38 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 17:09:38 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/23 17:09:38 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
< End of report >
OTL Extras logfile created on: 1/15/2012 7:03:28 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Bruce\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1023.48 Mb Total Physical Memory | 281.27 Mb Available Physical Memory | 27.48% Memory free
2.40 Gb Paging File | 1.77 Gb Available in Paging File | 73.73% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.24 Gb Total Space | 75.06 Gb Free Space | 50.63% Space Free | Partition Type: NTFS
Drive F: | 6.29 Gb Total Space | 4.32 Gb Free Space | 68.70% Space Free | Partition Type: FAT32
Drive G: | 3.91 Gb Total Space | 0.27 Gb Free Space | 6.93% Space Free | Partition Type: NTFS
Computer Name: AMD3300 | User Name: Bruce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\wEmail Removedexe" = C:\Program Files\America Online 9.0\wEmail Removedexe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Gigabyte\ET5\update.exe" = C:\Program Files\Gigabyte\ET5\update.exe:*:Enabled:ftptest -- ()
"C:\Program Files\America Online 9.0\wEmail Removedexe" = C:\Program Files\America Online 9.0\wEmail Removedexe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe" = C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe" = C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator -- (Hewlett-Packard Co.)
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Documents and Settings\Bruce\Local Settings\temp\7zS1.tmp\SymNRT.exe" = C:\Documents and Settings\Bruce\Local Settings\temp\7zS1.tmp&
Post by: guestolo on January 15, 2012, 07:26:13 PM
Does it seem to be functioning properly?
Are you having any problems?
Post by: ba5852 on January 15, 2012, 08:20:23 PM
I am having a problem trying to open Start/Settings/Control Panel/Add or Remove Programs. About an hour ago I timed it and it took 2 min 3 secs to populate the list of programs when I clicked on it. Now when I try, nothing happens at all.
I'm going to reboot and see if it continues.
Post by: guestolo on January 15, 2012, 08:39:47 PM
Quote
I'm going to reboot and see if it continues.
So what happened?
Post by: ba5852 on January 15, 2012, 08:52:50 PM
Maybe not a big deal, just seem longer than usual when you are sitting there waiting for 2 minutes.
I updated SuperAntiSpyware Free Edition but did not run a scan yet.
Still have a lot of files left over on desktop.
Attach
dds
Extras
JavaRa
MBR
OTL
TFC
Post by: guestolo on January 15, 2012, 08:56:50 PM
you can delete the rest
Why not run a scan with Superantispyware
Let me know how it comes back
Post by: ba5852 on January 15, 2012, 09:00:36 PM
Post by: ba5852 on January 15, 2012, 10:24:25 PM
Trojan.Agent/Gen-Autorun[Swisyn]
Trojan.Agent/Gen-Wapomi
Trojan.Dropper/UserInit-Fake
After reviewing the associated files I think these were false positives.
_____________________________________________________
Log from SuperAntiSpyware:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 05/07/2011 at 05:09 PM
Application Version : 4.52.1000
Core Rules Database Version : 7011
Trace Rules Database Version: 4823
Scan type : Complete Scan
Total Scan Time : 00:51:24
Memory items scanned : 487
Memory threats detected : 0
Registry items scanned : 5843
Registry threats detected : 0
File items scanned : 41045
File threats detected : 94
Adware.Tracking Cookie
.doubleclick.net [ F:\WINDOWS\Application Data\Mozilla\Profiles\default\hech2bwu.slt\cookies.txt ]
.fastclick.net [ F:\WINDOWS\Application Data\Mozilla\Profiles\default\hech2bwu.slt\cookies.txt ]
.fastclick.net [ F:\WINDOWS\Application Data\Mozilla\Profiles\default\hech2bwu.slt\cookies.txt ]
.fastclick.net [ F:\WINDOWS\Application Data\Mozilla\Profiles\default\hech2bwu.slt\cookies.txt ]
statse.webtrendslive.com [ F:\WINDOWS\Application Data\Mozilla\Profiles\default\hech2bwu.slt\cookies.txt ]
statse.webtrendslive.com [ F:\WINDOWS\Application Data\Mozilla\Profiles\default\hech2bwu.slt\cookies.txt ]
statse.webtrendslive.com [ F:\WINDOWS\Application Data\Mozilla\Profiles\default\hech2bwu.slt\cookies.txt ]
statse.webtrendslive.com [ F:\WINDOWS\Application Data\Mozilla\Profiles\default\hech2bwu.slt\cookies.txt ]
F:\WINDOWS\Cookies\administrator@atwola[1].txt
.atdmt.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.overture.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.overture.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.revsci.net [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.revsci.net [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.2o7.net [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.2o7.net [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.2o7.net [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.2o7.net [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.2o7.net [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.2o7.net [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.2o7.net [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.2o7.net [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.2o7.net [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.2o7.net [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.2o7.net [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.2o7.net [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.2o7.net [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.apmebf.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.apmebf.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.atwola.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.edgeWebsite removed for spamming4.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.goclick.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.insightexpressai.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.insightexpressai.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.insightexpressai.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.insightexpressai.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.insightexpressai.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.maxserving.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.nextag.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.nextag.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.pathfinder.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.perf.overture.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.qksrv.net [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.realmedia.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.serving-sys.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.serving-sys.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.serving-sys.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.serving-sys.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.statcounter.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.techtracker.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.tribalfusion.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.versiontracker.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.z1.adserver.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.z1.adserver.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.zedo.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
ads.specificpop.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
bs.serving-sys.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
citi.bridgetrack.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
citi.bridgetrack.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
rightmedia.net [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
rightmedia.net [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
rightmedia.net [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
server.iad.liveperson.net [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
server.iad.liveperson.net [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
www.addfreestats.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
www2.addfreestats.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
G:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
G:\Documents and Settings\Administrator\Cookies\administrator@superstats[1].txt
G:\Documents and Settings\Administrator\Cookies\administrator@insightfirst[1].txt
G:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
G:\Documents and Settings\Administrator\Cookies\administrator@myaccount[1].txt
.freefind.com [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]
hc2.humanclick.com [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]
.doubleclick.net [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]
.mediaplex.com [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]
.fastclick.net [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]
.advertising.com [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]
.mediaplex.com [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]
.atdmt.com [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]
.bluestreak.com [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]
.overture.com [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]
citi.bridgetrack.com [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]
.tribalfusion.com [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]
.stockbanners.com [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]
.bizrate.com [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]
.bizrate.com [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]
.hitbox.com [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]
statse.webtrendslive.com [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]
hc2.humanclick.com [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]
www.qksrv.net [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]
.valueclick.com [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]
.edgeWebsite removed for spamming4.com [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]
.edgeWebsite removed for spamming4.com [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]
statse.webtrendslive.com [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]
Post by: guestolo on January 15, 2012, 10:52:00 PM
Open the processes tab
Leave this window open
Open Add/Remove programs in control panel
What does the CPU % climb to, what is using the most Memory Useage?
Post by: ba5852 on January 15, 2012, 10:59:15 PM
rundll32.exe is using anywhere from 81% to 98% of the CPU
Post by: guestolo on January 15, 2012, 11:07:10 PM
Does it still take a couple minutes to open Add/Remove Programs?
Can you untick "Show Updates"
Close add/remove then reopen, how long does it take
What are the top 5 processes using the most memory useage?
Post by: ba5852 on January 15, 2012, 11:17:42 PM
Show Updates was not checked.
Watching Task Manager I did not see any process use more than 11% of CPU. Most of the time largest process were only using 2% to 5% of the CPU.
I did get a pop-up message from Norton stating that there was excessive CPU usage by rundll32.exe. That has popped up each time.
Post by: guestolo on January 15, 2012, 11:45:21 PM
Let's try a clean boot of the machine, see how you look
Perform a Clean boot of XP
Step 1: Start the System Configuration Utility
Click Start, click Run, type [color="#FF0000"]msconfig[/color], and then click OK.
The System Configuration Utility dialog box is displayed.
Step 2: Configure selective startup options
In the System Configuration Utility dialog box, click the General tab, and then click Selective Startup.
Click to clear the Process SYSTEM.INI File check box.
Click to clear the Process WIN.INI File check box.
Click to clear the Load Startup Items check box. Verify that Load System Services and Use Original BOOT.INI are checked.
Click the Services tab.
Click to select the Hide All Microsoft Services check box.
Click Disable All, and then click OK.
When you are prompted, click Restart to restart the computer.
When you logon back to Windows, you should get a System config prompt, you can simply click to select the Don't show this message box
How long does it take to open Add/Remove?
How do things run in General?
Post by: ba5852 on January 16, 2012, 12:07:17 AM
firefox.exe 73,356K
explorer.exe 31,396K
svchost.exe 25,360K
ccsvchst.exe 11,048K
ccsvchst.exe 10,244K
In step 2 of your list, when I went to click OK I got the following message:
An Access Denied was returned while attempting to change a service.
You may need to log on using an Administrator account to make the specified changes.
When I rebooted it wanted me to choose Normal Startup but I didn't and it gave me the same message again.
Post by: guestolo on January 16, 2012, 12:31:59 AM
Are most NON Microsoft Services and Startup items disabled?
If so, try running add/remove,etc... let me know how things are running
Post by: ba5852 on January 16, 2012, 12:38:47 AM
I ran several of the programs on the computer and they all seemed to run okay.
Browsers are loading fast.
Add Remove still takes 2 minutes to populate list.
It's 12:40 AM here. I'm going to call it a night.
Post by: guestolo on January 16, 2012, 12:46:54 AM
Go back to MSCONFIG
Don't worry about disabling any of the Services
But disable the startup entries
Ensure to OK it
Restart the computer then try add/remove
Post by: ba5852 on January 16, 2012, 11:12:59 AM
It opens and lets me appear to make changes like
disabling startup items (all the check marks disappear) but
when I click either Apply or OK I get an error message.
An Access Denied was returned while attempting to change a service.
You may need to log on using an Administrator account to make the specified changes.
Right now I set everything back to Normal Startup with all startup items enabled but it is not
booting correctly. I normally have about 6 or 7 icons appear on the task bar as booting progresses.
Right now I only have 3 icons.
Norton Security Suite
Sound Manager
Constant Guard
Post by: guestolo on January 16, 2012, 12:45:42 PM
Enable everything we disabled in msconfig except for Startup entries
Restart back to Normal Windows
How is add/remove?
Post by: ba5852 on January 16, 2012, 02:10:29 PM
I did what you asked. Add Remove took 1:56 to populate.
Post by: guestolo on January 16, 2012, 02:25:28 PM
I tried a trial version in a Virtual machine and received the same errors
Anyways, can you do the following for me please
Run a Scan and save logfile with Hijackthis and post it's log
If you don't have Hijackthis, here's a link to explain
http://www.thetechguide.com/forum/index.php?showtopic=22942
Post by: ba5852 on January 16, 2012, 02:31:12 PM
Scan saved at 2:31:56 PM, on 1/16/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Maxtor\ManagerApp\msssort.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1228527480\ee\AOLSoftware.exe
C:\Program Files\SFT\GuardedID\gidd.exe
C:\Program Files\ULI5289\ALi5289.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Constant Guard Protection Suite\IDVault.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Constant Guard Protection Suite (COM) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files\Constant Guard Protection Suite\NativeBHO.dll
O2 - BHO: Updater For XFIN_PORTAL - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files\xfin_portal\auxi\comcastAu.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] "SOUNDMAN.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OCAudioIni] "C:\Program Files\One-click Audio Converter\OCAudioIni.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] "C:\WINDOWS\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [mssSort] "C:\Program Files\Maxtor\ManagerApp\msssort.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1228527480\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [GIDDesktop] C:\Program Files\SFT\GuardedID\gidd.exe /s
O4 - HKLM\..\Run: [EasyTuneV] "C:\Program Files\Gigabyte\ET5\GUI.exe"
O4 - HKLM\..\Run: [ALi5289] "C:\Program Files\ULI5289\ALi5289.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ComcastAntispyClient] "C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Global Startup: Constant Guard.lnk = C:\Program Files\Constant Guard Protection Suite\IDVault.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1151899614577
O17 - HKLM\System\CS3\Services\Tcpip\..\{4C667E55-A13A-427B-9BB2-9028CB4ACB7E}: NameServer = 68.87.74.162,68.87.68.162
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: GIDLogonXP - GIDLogonXP.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Comcast AntiSpyware (AntiSpywareService) - Unknown owner - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: DefWatch - Unknown owner - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe (file missing)
O23 - Service: CGPS Service (IDVaultSvc) - White Sky, Inc. - C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Maxtor Service (Maxtor Sync Services) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Unknown owner - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe (file missing)
--
End of file - 9051 bytes
Post by: ba5852 on January 16, 2012, 02:32:30 PM
Post by: guestolo on January 16, 2012, 02:43:31 PM
Simply clicking OK to the error messages and continued the settings still stuck
I eventually was prompted to reboot
Anyways, I'm going to assume that with all your startup entries
And having NIS and Constant Guard going, your resources are being close to peaked
I was hoping to at least have you disable these items in msconfig
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
Reboot and try add/remove
Post by: ba5852 on January 16, 2012, 03:55:21 PM
Everything else seems to be working fine. I think I may be just expecting too
much out of this machine. It's only running a single core AMD Athlon 64 3300+ processor with 1GB of RAM.
I won't be here for about 5 hours, will finish up when I return.
Still have OTL and HiJackThis on desktop but didn't want to remove them until we were finished.
Post by: guestolo on January 16, 2012, 04:33:46 PM
We can leave it be, as you appear clean now, or try alternative software and see if we can get you running
a bit more efficient
I see the following from OTL
1023.48 Mb Total Physical Memory | 281.27 Mb Available Physical Memory | 27.48% Memory free
27.48% free memory, without doing much on your computer
It's up to you, let me know what you would like to try
I'm out of here for a few hours myself, I'll check back later
Post by: ba5852 on January 16, 2012, 11:08:14 PM
It's running XP, AMD Athalon 64 3200+ processor at 2.2GHz with 2 GB RAM
Using Norton Antivirus Corporate Edition 10
Zone Alarm ver 9
Task Manager show approximately 56% of RAM available
Add Remove took 7 seconds to populate list.
Everything else runs pretty fast. Add Remove is the only program
really dragging. Could a virus have affected run32dll.exe?
Post by: guestolo on January 16, 2012, 11:35:24 PM
After everything loads, try opening Add/Remove programs
How long does it take to populate?
I won't be on to much longer tonight, I'll check back tomorrow
Post by: ba5852 on January 17, 2012, 09:35:37 AM
Available memory about 80%
Memory used by run32dll.exe about 6 MB
CPU used by run32dll.exe up to 93%
Post by: guestolo on January 17, 2012, 12:25:43 PM
Your option to leave what you have installed or try alternatives
Anyways, you could still try the following
See if it makes any difference
Have your Windows XP CD ready, in case your asked for it
Go to START>>RUN>>Type in
sfc /scannow
Note the single space after sfc
Hit Enter, this will check your system for corrupt/missing files
When it's done reboot the computer
Back in Windows: download and save to desktop
Dial-A-Fix from the following location
[color="#0000FF"]Click HERE[/color] (http://"http://djlizard.net/software/Dial-a-fix-v0.60.0.24.zip")
After you have it saved to desktop, Extract the folder within to your desktop
Open the Dial-A-Fix folder and double click on DialaFix.exe icon
Don't worry if you get an "Unable to determine your version of IE....." message, and it goes on asking to email them, just ignore it
and click OK
Click on the TOOLS (the hammer icon) on the bottom, then highlight "Flush DNS"
Hit GO>>OK the prompt
Then select "Repair Permissions" and hit GO
Verify running secedit.exe>>you may be prompted twice
When done, click the CLOSE button once on bottom right
Select the [color="#00FF00"]GREEN[/color] check, this will select all options
Then hit the GO
Verify that your Date/time is correct, click OK to continue
You will eventually get to the point of it Registering >> Explorer/IE/OE/Shell/WMP
and more than likely get about 12 error messages as eg...
"Error 127, etc, etc,etc....."
Again, ignore those error messages by click OK
When Dial-A-Fix is complete, click EXIT
Open MyComputer and right click on your C: drive
Select Properties>>TOOLS>>"Check Now" under 'Error Checking'
Select both options then click START
You should be prompted to schedule to run on startup, OK this and reboot your computer
Error checking should start on startup, this can take awhile, let it finish
Back in Windows
You can run error checking on your other drives in MyComputer, you won't be prompted to run on startup
When done, run Disk Defragmenter tool on your drives
Located in START>>All Programs>>Accessories>>System tools>>Disk Defragmenter
When done, reboot one last time
See if that is any help
Post by: ba5852 on January 18, 2012, 12:35:25 AM
I'll try your suggestions Wednesday morning.
Post by: ba5852 on January 18, 2012, 12:52:12 PM
I did check Add Remove after each step on your list.
It was running at about 2 minutes each time until after I ran error checking on the C: drive.
No errors popped up while running error checking but it must have fixed some problem
that the drive was having.
Post by: guestolo on January 18, 2012, 02:00:59 PM
My linux box does it's own kind of check auto every 30 startups
If everything is running fine
Go ahead and delete dial-a-fix
Java installs a Quick Starter service after every update to run on startup, it really isn't necessary
You can disable it, your option
In Windows Control Panel, open the Java icon
Click on the ADVANCED tab>>Miscellaneous and uncheck Quick Starter
apply>Ok it
You should reboot to set it, but instead do the following
To properly remove OTL.exe, double click to run it and click the CLEANUP button
When it's done, it should prompt to reboot your computer
That should do it
Post by: ba5852 on January 19, 2012, 11:27:11 AM
Thanks you very much for all your help. That's two times now you have gotten me out of a jam.
I will be making a donation.
Thanks again.
Post by: guestolo on January 19, 2012, 03:52:08 PM
I think we have you all wrapped up here so I'll lock this topic
Take care
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />