Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan Gen 2 Detected by norton, manual removal needed

Started by dannyshipp , Jul 27 2011 12:00 PM

  • This topic is locked This topic is locked

#1
dannyshipp
Posted 27 July 2011 - 12:00 PM

dannyshipp

    New Member

  • Member
  • Pip
  • 8 posts
Hello my issue is relating to Trojan Gen 2 risk found during a Norton security scan.

My OS is Windows Vista
I have Norton's internet 360 installed
After the scan I recieved a prompt saying manual removal is needed
I have tried the Norton Power Eraser which didn't succeed

My desktop PC is running slowly with intermittent wifi connection issues (wifi may not soley be down to the trojan could be ISP)

You help / guidance would be most welcome

OTL logfile created on: 27/07/2011 19:07:01 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Shipp Family\Favorites\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.29 Gb Available Physical Memory | 14.54% Memory free
4.23 Gb Paging File | 2.11 Gb Available in Paging File | 49.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.05 Gb Total Space | 19.85 Gb Free Space | 13.78% Space Free | Partition Type: NTFS
Drive D: | 607.54 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SHIPPFAMILY-PC | User Name: Shipp Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/27 19:04:53 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Shipp Family\Favorites\Downloads\OTL.exe
PRC - [2011/07/02 10:47:58 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/04/08 06:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/04/07 22:43:04 | 000,841,832 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/04/07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/02/22 10:05:18 | 000,234,656 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10m_ActiveX.exe
PRC - [2010/02/02 10:13:54 | 000,144,656 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFUN.exe
PRC - [2010/02/02 10:13:54 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 07:27:20 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/02/21 23:02:53 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/07/16 17:54:10 | 000,025,264 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
PRC - [2007/07/16 17:54:07 | 000,434,864 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
PRC - [2007/06/11 15:14:52 | 000,517,040 | ---- | M] ( ) -- C:\Windows\System32\lxdicoms.exe
PRC - [2006/12/22 11:45:00 | 000,040,960 | ---- | M] (BIGDOG) -- C:\Windows\VM_STI.EXE
PRC - [2005/08/24 14:06:54 | 000,577,597 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
PRC - [2005/08/24 14:00:28 | 000,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe


========== Modules (SafeList) ==========

MOD - [2011/07/27 19:04:53 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Shipp Family\Favorites\Downloads\OTL.exe
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/02/02 10:13:54 | 000,451,856 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFWAH.dll
MOD - [2009/10/30 11:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2009/09/09 22:54:58 | 000,155,184 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/08 06:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/02/02 10:13:54 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2009/01/02 13:05:42 | 003,098,152 | ---- | M] (Kontiki Inc.) [Disabled | Stopped] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/09/28 16:03:22 | 001,245,064 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/09/05 11:52:32 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/02/21 23:02:53 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/22 09:21:30 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/06/11 15:14:52 | 000,517,040 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdicoms.exe -- (lxdi_device)
SRV - [2007/06/11 15:14:42 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe -- (lxdiCATSCustConnectService)
SRV - [2005/08/24 14:00:28 | 000,258,103 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe -- (btwdins)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Running] -- -- (TfSysMon)
DRV - File not found [Kernel | On_Demand | Running] -- -- (TfNetMon)
DRV - File not found [Kernel | Boot | Running] -- -- (TfFsMon)
DRV - File not found [Kernel | Disabled | Running] -- -- (pctgntdi)
DRV - File not found [Kernel | Disabled | Running] -- -- (PCTCore)
DRV - [2011/05/26 09:00:00 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110727.001\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/05/26 09:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110727.001\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/16 11:30:38 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/05/09 09:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/04/08 06:14:00 | 010,690,024 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/03/03 16:59:19 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010/09/15 19:11:07 | 000,287,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20110720.001\IDSvix86.sys -- (IDSvix86)
DRV - [2009/08/17 12:17:44 | 001,077,760 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/05/25 07:50:44 | 000,164,864 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/02/19 12:31:42 | 000,024,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/02/19 12:31:18 | 000,041,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/02/19 12:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/02/19 12:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/02/19 12:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/02/19 12:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2009/01/09 19:04:47 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/09/05 15:31:42 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/09/04 06:28:22 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/09/04 06:27:54 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/09/04 06:27:28 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/07/30 17:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/04/23 11:21:08 | 000,058,416 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sisagpx.sys -- (SISAGP)
DRV - [2008/02/01 02:51:16 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/02/01 02:51:16 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/02/01 02:51:16 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/01/21 03:23:26 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2008/01/18 09:44:12 | 000,036,480 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ioatdma.sys -- (ioatdma) Intel®
DRV - [2008/01/17 11:52:24 | 000,134,688 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/01/17 11:52:22 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/10/02 19:53:02 | 000,220,696 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ianvstor.sys -- (iaNvStor) Intel®
DRV - [2007/08/30 13:27:08 | 000,043,008 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007/08/30 13:27:08 | 000,006,912 | ---- | M] (JMicron ) [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\jgogo.sys -- (JGOGO)
DRV - [2007/08/09 01:39:56 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2007/07/09 10:40:20 | 000,044,416 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\heci.sys -- (HECI) Intel®
DRV - [2007/07/07 15:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/05/24 12:27:54 | 000,074,800 | ---- | M] (Silicon Image, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\si3132.sys -- (SI3132)
DRV - [2007/05/02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007/05/02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007/05/02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2007/03/20 15:59:00 | 000,049,664 | ---- | M] (Winbond Electronics Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\wbondir.sys -- (wbondir)
DRV - [2007/01/31 03:10:14 | 000,046,592 | ---- | M] (ENE Technology Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\esd7sk.sys -- (ESDCR)
DRV - [2007/01/31 03:10:10 | 000,061,952 | ---- | M] (ENE Technology Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\esm7sk.sys -- (ESMCR)
DRV - [2007/01/31 03:10:06 | 000,067,584 | ---- | M] (ENE Technology Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ems7sk.sys -- (EMSCR)
DRV - [2007/01/30 09:31:52 | 000,210,224 | ---- | M] (Silicon Image, Inc) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\si3531.sys -- (Si3531)
DRV - [2006/12/22 11:44:52 | 000,091,527 | ---- | M] (VM) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbVM31b.sys -- (ZSMC301b)
DRV - [2006/10/19 05:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2006/10/18 13:20:00 | 000,005,504 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\siremfil.sys -- (SiRemFil)
DRV - [2006/03/27 17:53:28 | 000,167,808 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg111v2.sys -- (RTLWUSB)
DRV - [2005/12/19 18:15:44 | 000,028,800 | ---- | M] (O2Micro ) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2005/11/14 14:28:00 | 000,034,176 | ---- | M] (O2Micro ) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2005/08/24 13:53:46 | 000,401,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btaudio.sys -- (btaudio)
DRV - [2005/08/24 13:51:10 | 001,341,466 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005/08/24 13:49:12 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btport.sys -- (BTDriver)
DRV - [2005/08/24 13:48:38 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/08/24 13:45:46 | 000,148,040 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2004/11/01 10:21:00 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\siwinacc.sys -- (SiFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)


[2009/07/17 13:18:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shipp Family\AppData\Roaming\Mozilla\Extensions
[2009/07/17 13:18:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shipp Family\AppData\Roaming\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [BigDogPath] File not found
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [lxdiamon] C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe ()
O4 - HKLM..\Run: [lxdimon.exe] C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe ()
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton 360\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
O4 - Startup: C:\Users\Shipp Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = File not found
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} http://downloads.vir...tainstaller.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (RtlGina2.dll) - C:\Windows\System32\RtlGina2.dll ()
O24 - Desktop WallPaper: C:\Users\Shipp Family\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Shipp Family\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/04/18 15:37:30 | 000,000,025 | RH-- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{c4cee438-4ecb-11df-b31e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c4cee438-4ecb-11df-b31e-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2007/07/16 17:53:59 | 000,303,792 | R--- | M] ( )
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/26 23:30:20 | 000,000,000 | ---D | C] -- C:\Users\Shipp Family\AppData\Local\NPE
[2011/07/26 23:02:30 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2011/07/26 23:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/07/26 23:02:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/07/26 23:00:27 | 000,000,000 | ---D | C] -- C:\Users\Shipp Family\Desktop\Downloads
[2011/07/26 23:00:19 | 000,000,000 | ---D | C] -- C:\Users\Shipp Family\AppData\Roaming\GetRightToGo
[2011/07/15 17:37:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 3500-4500 Series
[2011/07/15 17:37:07 | 000,311,296 | ---- | C] ( ) -- C:\Windows\System32\lxdihcp.dll
[2011/07/15 17:36:33 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark 3500-4500 Series
[2009/06/07 21:19:02 | 000,106,496 | ---- | C] ( ) -- C:\Windows\System32\VM_1.dll
[2007/06/11 16:14:54 | 000,320,432 | ---- | C] ( ) -- C:\Windows\System32\lxdiih.exe
[2007/06/11 16:14:52 | 000,517,040 | ---- | C] ( ) -- C:\Windows\System32\lxdicoms.exe
[2007/06/11 16:14:50 | 000,340,912 | ---- | C] ( ) -- C:\Windows\System32\lxdicfg.exe
[2007/05/17 17:06:54 | 000,614,400 | ---- | C] ( ) -- C:\Windows\System32\lxdipmui.dll
[2007/05/17 17:05:36 | 001,187,840 | ---- | C] ( ) -- C:\Windows\System32\lxdiserv.dll
[2007/05/17 17:00:54 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdicomm.dll
[2007/05/17 17:00:50 | 000,532,480 | ---- | C] ( ) -- C:\Windows\System32\lxdilmpm.dll
[2007/05/17 17:00:08 | 000,671,744 | ---- | C] ( ) -- C:\Windows\System32\lxdihbn3.dll
[2007/05/17 16:58:54 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdipplc.dll
[2007/05/17 16:58:38 | 000,942,080 | ---- | C] ( ) -- C:\Windows\System32\lxdiusb1.dll
[2007/05/17 16:58:12 | 000,765,952 | ---- | C] ( ) -- C:\Windows\System32\lxdicomc.dll
[2007/05/17 16:55:16 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdiiesc.dll
[2007/05/17 16:55:12 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdiinpa.dll
[2007/05/17 16:54:16 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdiprox.dll
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\Shipp Family\AppData\Local\*.tmp files -> C:\Users\Shipp Family\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/27 19:09:12 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/27 18:48:56 | 000,004,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/27 18:48:56 | 000,004,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/27 18:37:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/27 18:09:10 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/07/27 18:00:00 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Shipp Family.job
[2011/07/27 17:58:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/27 17:58:55 | 2146,512,896 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/26 23:59:34 | 000,000,724 | ---- | M] () -- C:\Users\Shipp Family\AppData\Roaming\SMRResults200.dat
[2011/07/26 23:50:30 | 000,138,240 | ---- | M] () -- C:\Users\Shipp Family\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/26 23:31:55 | 015,437,911 | ---- | M] () -- C:\Users\Shipp Family\AppData\Roaming\SMRBackup200.dat
[2011/07/22 20:51:51 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/22 20:51:51 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/16 11:48:11 | 000,008,279 | ---- | M] () -- C:\ProgramData\lxdi
[2011/07/15 17:40:52 | 000,098,137 | ---- | M] () -- C:\Windows\System32\LexFiles.ulf
[2011/07/15 17:38:50 | 000,000,903 | ---- | M] () -- C:\Users\Public\Desktop\Lexmark Imaging Studio - 3500-4500 Series.LNK
[2011/07/14 08:05:53 | 000,372,560 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/04 10:46:58 | 000,000,104 | ---- | M] () -- C:\Users\Shipp Family\Desktop\Recycle Bin.lnk
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\Shipp Family\AppData\Local\*.tmp files -> C:\Users\Shipp Family\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/26 23:59:20 | 000,000,724 | ---- | C] () -- C:\Users\Shipp Family\AppData\Roaming\SMRResults200.dat
[2011/07/26 23:31:04 | 015,437,911 | ---- | C] () -- C:\Users\Shipp Family\AppData\Roaming\SMRBackup200.dat
[2011/07/15 17:38:50 | 000,000,903 | ---- | C] () -- C:\Users\Public\Desktop\Lexmark Imaging Studio - 3500-4500 Series.LNK
[2011/07/15 17:37:11 | 000,000,060 | -H-- | C] () -- C:\Windows\System32\lxdirwrd.ini
[2011/07/15 17:37:07 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxdiinst.dll
[2011/07/04 10:46:58 | 000,000,104 | ---- | C] () -- C:\Users\Shipp Family\Desktop\Recycle Bin.lnk
[2011/06/05 10:22:16 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/06/05 10:22:16 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/05/26 12:13:08 | 000,000,000 | ---- | C] () -- C:\Users\Shipp Family\AppData\Local\{9989FCCA-6195-47D4-8B0D-0E153E77D5CF}
[2010/10/30 13:20:27 | 000,013,931 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2010/04/23 13:21:26 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/04/23 13:12:24 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/04/23 13:08:40 | 000,982,212 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/04/23 13:08:40 | 000,439,280 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/04/23 13:08:40 | 000,092,168 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/04/23 13:08:39 | 000,134,544 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2010/04/23 13:02:32 | 000,025,581 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/04/23 13:02:02 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/04/23 13:01:55 | 000,018,897 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/11/22 15:41:09 | 000,145,214 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/11/22 15:41:07 | 000,145,214 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/09/24 08:03:16 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/24 08:03:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/17 19:43:59 | 000,000,001 | ---- | C] () -- C:\Windows\ectbbyn.dat
[2009/08/17 19:43:59 | 000,000,000 | ---- | C] () -- C:\Windows\ex1234.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/14 15:45:14 | 000,085,733 | ---- | C] () -- C:\Windows\System32\c4a4bb67-2761-6d57-983c-46a232d6c136.exe
[2009/04/02 13:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2009/02/22 20:46:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/01/23 20:16:56 | 000,233,472 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009/01/23 20:16:56 | 000,172,032 | ---- | C] () -- C:\Windows\System32\MP2enc.dll
[2009/01/23 20:16:32 | 000,076,800 | ---- | C] () -- C:\Windows\System32\Faac.exe
[2009/01/13 09:52:04 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2008/11/09 12:23:31 | 000,000,800 | ---- | C] () -- C:\Windows\disney.ini
[2008/10/01 15:53:22 | 000,000,053 | ---- | C] () -- C:\Windows\WININIT.INI
[2008/09/29 17:33:52 | 000,008,279 | ---- | C] () -- C:\ProgramData\lxdi
[2008/09/28 15:28:06 | 000,002,985 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008/09/14 08:52:24 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2008/08/28 07:51:54 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/06 19:07:37 | 000,001,356 | ---- | C] () -- C:\Users\Shipp Family\AppData\Local\d3d9caps.dat
[2008/07/13 10:43:15 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2008/07/12 19:32:39 | 000,138,240 | ---- | C] () -- C:\Users\Shipp Family\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/12 12:49:23 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/07/12 12:36:24 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXF3PMON.DLL
[2008/07/12 12:36:24 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXF3FXPU.DLL
[2008/07/12 12:36:04 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxf3oem.dll
[2008/07/12 12:36:04 | 000,012,288 | ---- | C] () -- C:\Windows\System32\LXF3PMRC.DLL
[2008/06/10 15:30:05 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2008/06/10 15:29:56 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2008/03/04 19:52:34 | 000,286,720 | ---- | C] () -- C:\Windows\System32\libcurl.dll
[2007/10/31 10:39:54 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2007/05/22 09:04:16 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdigrd.dll
[2007/05/17 14:58:10 | 000,143,360 | ---- | C] () -- C:\Windows\System32\libexpatw.dll
[2007/03/30 16:13:24 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxdicoin.dll
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,372,560 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,608,760 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,108,268 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/08/01 07:53:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdivs.dll
[2006/05/03 17:44:32 | 000,036,864 | ---- | C] () -- C:\Windows\System32\RtlGina2.dll
[2005/10/14 10:56:50 | 000,921,600 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll
[2005/10/14 10:56:50 | 000,344,064 | ---- | C] () -- C:\Windows\System32\xvid.dll
[2005/10/14 10:56:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2005/10/14 10:56:50 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2005/10/14 10:56:50 | 000,155,136 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2005/10/14 10:56:50 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2005/08/24 13:56:04 | 000,090,112 | ---- | C] () -- C:\Windows\System32\btprn2k.dll
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1999/01/22 19:46:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2011/07/24 22:04:10 | 000,000,000 | ---D | M] -- C:\Users\Shipp Family\AppData\Roaming\Azureus
[2010/01/06 19:54:24 | 000,000,000 | ---D | M] -- C:\Users\Shipp Family\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2011/07/26 23:02:21 | 000,000,000 | ---D | M] -- C:\Users\Shipp Family\AppData\Roaming\GetRightToGo
[2010/07/23 12:54:45 | 000,000,000 | ---D | M] -- C:\Users\Shipp Family\AppData\Roaming\Lexmark Productivity Studio
[2009/08/22 14:36:42 | 000,000,000 | ---D | M] -- C:\Users\Shipp Family\AppData\Roaming\LG Electronics
[2010/10/01 18:03:38 | 000,000,000 | ---D | M] -- C:\Users\Shipp Family\AppData\Roaming\Oberon Media
[2008/09/29 17:08:07 | 000,000,000 | ---D | M] -- C:\Users\Shipp Family\AppData\Roaming\uTorrent
[2010/11/17 18:03:45 | 000,000,000 | ---D | M] -- C:\Users\Shipp Family\AppData\Roaming\Windows Live Writer
[2011/07/26 23:58:10 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:322EAACD
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >

Edited by dannyshipp, 27 July 2011 - 12:23 PM.

  • 0

Advertisements

#2
BlackOxide
Posted 28 July 2011 - 02:35 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hi, dannyshipp! Welcome to GeeksToGo! My name is BlackOxide and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :unsure:

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just incase you are unable to access this site.

Please note the following:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply, unless I specifically need you to attach them.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for me to analyse and fix your PC in the long run.
  • I will always try and respond to replies as soon as possible, but please be patient as some logs require more time than others to fully analyse.
  • If you are not sure of anything along the way, just ask.

OK, lets start :)



I can see a few files that could do with being removed, in the OTL log. If you could run through the two steps below for me please, then get back to me with the logs :yes:

Could you let me know the location of the file that Norton is not removing please.



1)
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
[2009/08/17 19:43:59 | 000,000,001 | ---- | C] () -- C:\Windows\ectbbyn.dat
[2009/08/17 19:43:59 | 000,000,000 | ---- | C] () -- C:\Windows\ex1234.dat
[2009/06/14 15:45:14 | 000,085,733 | ---- | C] () -- C:\Windows\System32\c4a4bb67-2761-6d57-983c-46a232d6c136.exe

:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.




2)
Download aswMBR.exe (1.8mb) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.

Posted Image


On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image




In your next reply
Please post the contents of...
OTL log
aswMBR log
Location of file Norton is detecting
  • 0

#3
dannyshipp
Posted 29 July 2011 - 12:00 PM

dannyshipp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hope this is the info your after:

Your help is massivly appreciated BlackOxide

Please let me know if I have to re-do any scans

Kind regards
Dan

Norton File Location:
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDMRCGJ3\upgrade[1].cab
OTL Log:
OTL logfile created on: 29/07/2011 18:38:55 - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Shipp Family\Favorites\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 45.41% Memory free
4.23 Gb Paging File | 3.24 Gb Available in Paging File | 76.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.05 Gb Total Space | 18.47 Gb Free Space | 12.82% Space Free | Partition Type: NTFS
Drive D: | 607.54 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SHIPPFAMILY-PC | User Name: Shipp Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/27 19:04:53 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Shipp Family\Favorites\Downloads\OTL.exe
PRC - [2011/04/08 06:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/04/07 22:43:20 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/04/07 22:43:04 | 000,841,832 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/04/07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 07:27:20 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/02/21 23:02:53 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/07/16 17:54:10 | 000,025,264 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
PRC - [2007/07/16 17:54:07 | 000,434,864 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
PRC - [2007/06/11 15:14:52 | 000,517,040 | ---- | M] ( ) -- C:\Windows\System32\lxdicoms.exe
PRC - [2006/12/22 11:45:00 | 000,040,960 | ---- | M] (BIGDOG) -- C:\Windows\VM_STI.EXE
PRC - [2005/08/24 14:06:54 | 000,577,597 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
PRC - [2005/08/24 14:00:28 | 000,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe


========== Modules (SafeList) ==========

MOD - [2011/07/27 19:04:53 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Shipp Family\Favorites\Downloads\OTL.exe
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (ThreatFire)
SRV - [2011/04/08 06:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/01/02 13:05:42 | 003,098,152 | ---- | M] (Kontiki Inc.) [Disabled | Stopped] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/09/28 16:03:22 | 001,245,064 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/09/05 11:52:32 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/02/21 23:02:53 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/22 09:21:30 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/06/11 15:14:52 | 000,517,040 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdicoms.exe -- (lxdi_device)
SRV - [2007/06/11 15:14:42 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe -- (lxdiCATSCustConnectService)
SRV - [2005/08/24 14:00:28 | 000,258,103 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe -- (btwdins)


========== Driver Services (SafeList) ==========

DRV - [2011/07/27 09:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/27 09:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/05/26 09:00:00 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110728.051\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/05/26 09:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110728.051\NAVENG.SYS -- (NAVENG)
DRV - [2011/04/08 06:14:00 | 010,690,024 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/03/03 16:59:19 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010/09/15 19:11:07 | 000,287,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20110726.002\IDSvix86.sys -- (IDSvix86)
DRV - [2009/08/17 12:17:44 | 001,077,760 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/05/25 07:50:44 | 000,164,864 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/02/19 12:31:42 | 000,024,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/02/19 12:31:18 | 000,041,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/02/19 12:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/02/19 12:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/02/19 12:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/02/19 12:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2009/01/09 19:04:47 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/09/05 15:31:42 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/09/04 06:28:22 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/09/04 06:27:54 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/09/04 06:27:28 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/07/30 17:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/04/23 11:21:08 | 000,058,416 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sisagpx.sys -- (SISAGP)
DRV - [2008/02/01 02:51:16 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/02/01 02:51:16 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/02/01 02:51:16 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/01/21 03:23:26 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2008/01/18 09:44:12 | 000,036,480 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ioatdma.sys -- (ioatdma) Intel®
DRV - [2008/01/17 11:52:24 | 000,134,688 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/01/17 11:52:22 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/10/02 19:53:02 | 000,220,696 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ianvstor.sys -- (iaNvStor) Intel®
DRV - [2007/08/30 13:27:08 | 000,043,008 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007/08/30 13:27:08 | 000,006,912 | ---- | M] (JMicron ) [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\jgogo.sys -- (JGOGO)
DRV - [2007/08/09 01:39:56 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2007/07/09 10:40:20 | 000,044,416 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\heci.sys -- (HECI) Intel®
DRV - [2007/07/07 15:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/05/24 12:27:54 | 000,074,800 | ---- | M] (Silicon Image, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\si3132.sys -- (SI3132)
DRV - [2007/05/02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007/05/02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007/05/02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2007/03/20 15:59:00 | 000,049,664 | ---- | M] (Winbond Electronics Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\wbondir.sys -- (wbondir)
DRV - [2007/01/31 03:10:14 | 000,046,592 | ---- | M] (ENE Technology Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\esd7sk.sys -- (ESDCR)
DRV - [2007/01/31 03:10:10 | 000,061,952 | ---- | M] (ENE Technology Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\esm7sk.sys -- (ESMCR)
DRV - [2007/01/31 03:10:06 | 000,067,584 | ---- | M] (ENE Technology Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ems7sk.sys -- (EMSCR)
DRV - [2007/01/30 09:31:52 | 000,210,224 | ---- | M] (Silicon Image, Inc) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\si3531.sys -- (Si3531)
DRV - [2006/12/22 11:44:52 | 000,091,527 | ---- | M] (VM) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbVM31b.sys -- (ZSMC301b)
DRV - [2006/10/19 05:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2006/10/18 13:20:00 | 000,005,504 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\siremfil.sys -- (SiRemFil)
DRV - [2006/03/27 17:53:28 | 000,167,808 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg111v2.sys -- (RTLWUSB)
DRV - [2005/12/19 18:15:44 | 000,028,800 | ---- | M] (O2Micro ) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2005/11/14 14:28:00 | 000,034,176 | ---- | M] (O2Micro ) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2005/08/24 13:53:46 | 000,401,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btaudio.sys -- (btaudio)
DRV - [2005/08/24 13:51:10 | 001,341,466 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005/08/24 13:49:12 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btport.sys -- (BTDriver)
DRV - [2005/08/24 13:48:38 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/08/24 13:45:46 | 000,148,040 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2004/11/01 10:21:00 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\siwinacc.sys -- (SiFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)


[2009/07/17 13:18:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shipp Family\AppData\Roaming\Mozilla\Extensions
[2009/07/17 13:18:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shipp Family\AppData\Roaming\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [BigDogPath] File not found
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [lxdiamon] C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe ()
O4 - HKLM..\Run: [lxdimon.exe] C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe ()
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton 360\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
O4 - Startup: C:\Users\Shipp Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = File not found
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll (Google Inc.)
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} http://downloads.vir...tainstaller.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (RtlGina2.dll) - C:\Windows\System32\RtlGina2.dll ()
O24 - Desktop WallPaper: C:\Users\Shipp Family\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Shipp Family\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/04/18 15:37:30 | 000,000,025 | RH-- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{c4cee438-4ecb-11df-b31e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c4cee438-4ecb-11df-b31e-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2007/07/16 17:53:59 | 000,303,792 | R--- | M] ( )
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/29 18:25:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/26 23:30:20 | 000,000,000 | ---D | C] -- C:\Users\Shipp Family\AppData\Local\NPE
[2011/07/26 23:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/07/26 23:00:27 | 000,000,000 | ---D | C] -- C:\Users\Shipp Family\Desktop\Downloads
[2011/07/26 23:00:19 | 000,000,000 | ---D | C] -- C:\Users\Shipp Family\AppData\Roaming\GetRightToGo
[2011/07/15 17:37:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 3500-4500 Series
[2011/07/15 17:37:07 | 000,311,296 | ---- | C] ( ) -- C:\Windows\System32\lxdihcp.dll
[2011/07/15 17:36:33 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark 3500-4500 Series
[2009/06/07 21:19:02 | 000,106,496 | ---- | C] ( ) -- C:\Windows\System32\VM_1.dll
[2007/06/11 16:14:54 | 000,320,432 | ---- | C] ( ) -- C:\Windows\System32\lxdiih.exe
[2007/06/11 16:14:52 | 000,517,040 | ---- | C] ( ) -- C:\Windows\System32\lxdicoms.exe
[2007/06/11 16:14:50 | 000,340,912 | ---- | C] ( ) -- C:\Windows\System32\lxdicfg.exe
[2007/05/17 17:06:54 | 000,614,400 | ---- | C] ( ) -- C:\Windows\System32\lxdipmui.dll
[2007/05/17 17:05:36 | 001,187,840 | ---- | C] ( ) -- C:\Windows\System32\lxdiserv.dll
[2007/05/17 17:00:54 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdicomm.dll
[2007/05/17 17:00:50 | 000,532,480 | ---- | C] ( ) -- C:\Windows\System32\lxdilmpm.dll
[2007/05/17 17:00:08 | 000,671,744 | ---- | C] ( ) -- C:\Windows\System32\lxdihbn3.dll
[2007/05/17 16:58:54 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdipplc.dll
[2007/05/17 16:58:38 | 000,942,080 | ---- | C] ( ) -- C:\Windows\System32\lxdiusb1.dll
[2007/05/17 16:58:12 | 000,765,952 | ---- | C] ( ) -- C:\Windows\System32\lxdicomc.dll
[2007/05/17 16:55:16 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdiiesc.dll
[2007/05/17 16:55:12 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdiinpa.dll
[2007/05/17 16:54:16 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdiprox.dll
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\Shipp Family\AppData\Local\*.tmp files -> C:\Users\Shipp Family\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/29 18:37:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/29 18:36:17 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/29 18:30:26 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/07/29 18:28:15 | 000,004,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/29 18:28:13 | 000,004,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/29 18:28:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/29 18:28:00 | 2146,508,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/29 18:00:00 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Shipp Family.job
[2011/07/26 23:59:34 | 000,000,724 | ---- | M] () -- C:\Users\Shipp Family\AppData\Roaming\SMRResults200.dat
[2011/07/26 23:50:30 | 000,138,240 | ---- | M] () -- C:\Users\Shipp Family\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/26 23:31:55 | 015,437,911 | ---- | M] () -- C:\Users\Shipp Family\AppData\Roaming\SMRBackup200.dat
[2011/07/22 20:51:51 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/22 20:51:51 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/16 11:48:11 | 000,008,279 | ---- | M] () -- C:\ProgramData\lxdi
[2011/07/15 17:40:52 | 000,098,137 | ---- | M] () -- C:\Windows\System32\LexFiles.ulf
[2011/07/15 17:38:50 | 000,000,903 | ---- | M] () -- C:\Users\Public\Desktop\Lexmark Imaging Studio - 3500-4500 Series.LNK
[2011/07/14 08:05:53 | 000,372,560 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/04 10:46:58 | 000,000,104 | ---- | M] () -- C:\Users\Shipp Family\Desktop\Recycle Bin.lnk
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\Shipp Family\AppData\Local\*.tmp files -> C:\Users\Shipp Family\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/26 23:59:20 | 000,000,724 | ---- | C] () -- C:\Users\Shipp Family\AppData\Roaming\SMRResults200.dat
[2011/07/26 23:31:04 | 015,437,911 | ---- | C] () -- C:\Users\Shipp Family\AppData\Roaming\SMRBackup200.dat
[2011/07/15 17:38:50 | 000,000,903 | ---- | C] () -- C:\Users\Public\Desktop\Lexmark Imaging Studio - 3500-4500 Series.LNK
[2011/07/15 17:37:11 | 000,000,060 | -H-- | C] () -- C:\Windows\System32\lxdirwrd.ini
[2011/07/15 17:37:07 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxdiinst.dll
[2011/07/04 10:46:58 | 000,000,104 | ---- | C] () -- C:\Users\Shipp Family\Desktop\Recycle Bin.lnk
[2011/06/05 10:22:16 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/06/05 10:22:16 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/05/26 12:13:08 | 000,000,000 | ---- | C] () -- C:\Users\Shipp Family\AppData\Local\{9989FCCA-6195-47D4-8B0D-0E153E77D5CF}
[2010/10/30 13:20:27 | 000,013,931 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2010/04/23 13:21:26 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/04/23 13:12:24 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/04/23 13:08:40 | 000,982,212 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/04/23 13:08:40 | 000,439,280 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/04/23 13:08:40 | 000,092,168 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/04/23 13:08:39 | 000,134,544 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2010/04/23 13:02:32 | 000,025,581 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/04/23 13:02:02 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/04/23 13:01:55 | 000,018,897 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/11/22 15:41:09 | 000,145,214 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/11/22 15:41:07 | 000,145,214 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/09/24 08:03:16 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/24 08:03:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/17 19:43:59 | 000,000,001 | ---- | C] () -- C:\Windows\ectbbyn.dat
[2009/08/17 19:43:59 | 000,000,000 | ---- | C] () -- C:\Windows\ex1234.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/14 15:45:14 | 000,085,733 | ---- | C] () -- C:\Windows\System32\c4a4bb67-2761-6d57-983c-46a232d6c136.exe
[2009/04/02 13:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2009/02/22 20:46:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/01/23 20:16:56 | 000,233,472 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009/01/23 20:16:56 | 000,172,032 | ---- | C] () -- C:\Windows\System32\MP2enc.dll
[2009/01/23 20:16:32 | 000,076,800 | ---- | C] () -- C:\Windows\System32\Faac.exe
[2009/01/13 09:52:04 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2008/11/09 12:23:31 | 000,000,800 | ---- | C] () -- C:\Windows\disney.ini
[2008/10/01 15:53:22 | 000,000,053 | ---- | C] () -- C:\Windows\WININIT.INI
[2008/09/29 17:33:52 | 000,008,279 | ---- | C] () -- C:\ProgramData\lxdi
[2008/09/28 15:28:06 | 000,002,985 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008/09/14 08:52:24 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2008/08/28 07:51:54 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/06 19:07:37 | 000,001,356 | ---- | C] () -- C:\Users\Shipp Family\AppData\Local\d3d9caps.dat
[2008/07/13 10:43:15 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2008/07/12 19:32:39 | 000,138,240 | ---- | C] () -- C:\Users\Shipp Family\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/12 12:49:23 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/07/12 12:36:24 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXF3PMON.DLL
[2008/07/12 12:36:24 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXF3FXPU.DLL
[2008/07/12 12:36:04 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxf3oem.dll
[2008/07/12 12:36:04 | 000,012,288 | ---- | C] () -- C:\Windows\System32\LXF3PMRC.DLL
[2008/06/10 15:30:05 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2008/06/10 15:29:56 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2008/03/04 19:52:34 | 000,286,720 | ---- | C] () -- C:\Windows\System32\libcurl.dll
[2007/10/31 10:39:54 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2007/05/22 09:04:16 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdigrd.dll
[2007/05/17 14:58:10 | 000,143,360 | ---- | C] () -- C:\Windows\System32\libexpatw.dll
[2007/03/30 16:13:24 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxdicoin.dll
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,372,560 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,608,760 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,108,268 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/08/01 07:53:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdivs.dll
[2006/05/03 17:44:32 | 000,036,864 | ---- | C] () -- C:\Windows\System32\RtlGina2.dll
[2005/10/14 10:56:50 | 000,921,600 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll
[2005/10/14 10:56:50 | 000,344,064 | ---- | C] () -- C:\Windows\System32\xvid.dll
[2005/10/14 10:56:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2005/10/14 10:56:50 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2005/10/14 10:56:50 | 000,155,136 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2005/10/14 10:56:50 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2005/08/24 13:56:04 | 000,090,112 | ---- | C] () -- C:\Windows\System32\btprn2k.dll
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1999/01/22 19:46:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2011/07/24 22:04:10 | 000,000,000 | ---D | M] -- C:\Users\Shipp Family\AppData\Roaming\Azureus
[2010/01/06 19:54:24 | 000,000,000 | ---D | M] -- C:\Users\Shipp Family\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2011/07/26 23:02:21 | 000,000,000 | ---D | M] -- C:\Users\Shipp Family\AppData\Roaming\GetRightToGo
[2010/07/23 12:54:45 | 000,000,000 | ---D | M] -- C:\Users\Shipp Family\AppData\Roaming\Lexmark Productivity Studio
[2009/08/22 14:36:42 | 000,000,000 | ---D | M] -- C:\Users\Shipp Family\AppData\Roaming\LG Electronics
[2010/10/01 18:03:38 | 000,000,000 | ---D | M] -- C:\Users\Shipp Family\AppData\Roaming\Oberon Media
[2008/09/29 17:08:07 | 000,000,000 | ---D | M] -- C:\Users\Shipp Family\AppData\Roaming\uTorrent
[2010/11/17 18:03:45 | 000,000,000 | ---D | M] -- C:\Users\Shipp Family\AppData\Roaming\Windows Live Writer
[2011/07/29 18:26:23 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:322EAACD
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >

aswMBR log:

aswMBR version 0.9.8.977 Copyright© 2011 AVAST Software
Run date: 2011-07-29 18:48:26
-----------------------------
18:48:26.048 OS Version: Windows 6.0.6002 Service Pack 2
18:48:26.048 Number of processors: 2 586 0xF0D
18:48:26.049 ComputerName: SHIPPFAMILY-PC UserName: Shipp Family
18:49:34.097 Initialize success
18:50:32.262 AVAST engine defs: 11072900
18:50:46.561 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
18:50:46.564 Disk 0 Vendor: MAXTOR_STM3160215AS 4.AAB Size: 152627MB BusType: 3
18:50:46.590 Disk 0 MBR read successfully
18:50:46.594 Disk 0 MBR scan
18:50:46.606 Disk 0 Windows VISTA default MBR code
18:50:46.631 Disk 0 scanning sectors +312578048
18:50:46.715 Disk 0 scanning C:\Windows\system32\drivers
18:51:09.505 Service scanning
18:51:11.081 Modules scanning
18:51:29.953 Disk 0 trace - called modules:
18:51:29.985 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
18:51:29.988 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8648cac8]
18:51:29.991 3 CLASSPNP.SYS[807cd8b3] -> nt!IofCallDriver -> [0x85e7dc10]
18:51:30.011 5 acpi.sys[8069d6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x85e675e0]
18:51:30.702 AVAST engine scan C:\Windows
18:51:34.651 AVAST engine scan C:\Windows\system32
18:55:21.488 AVAST engine scan C:\Windows\system32\drivers
18:55:38.850 AVAST engine scan C:\Users\Shipp Family
18:56:23.650 Disk 0 MBR has been saved successfully to "C:\Users\Shipp Family\Favorites\Downloads\MBR.dat"
18:56:23.663 The log file has been saved successfully to "C:\Users\Shipp Family\Favorites\Downloads\aswMBR.txt"
  • 0

#4
BlackOxide
Posted 29 July 2011 - 12:51 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Thanks for the logs. The aswMBR log looks good. The files that I attempted to remove with OTL are still present, so lets use another tool to see if this removes them, as well as the file that Norton is detecting :)

If you have any trouble running either of the tools below, just let me know.



1)
1. Please download The Avenger by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\Windows\ectbbyn.dat
C:\Windows\ex1234.dat
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDMRCGJ3\upgrade[1].cab

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.




2)
Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.




In your next reply
Please post the contents of...
Avenger log
MBAM log
  • 0

#5
dannyshipp
Posted 30 July 2011 - 06:37 AM

dannyshipp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hello there,
Have just tried to run avenger, however when executing prompt it returns this error "Error invalid script A valid script must begin with a command directive Aborting execution"
Kind regards
Dan
  • 0

#6
BlackOxide
Posted 30 July 2011 - 07:09 AM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hi Dan. This message usually appears when not all of the script above has been pasted into the box in Avenger. Just try it again, making sure all of the code contained in the box in the post before, is pasted into Avengers box, including the "Files to delete:" line :)
  • 0

#7
dannyshipp
Posted 30 July 2011 - 08:24 AM

dannyshipp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Howdy again BlackOxide

Right here we go more logs for you sir ....

Just needed to click return after the Files to delete: command and enter as a seperate line in the avenger box.
Managed to find that out all alone :)

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6002, Service Pack 2)
Sat Jul 30 13:27:08 2011

13:27:08: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6002, Service Pack 2)
Sat Jul 30 13:27:34 2011

13:27:34: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6002, Service Pack 2)
Sat Jul 30 13:28:17 2011

13:28:17: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6002, Service Pack 2)
Sat Jul 30 13:30:03 2011

13:30:03: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6002, Service Pack 2)
Sat Jul 30 13:44:34 2011

13:44:34: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6002, Service Pack 2)
Sat Jul 30 14:35:50 2011

14:35:50: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6002, Service Pack 2)
Sat Jul 30 14:36:27 2011

14:36:27: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6002, Service Pack 2)
Sat Jul 30 14:36:41 2011

14:36:41: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6002, Service Pack 2)
Sat Jul 30 14:37:36 2011

14:37:36: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: could not open file "C:\Windows\ectbbyn.datC:\Windows\ex1234.datC:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDMRCGJ3\upgrade[1].cab"
Deletion of file "C:\Windows\ectbbyn.datC:\Windows\ex1234.datC:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDMRCGJ3\upgrade[1].cab" failed!
Status: 0xc0000033 (STATUS_OBJECT_NAME_INVALID)
--> an object cannot have this name


Completed script processing.

*******************

Finished! Terminate.



Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7325

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

30/07/2011 15:18:50
mbam-log-2011-07-30 (15-18-50).txt

Scan type: Quick scan
Objects scanned: 217949
Time elapsed: 22 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\c4a4bb67-2761-6d57-983c-46a232d6c136 (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\QUESTSCAN (Adware.QuestScan) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuestScan\DisplayName (Adware.QuestScan) -> Value: DisplayName -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\System32\c4a4bb67-2761-6d57-983c-46a232d6c136.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
c:\Windows\010112010146120114.xe (KoobFace.Trace) -> Quarantined and deleted successfully.
c:\Windows\0101120101465653.xe (KoobFace.Trace) -> Quarantined and deleted successfully.
c:\Windows\ectbbyn.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
c:\Windows\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully.


Thanks again
  • 0

#8
BlackOxide
Posted 30 July 2011 - 09:58 AM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Ahhh, I think I see what's happening now. I think when it is being pasted into Avenger, it is going into one line. When you dropped down the first line, it recognized what the command was (Files to delete), but the other three lines were still together so it didn't find any of the files, as it was interpreting it as one long filename.

Could you do it again for me please :) This time, paste it in as before, then make sure each file name is on their own line. Once it has finished, just copy and paste the log into your next reply, thanks :unsure:
  • 0

#9
dannyshipp
Posted 30 July 2011 - 10:33 AM

dannyshipp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Ok think thats worked however one file wasn't found.
I have just looked in the location in explorer and there isn't a ectbbyn.dat file there

Over to your expert opinion for the next step :)



Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\Windows\ectbbyn.dat" not found!
Deletion of file "C:\Windows\ectbbyn.dat" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\Windows\ex1234.dat" deleted successfully.
File "C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDMRCGJ3\upgrade[1].cab" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
  • 0

#10
BlackOxide
Posted 30 July 2011 - 12:47 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Excellent :unsure:

Don't worry about that other file, it has been removed earlier by the looks of it.

I'd like you to run ComboFix now, to make sure that other remnants of Koobface are removed and to see if it finds any other items lurking :)

Follow the instructions below carefully and then get back to me with the log that is produced at the end please.



Download ComboFix from one of these locations:

Link 1
Link 2


IMPORTANT !!! You need to Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you are still unsure on how to do this, see here
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you already have the Recovery Console preinstalled, it will not ask for the following. If it does prompt, allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click Yes, to continue scanning for malware. Please be patient and don't use the PC whilst it is scanning.

When finished, it shall produce a log for you. Please copy & paste the contents of this log (also found at C:\ComboFix.txt) in your next reply.
  • 0

#11
dannyshipp
Posted 31 July 2011 - 04:14 AM

dannyshipp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
BlackOxide

Combofix log file for your perusal

Thanks again for your help with this
Kindest regards
Dan



ComboFix 11-07-31.02 - Shipp Family 31/07/2011 10:50:06.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2046.1025 [GMT 1:00]
Running from: c:\users\Shipp Family\Favorites\Downloads\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton 360 *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Blinkx
c:\program files\Blinkx\blinkx.ico
c:\program files\Blinkx\blinkxss.exe
c:\program files\Blinkx\blinkxstop.exe
c:\program files\Blinkx\lang.dll
c:\program files\Blinkx\templates\beat.ico
c:\program files\Blinkx\templates\index.html
c:\program files\Blinkx\templates\noflash.html
c:\program files\Blinkx\templates\offline.html
c:\program files\Blinkx\templates\offline.swf
c:\program files\Blinkx\templates\uninstall.exe
c:\programdata\QuestScan
c:\programdata\SPL185C.tmp
c:\programdata\SPL18CA.tmp
c:\programdata\SPL8555.tmp
c:\programdata\SPL9156.tmp
c:\users\Shipp Family\videos\avex-dvd-to-ipod-video-suite.exe
c:\windows\iun6002.exe
c:\windows\ST6UNST.000
.
.
((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-31 )))))))))))))))))))))))))))))))
.
.
2011-07-31 10:00 . 2011-07-31 10:00 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-07-31 10:00 . 2011-07-31 10:00 -------- d-----w- c:\users\Mcx2\AppData\Local\temp
2011-07-31 10:00 . 2011-07-31 10:00 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2011-07-31 10:00 . 2011-07-31 10:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-31 10:00 . 2011-07-31 10:00 -------- d-----w- c:\users\Dan\AppData\Local\temp
2011-07-31 09:46 . 2011-07-31 09:46 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2011-07-30 14:32 . 2011-07-30 14:32 -------- d-----w- c:\users\Shipp Family\AppData\Local\CrashDumps
2011-07-30 13:49 . 2011-07-30 13:49 -------- d-----w- c:\users\Shipp Family\AppData\Roaming\Malwarebytes
2011-07-30 13:49 . 2011-07-06 18:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-30 13:49 . 2011-07-30 13:49 -------- d-----w- c:\programdata\Malwarebytes
2011-07-30 13:49 . 2011-07-30 13:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-30 13:49 . 2011-07-06 18:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-29 17:25 . 2011-07-29 17:25 -------- d-----w- C:\_OTL
2011-07-29 06:34 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D4A0ECBB-CF0A-4801-A4DB-F29D4CD47F7C}\mpengine.dll
2011-07-26 22:30 . 2011-07-26 22:54 -------- d-----w- c:\users\Shipp Family\AppData\Local\NPE
2011-07-26 22:02 . 2011-07-27 17:15 -------- d-----w- c:\programdata\PC Tools
2011-07-26 22:00 . 2011-07-26 22:02 -------- d-----w- c:\users\Shipp Family\AppData\Roaming\GetRightToGo
2011-07-15 16:37 . 2007-02-19 20:00 1645320 ----a-w- c:\windows\system32\gdiplus.dll
2011-07-15 16:37 . 2007-05-17 15:00 311296 ----a-w- c:\windows\system32\lxdihcp.dll
2011-07-15 16:37 . 2007-05-17 14:59 294912 ----a-w- c:\windows\system32\lxdiinst.dll
2011-07-15 16:36 . 2011-07-15 16:41 -------- d-----w- c:\program files\Lexmark 3500-4500 Series
2011-07-15 16:34 . 2007-03-16 03:08 113664 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lxdidrpp.dll
2011-07-13 06:36 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 06:36 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 06:36 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-30 13:42 . 2011-06-05 09:22 240640 ----a-w- c:\windows\system32\xvidvfw.dll
2011-05-26 11:13 . 2011-05-26 11:13 0 ---ha-w- c:\users\Shipp Family\AppData\Local\BITDF86.tmp
2011-05-24 18:14 . 2009-10-04 14:22 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-23 09:52 . 2011-06-05 09:22 153088 ----a-w- c:\windows\system32\xvid.ax
2011-05-23 07:46 . 2011-06-05 09:22 645632 ----a-w- c:\windows\system32\xvidcore.dll
2011-05-02 17:16 . 2011-06-16 17:48 739328 ----a-w- c:\windows\system32\inetcomm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-17 68856]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BigDogPath"="c:\windows\VM_STI.EXE %;USB\VID_0AC8&PID_0302.DeviceDesc%" [X]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-20 6144000]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-07-16 434864]
"lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-07-16 25264]
"FaxCenterServer"="c:\program files\\Lexmark Fax Solutions\fm3032.exe" [2007-07-16 311984]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-17 68856]
.
c:\users\Shipp Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Belkin\Bluetooth Software\BTTray.exe [2005-8-24 577597]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WG111v2 Smart Wizard..lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard..lnk
backup=c:\windows\pss\NETGEAR WG111v2 Smart Wizard..lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WG111v2 Smart Wizard.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WG111v2 Smart Wizard.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Ultra Hal Text-to-Speech Reader Startup.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Ultra Hal Text-to-Speech Reader Startup.lnk
backup=c:\windows\pss\Ultra Hal Text-to-Speech Reader Startup.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
c:\windows\VM_STI.EXE %;USB\VID_0AC8&PID_0302.DeviceDesc% [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 23:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-10-08 17:04 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDtoiPodConverter_upgrade]
2009-03-25 04:32 900608 ----a-w- c:\program files\E-Zsoft\DVDtoiPodConverter\DVDtoiPodConverter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2007-07-16 16:54 311984 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 11:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2009-08-28 09:43 1486848 ----a-r- c:\program files\VIA\VIAudioi\VDeck\VDeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-06-29 04:51 175128 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-06-29 04:52 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 00:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
2009-01-02 12:05 1041960 ----a-w- c:\program files\Kontiki\KHost.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdiamon]
2007-07-16 16:54 25264 ----a-w- c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdimon.exe]
2007-07-16 16:54 434864 ----a-w- c:\program files\Lexmark 3500-4500 Series\lxdimon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-06-29 04:52 153624 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 17:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 14:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-07-17 23:35 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9f19246941037;Google Update Service (gupdate1c9f19246941037);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-20 133104]
R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-06-11 99248]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-20 133104]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys [2006-03-27 167808]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\drivers\ianvstor.sys [2007-10-02 220696]
R4 ioatdma;Intel® QuickData Technology Device;c:\windows\system32\drivers\ioatdma.sys [2008-01-18 36480]
R4 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2005-11-14 34176]
R4 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2005-12-19 28800]
R4 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\si3531.sys [2007-01-30 210224]
R4 wbondir;Winbond CIR Transceiver;c:\windows\system32\drivers\wbondir.sys [2007-03-20 49664]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20110726.002\IDSvix86.sys [2010-09-15 287792]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
S2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe [2007-06-11 517040]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-07 378472]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-27 105592]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2009-11-26 654848]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-03-03 139368]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-08-17 1077760]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-31 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-12 22:57]
.
2011-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-20 10:31]
.
2011-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-20 10:31]
.
2011-07-29 c:\windows\Tasks\Norton Security Scan for Shipp Family.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: Send To &Bluetooth - c:\program files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
WebBrowser-{A057A204-BACC-4D26-CFC3-3CECC9AB2EDA} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-4196850368.skyplayer.sky.com - c:\program files\Microsoft Silverlight\4.0.50917.0\Silverlight.Configuration.exe
AddRemove-blinkx beat - c:\program files\Blinkx\templates\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-31 11:01
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1196833928-3279791162-2894433657-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0D1E1631-F0B3-A192-4A44-3AFB1B92EB20}*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-07-31 11:08:05
ComboFix-quarantined-files.txt 2011-07-31 10:07
.
Pre-Run: 20,951,977,984 bytes free
Post-Run: 20,854,624,256 bytes free
.
- - End Of File - - D3476FE0680158ED0CF9ED6CED378519
  • 0

#12
BlackOxide
Posted 31 July 2011 - 08:32 AM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
No problem Dan. Things are looking much better now. Could you run a scan with your Norton 360 please and let me know if it detects any threats. The file that it was originally finding should not appear as it was removed earlier. Let me know how you get on with the Norton scan :)
  • 0

#13
dannyshipp
Posted 01 August 2011 - 09:49 AM

dannyshipp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Norton scan was sweet ... That my friend is a success!
Thanks to your efforts!

Provided you have no more advice for me I will sign off and make a donation!
Thanks again and have a great day!
Dan
  • 0

#14
BlackOxide
Posted 01 August 2011 - 12:48 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hi Dan, no problem, great to hear the scan went through fine. Yep, all the logs look good to me now :)

I'll post my cleanup steps below, which will guide you through removing the tools we have used and give you some tips on staying safe.

If you do have any further questions, just let me know :)



Good stuff, your logs now appear clean :unsure:

Thank you for following the procedures, your system now appears free from Malware. Below is a list of steps that are well worth following, they help finalize the fixes we have been doing and will help minimize the risk of a smilar situation happening again by protecting your PC and helping secure it.

Please make sure you follow the Cleanup stage just below.


========== CLEANUP ==========

Remove the Tools used in this cleanup

1)
Tools on the Desktop:
You can now safely remove aswMBR and The Avenger from the Desktop (if present)

2)
Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK
    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

3)
Clear Old Restore Points
  • Run OTL, copy and paste the following into the Custom Scans/Fixes area at the bottom
    :Commands
[CLEARALLRESTOREPOINTS]
  • Then Click Run Fix

4)
OTL Cleanup
  • Open OTL
  • Click the CleanUp button at the top, it will ask to reboot your PC, please allow it to do so

5)
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


========== Anti Malware Protection ==========

MalwareBytes Anti-Malware
This is an excellent Anti-Malware product. It is recommended to periodically run a Quick Scan to keep your PC as clean as possible. Remember to check for updates before running a scan, so click the Update tab along the top, then click Check for Updates.

Spyware Blaster
Spyware Blaster is a useful program that creates a huge list of known suspect/dangerous sites and blocks any attempts to visit those sites by embedding the list into Internet Explorer and Firefox.

Free Anti Virus Protection...
If you haven't got an AntiVirus or are thinking of changing, my personal recommendations are Microsoft Security Essentials and Avast, both are free to use. Remember though, you can only have one Anti Virus installed at any one given time.

Paid Anti Virus Protection...
If you want a bit more than just an Anti Virus and would like extra features such as Firewall and Anti Spam, you will have to look at purchasing an Anti Virus product. A lot of people do use free AV software as these products use the same virus databases as the paid ones, but some people prefer to have the extra features and the help and support that the paid products tend to offer. If you are looking into purchasing one, my recommendations would be Kaspersky Internet Security or ESET Smart Security. There are however many different ones out there and it is wise to just download trial versions to see which ones suit you best, before actually buying.



========== Updates ==========

Keeping your PC updated is vital in the battle against infections and exploits. There are many infections which will exploit loopholes within Windows itself, Java and Adobe Reader. Keeping these updated is a very good habit to get into.

Automatic Updates

Updates to your Operating System are vital in closing loopholes and fixing bugs which some infections exploit.
To keep your Windows updated, ensure that 'Automatic Updates' is enabled on your PC so updates are downloaded and installed automatically. Click on your version of Windows below to find out how...
Windows XP
Windows Vista
Windows 7

Java updates
  • Click the Start button
  • Click Control Panel
  • Double Click Java
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed
Adobe Reader updates
  • Open Adobe Reader
  • Click Help on the menu at the top
  • Click Check for Updates
  • Allow any updates to be downloaded and installed



========== Alternate Browsers ==========

Using an alternative web browser can help protect your PC from infections which exploit security holes within Internet Explorer. They can also be quicker to load pages and offer more tools and features such as Firefox's huge addon list.

Firefox - My personal choice, easy to use and has a large number of excellent addons that can be installed to help keep you away from malicious sites and reduce advertisements and popups etc. AdBlockPlus and WOT are very useful addons that are well worth having installed.

Google Chrome - Very nippy browser that's easy to use and is well worth a go if you are trying out different browsers.


Have fun and stay safe online :yes:
BlackOxide
  • 0

#15
BlackOxide
Posted 06 August 2011 - 06:58 AM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP