Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

System Infected: Tidserv Activity 2 threat

Started by bradkc , Nov 04 2011 07:39 PM

  • This topic is locked This topic is locked

#1
bradkc
Posted 04 November 2011 - 07:39 PM

bradkc

    Member

  • Member
  • PipPip
  • 11 posts
Hi - I need help removing the System Infected: Tidserv Activity 2 threat. It says 'Threat requiring manual removal dectected: System Infected: Tidserv Activity 2'. It only started coming up when I updated my Norton Antivirus software on Monday (31/10/11). My previous software had expired a few days earlier. It only appears to come up when I open Internet Explorer. It redirects to other webpages when using the Google search engine and brings up popups. I haven't noticed any other issues. I've tried running Malware Bytes but it hasn't picked anything up. Have also tried FixTDSS as advised by Symantec. This did not pick anything up either. Please help!!


OTL logfile created on: 2/11/2011 5:27:36 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Kacie and Brad\My Documents
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.99 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.23% Memory free
3.84 Gb Paging File | 2.95 Gb Available in Paging File | 76.76% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.47 Gb Total Space | 82.38 Gb Free Space | 56.24% Space Free | Partition Type: NTFS
Drive F: | 1397.27 Gb Total Space | 219.88 Gb Free Space | 15.74% Space Free | Partition Type: NTFS

Computer Name: KACIENBRAD | User Name: Kacie and Brad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/02 17:27:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kacie and Brad\My Documents\OTL.exe
PRC - [2011/10/03 05:06:16 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\javaws.exe
PRC - [2011/10/03 05:06:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\javaw.exe
PRC - [2011/04/17 10:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
PRC - [2010/12/10 22:29:00 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/12/10 22:28:56 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2010/12/02 06:42:09 | 000,328,056 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/31 17:29:06 | 000,196,608 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2007/08/28 16:54:58 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\OEM02Mon.exe
PRC - [2007/07/25 18:32:50 | 000,823,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/07/25 18:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/07/25 18:30:36 | 000,974,848 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/07/10 00:03:06 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2007/05/17 17:43:28 | 001,428,360 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2007/05/17 17:43:18 | 000,568,176 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/04/16 18:10:26 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/03/15 14:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/11/05 13:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/11/05 12:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006/11/02 16:05:50 | 000,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe
PRC - [2006/08/17 11:00:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2006/04/06 20:19:28 | 000,745,472 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
PRC - [2005/09/25 19:11:20 | 000,094,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2005/02/16 16:15:20 | 000,581,632 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe


========== Modules (No Company Name) ==========

MOD - [2009/09/04 23:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/06/21 02:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/21 02:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2007/07/25 18:25:48 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2007/05/17 16:52:30 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2007/05/17 16:31:18 | 000,040,960 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2006/11/05 12:58:44 | 000,516,096 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll
MOD - [2006/11/05 12:28:18 | 004,587,520 | R--- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
MOD - [2006/08/18 15:17:36 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL
MOD - [2006/04/06 20:19:28 | 000,745,472 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
MOD - [2003/05/08 11:23:04 | 000,618,496 | ---- | M] () -- C:\Program Files\VDMSound\LaunchPad.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - [2011/04/17 10:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2010/12/10 22:29:00 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/06/08 10:09:47 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2007/07/25 18:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2007/03/19 14:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Driver Services (SafeList) ==========

DRV - [2011/10/31 17:36:29 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/10/30 01:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111101.038\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/10/30 01:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/10/30 01:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/30 01:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111101.038\NAVENG.SYS -- (NAVENG)
DRV - [2011/10/28 15:28:46 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111031.030\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/10/14 23:13:30 | 000,818,808 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111027.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/03/31 13:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/31 13:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/22 10:39:49 | 000,369,784 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/15 12:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 16:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/27 15:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010/02/26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/02/26 14:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010/02/26 14:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009/02/19 09:08:14 | 000,105,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zgwhsnmea.sys -- (zgwhsnmea)
DRV - [2009/02/19 09:08:10 | 000,105,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zgwhsmdm.sys -- (zgwhsmdm)
DRV - [2009/02/19 09:08:04 | 000,105,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zgwhsdiag.sys -- (zgwhsdiag)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/03/29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/08/28 16:55:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/08/28 16:54:56 | 000,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/08/12 20:05:34 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/07/16 22:26:46 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/07/16 22:26:46 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/07/16 22:26:46 | 000,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/07/10 17:07:56 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/07/10 00:03:04 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/05/29 17:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/03/31 00:02:42 | 000,876,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/03/31 00:02:40 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2007/03/22 21:50:42 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/03/22 21:50:36 | 000,037,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2007/03/22 21:50:24 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/03/22 21:50:08 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/03/22 21:49:54 | 000,539,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007/02/25 14:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/01/18 18:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/15 00:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/14 19:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/02 14:31:38 | 000,103,168 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02)
DRV - [2006/10/05 19:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/18 15:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 15:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 15:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 15:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 15:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 15:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 15:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 15:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 12:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 12:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/03/27 17:53:28 | 000,167,808 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v2.sys -- (RTLWUSB)
DRV - [2004/12/18 14:58:32 | 000,028,005 | R--- | M] (Efficient Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\enethusb.sys -- (ENETHUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=2071024
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = http://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page Restore =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co...html?channel=au
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=2071024

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://ninemsn.com.au/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.7.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2011/11/01 07:02:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_1_3 [2011/11/02 16:16:46 | 000,000,000 | ---D | M]

[2010/12/28 20:09:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kacie and Brad\Application Data\Mozilla\Extensions
[2010/12/28 20:09:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kacie and Brad\Application Data\Mozilla\Extensions\[email protected]
[2010/12/28 20:08:27 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]

Hosts file not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (no name) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dscactivate] c:\dell\dsca.exe ( )
O4 - HKLM..\Run: [EPSON Stylus CX6500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EP.EXE /P26 "EPSON Stylus CX6500 Series" /O6 "USB001" /M "Stylus CX6500" File not found
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WG111v2 Smart Wizard Wireless Setting.lnk = C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87C4E74F-7E00-46D8-8438-773C29738974}: DhcpNameServer = 10.0.0.138
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\f09944b0964: DllName - (C:\WINDOWS\system32\devmgr32.dll) - File not found
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kacie and Brad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 19:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/08/15 13:32:24 | 000,000,000 | RH-D | M] - F:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/17 12:56:50 | 000,000,036 | RH-- | M] () - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{0416e140-c3a6-11df-be52-001fe1ef413d}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{1f6bffc4-4318-11e0-bf47-001fe1ef413d}\Shell - "" = AutoRun
O33 - MountPoints2\{1f6bffc4-4318-11e0-bf47-001fe1ef413d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1f6bffc4-4318-11e0-bf47-001fe1ef413d}\Shell\AutoRun\command - "" = G:\HPLauncher.exe
O33 - MountPoints2\{5d4ae270-5f3f-11dd-81cc-001fe1ef413d}\Shell - "" = AutoRun
O33 - MountPoints2\{5d4ae270-5f3f-11dd-81cc-001fe1ef413d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5d4ae270-5f3f-11dd-81cc-001fe1ef413d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/02 17:27:08 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kacie and Brad\My Documents\OTL.exe
[2011/11/02 06:53:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/11/02 06:41:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/11/01 10:45:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\N360_BACKUP
[2011/11/01 06:57:47 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Kacie and Brad\My Documents\FixTDSS.exe
[2011/10/31 17:36:29 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/10/31 17:36:29 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/10/31 17:36:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/10/31 17:36:29 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/10/31 17:36:13 | 000,744,568 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\SymEFA.sys
[2011/10/31 17:36:13 | 000,516,216 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.sys
[2011/10/31 17:36:13 | 000,369,784 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symtdi.sys
[2011/10/31 17:36:13 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\SymDS.sys
[2011/10/31 17:36:13 | 000,331,384 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symtdiv.sys
[2011/10/31 17:36:13 | 000,296,568 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnets.sys
[2011/10/31 17:36:13 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\Ironx86.sys
[2011/10/31 17:36:13 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.sys
[2011/10/31 17:35:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2011/10/31 17:35:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0501000.01D
[2011/10/31 17:35:54 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2011/10/31 17:35:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton 360
[2011/10/31 17:23:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2011/10/31 17:14:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kacie and Brad\Start Menu\Programs\Norton
[2011/10/31 17:14:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2011/10/31 16:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/10/31 16:30:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/10/30 12:10:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kacie and Brad\Application Data\F933EBA15791B28CC779D1DC33256DDB
[2011/03/28 19:35:51 | 000,462,112 | ---- | C] (How Inc.) -- C:\Program Files\Common Files\ZugoInstaller.exe
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Kacie and Brad\Desktop\*.tmp files -> C:\Documents and Settings\Kacie and Brad\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Kacie and Brad\*.tmp files -> C:\Documents and Settings\Kacie and Brad\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/02 17:27:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kacie and Brad\My Documents\OTL.exe
[2011/11/02 16:16:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/02 16:16:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/02 16:16:19 | 2137,038,848 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/02 06:44:41 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/11/01 06:57:55 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Kacie and Brad\My Documents\FixTDSS.exe
[2011/10/31 17:56:26 | 000,208,896 | ---- | M] () -- C:\WINDOWS\System32\apistreamadv.exe
[2011/10/31 17:38:10 | 000,730,654 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\Cat.DB
[2011/10/31 17:36:29 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/10/31 17:36:29 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/10/31 17:36:29 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/10/31 17:36:29 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/10/31 17:36:17 | 000,001,900 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2011/10/31 17:33:35 | 000,000,770 | ---- | M] () -- C:\Documents and Settings\Kacie and Brad\Desktop\Norton Installation Files.lnk
[2011/10/31 17:22:56 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/10/30 15:12:38 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/10/14 05:00:23 | 000,342,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/13 20:31:49 | 000,446,360 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/13 20:31:49 | 000,073,400 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/13 20:26:49 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Kacie and Brad\Desktop\*.tmp files -> C:\Documents and Settings\Kacie and Brad\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Kacie and Brad\*.tmp files -> C:\Documents and Settings\Kacie and Brad\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/02 06:44:39 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/11/02 06:44:39 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/10/31 17:56:26 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\apistreamadv.exe
[2011/10/31 17:38:05 | 000,730,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\Cat.DB
[2011/10/31 17:36:29 | 000,007,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/10/31 17:36:29 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/10/31 17:36:17 | 000,001,900 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2011/10/31 17:36:13 | 000,000,000 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\SymDS.cat
[2011/10/31 17:35:57 | 000,003,373 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\SymEFA.inf
[2011/10/31 17:35:57 | 000,002,792 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\SymDS.inf
[2011/10/31 17:35:57 | 000,001,474 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\SymNetV.inf
[2011/10/31 17:35:57 | 000,001,446 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\SymNet.inf
[2011/10/31 17:35:57 | 000,001,389 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.inf
[2011/10/31 17:35:57 | 000,001,383 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.inf
[2011/10/31 17:35:57 | 000,000,742 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\Iron.inf
[2011/10/31 17:35:56 | 000,007,877 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnetv.cat
[2011/10/31 17:35:56 | 000,007,528 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\iron.cat
[2011/10/31 17:35:56 | 000,007,458 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\SymNet.cat
[2011/10/31 17:35:56 | 000,007,456 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\SymEFA.cat
[2011/10/31 17:35:56 | 000,007,454 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.cat
[2011/10/31 17:35:56 | 000,007,450 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.cat
[2011/10/31 17:35:56 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\isolate.ini
[2011/10/31 17:14:23 | 000,000,770 | ---- | C] () -- C:\Documents and Settings\Kacie and Brad\Desktop\Norton Installation Files.lnk
[2010/12/31 10:54:18 | 000,004,976 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ojobkspa.ako
[2010/12/31 10:36:49 | 000,004,911 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\oafcpcef.qqj
[2010/10/03 02:51:48 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Kacie and Brad\Application Data\tc7.exe
[2010/10/03 02:42:30 | 008,665,685 | ---- | C] () -- C:\Documents and Settings\Kacie and Brad\Application Data\Justin Bieber - Never Say Never ft Jaden Smith.zip
[2010/06/26 15:56:55 | 000,203,776 | -HS- | C] () -- C:\WINDOWS\System32\unrar.exe
[2010/04/09 10:36:43 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\Converter_sysquict.dat
[2010/02/13 08:23:28 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2009/12/14 17:39:57 | 000,078,228 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/29 16:01:41 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\Kacie and Brad\Application Data\GlZ3uuFxat.gif
[2009/06/29 16:01:41 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\Kacie and Brad\Application Data\GlZ3uuFxzn.gif
[2009/06/29 16:01:41 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\Kacie and Brad\Application Data\GlZ3uuFxby.gif
[2009/05/31 10:58:01 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08b.dat
[2009/04/30 18:34:38 | 000,005,013 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ywasvxup.hvs
[2008/11/24 18:34:23 | 000,001,846 | ---- | C] () -- C:\WINDOWS\if42le.ini
[2008/11/24 18:34:23 | 000,000,308 | ---- | C] () -- C:\WINDOWS\Pexplore.ini
[2008/11/24 18:28:04 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/11/24 18:28:04 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/11/24 18:27:05 | 000,000,213 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2008/11/24 18:27:05 | 000,000,094 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2008/11/24 18:27:05 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf07a.dat
[2008/10/10 16:41:30 | 000,000,085 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/05/31 14:55:11 | 001,843,784 | ---- | C] () -- C:\WINDOWS\System32\igklg400.dll
[2008/05/31 14:55:11 | 001,399,880 | ---- | C] () -- C:\WINDOWS\System32\igklg450.dll
[2008/05/31 14:55:11 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/05/31 14:55:11 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2008/05/10 16:43:53 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2008/03/26 07:24:46 | 000,008,521 | ---- | C] () -- C:\WINDOWS\extend.dat
[2008/03/15 14:12:31 | 000,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/12 19:52:31 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2008/01/04 13:01:33 | 000,030,605 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2008/01/04 13:01:33 | 000,027,030 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2008/01/04 13:01:33 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/01/04 13:00:28 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE CX6500.ini
[2007/12/24 17:56:08 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/11/01 16:28:15 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/10/30 18:01:10 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Kacie and Brad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/30 17:27:28 | 000,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/10/30 17:15:22 | 000,000,084 | ---- | C] () -- C:\Documents and Settings\Kacie and Brad\Application Data\wklnhst.dat
[2007/10/24 00:03:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/10/23 23:54:53 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2007/10/23 23:54:22 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2007/10/23 23:54:22 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/10/23 23:16:00 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/10/23 23:16:00 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll
[2007/10/23 23:15:59 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2007/10/23 23:15:58 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007/10/23 23:14:32 | 000,001,165 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/05/17 16:52:30 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/05/17 16:23:20 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006/09/17 01:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/17 01:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/08/11 19:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 19:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 19:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 19:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 19:07:24 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 19:06:43 | 000,342,624 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 19:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 19:00:28 | 000,446,360 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 19:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 19:00:28 | 000,073,400 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 19:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 19:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 19:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 19:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 19:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 19:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 19:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 19:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 15:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1997/08/01 00:00:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
[1997/08/01 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/08/01 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/08/01 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2011/10/31 17:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2008/06/08 10:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/04/12 17:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gFj31002gDiMm31002
[2010/09/01 18:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/04/30 18:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Movavi Video Converter 6
[2007/12/31 08:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/11/24 18:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Newsoft
[2010/09/01 19:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2008/02/17 17:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/10/31 17:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2010/09/06 17:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2007/10/23 23:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/12/28 20:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2008/01/04 13:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/06/30 19:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/05 18:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/15 09:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/10/23 08:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\Bitrix Security
[2011/09/13 07:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\DocumentsToGoDesktop
[2011/10/30 13:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\F933EBA15791B28CC779D1DC33256DDB
[2011/01/22 08:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\fhnetwork.com
[2011/10/23 14:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\FrostWire
[2008/05/18 15:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\Leadertech
[2010/12/31 10:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\MOVAVI
[2010/12/31 10:55:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\Movavi Video Converter 10
[2010/12/31 10:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\Movavi Video Suite 9
[2011/04/24 07:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\MP3Rocket
[2007/12/31 08:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\NCH Swift Sound
[2008/02/25 19:06:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\Nokia
[2008/02/17 19:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\PC Suite
[2011/04/09 07:23:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\Publish Providers
[2007/12/23 10:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\SlySoft
[2011/04/09 07:20:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\Sony
[2011/04/09 07:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\Sony Setup
[2007/10/30 17:15:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\Template
[2010/10/22 17:47:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\Tific
[2008/01/08 16:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\tmp
[2010/12/28 20:09:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\TomTom
[2011/11/02 17:34:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\uTorrent
[2010/04/17 15:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\Youtube Downloader HD

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 48 bytes -> C:\WINDOWS:BFD693C0D2C72E8A

< End of report >

OTL Extras logfile created on: 2/11/2011 5:27:36 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Kacie and Brad\My Documents
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.99 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.23% Memory free
3.84 Gb Paging File | 2.95 Gb Available in Paging File | 76.76% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.47 Gb Total Space | 82.38 Gb Free Space | 56.24% Space Free | Partition Type: NTFS
Drive F: | 1397.27 Gb Total Space | 219.88 Gb Free Space | 15.74% Space Free | Partition Type: NTFS

Computer Name: KACIENBRAD | User Name: Kacie and Brad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"27583:TCP" = 27583:TCP:*:Enabled:BitComet 27583 TCP
"27583:UDP" = 27583:UDP:*:Enabled:BitComet 27583 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Dell\MediaDirect\PCMService.exe" = C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire -- (FrostWire Group)
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell -- (Microsoft Corporation)
"C:\Documents and Settings\Kacie and Brad\Local Settings\Temp\7zS98.tmp\SymNRT.exe" = C:\Documents and Settings\Kacie and Brad\Local Settings\Temp\7zS98.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 29
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite DCP-165C
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{451B4B28-C835-423C-9AC2-3B562975E0F2}" = Movavi Video Suite 9
"{468E792D-B5B4-4226-BF1B-FCA66771F820}_is1" = Commander Keen Complete Version 1.1
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Ultra Edition
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4ECA710C-B818-4751-A3B8-42C2D93922A8}" = Nokia Software Updater
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72FD5F2E-1F7A-4E9B-8838-29E842E178CD}" = Join ME
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{783033B0-D8E6-11D5-9293-0050BA073EEC}" = Presto! ImageFolio 4
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = PageRage 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C416D62-6939-44AB-BFDE-0F14AD744DB1}" = Movavi Video Converter 10
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1" = Free YouTube Downloader 3.2.77
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}" = Dell Support Center
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370}" = IntelliSonic Speech Enhancement
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{E0F252A6-DE85-4E93-A93B-DFC3537B3965}" = WG111v2 Configuration Utility
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"4569969E1360D2854474C661EF9B4D54F143EB16" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Creative OEM002" = Laptop Integrated Webcam Driver (1.03.02.0719)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"DTGDesktop" = Documents To Go Desktop for iPhone
"DVD Shrink_is1" = DVD Shrink 3.1.7
"ESCX6500 Reference Guide" = ESCX6500 Reference Guide
"ESCX6500 Software Guide" = ESCX6500 Software Guide
"FrostWire" = FrostWire 4.21.3
"GoToAssist" = GoToAssist 8.0.0.514
"HDMI" = Intel® Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"N360" = Norton 360
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ProInst" = Intel® PROSet/Wireless Software
"SearchAssist" = SearchAssist
"SynTPDeinstKey" = Dell Touchpad
"TomTom HOME" = TomTom HOME 2.8.0.2146
"uTorrent" = µTorrent
"VDMSound" = VDMSound
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"IM" = IM
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 31/10/2011 4:58:03 PM | Computer Name = KACIENBRAD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 31/10/2011 5:02:36 PM | Computer Name = KACIENBRAD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 1/11/2011 4:36:17 AM | Computer Name = KACIENBRAD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 1/11/2011 4:36:19 AM | Computer Name = KACIENBRAD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 1/11/2011 4:39:47 AM | Computer Name = KACIENBRAD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 1/11/2011 4:39:48 AM | Computer Name = KACIENBRAD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: A connection with the server could not be established

Error - 1/11/2011 5:49:39 AM | Computer Name = KACIENBRAD | Source = crypt32 | ID = 131075
Description = Failed auto update retrieval of third-party root list cab from: <http://www.download....uthrootstl.cab>
with error: The connection with the server was terminated abnormally

Error - 1/11/2011 5:49:40 AM | Computer Name = KACIENBRAD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 1/11/2011 4:22:27 PM | Computer Name = KACIENBRAD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 1/11/2011 4:51:06 PM | Computer Name = KACIENBRAD | Source = MsiInstaller | ID = 11500
Description = Product: Java™ 6 Update 29 -- Error 1500.Another installation is
in progress. You must complete that installation before continuing this one.

[ System Events ]
Error - 2/11/2011 2:36:18 AM | Computer Name = KACIENBRAD | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 2/11/2011 2:37:48 AM | Computer Name = KACIENBRAD | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 2/11/2011 2:37:49 AM | Computer Name = KACIENBRAD | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 2/11/2011 2:58:11 AM | Computer Name = KACIENBRAD | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 2/11/2011 2:58:11 AM | Computer Name = KACIENBRAD | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 2/11/2011 3:06:23 AM | Computer Name = KACIENBRAD | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 2/11/2011 3:08:14 AM | Computer Name = KACIENBRAD | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 2/11/2011 3:08:24 AM | Computer Name = KACIENBRAD | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 2/11/2011 3:18:12 AM | Computer Name = KACIENBRAD | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 2/11/2011 3:18:13 AM | Computer Name = KACIENBRAD | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127


< End of report >
  • 0

Advertisements

#2
azarl
Posted 06 November 2011 - 09:26 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
OK, let's see if we can help you

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it
If it asks you whether to download Avast click "No"
Posted Image

Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log...

Posted Image

... save it to your desktop and post in your next reply
  • 0

#3
bradkc
Posted 06 November 2011 - 04:38 PM

bradkc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-07 08:36:11
-----------------------------
08:36:11.765 OS Version: Windows 5.1.2600 Service Pack 3
08:36:11.765 Number of processors: 2 586 0xF0D
08:36:11.765 ComputerName: KACIENBRAD UserName:
08:36:13.375 Initialize success
08:36:29.468 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
08:36:29.468 Disk 0 Vendor: FUJITSU_MHW2160BH 0085001C Size: 152627MB BusType: 3
08:36:31.546 Disk 0 MBR read successfully
08:36:31.562 Disk 0 MBR scan
08:36:31.562 Disk 0 Windows XP default MBR code
08:36:31.593 Disk 0 scanning sectors +312576705
08:36:31.906 Disk 0 scanning C:\WINDOWS\system32\drivers
08:36:36.765 File: C:\WINDOWS\system32\drivers\afd.sys **SUSPICIOUS**
08:37:20.890 Service scanning
08:37:22.890 Service BPIKSp50 D:\BPIKSp50.sys **LOCKED** 21
08:37:23.671 Modules scanning
08:37:29.359 Module: C:\WINDOWS\System32\drivers\afd.sys **SUSPICIOUS**
08:37:36.953 Disk 0 trace - called modules:
08:37:36.968 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xa8935f10]<<
08:37:37.484 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8acaeab8]
08:37:37.484 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x89341250]
08:37:37.500 \Driver\00000894[0x892e8218] -> IRP_MJ_CREATE -> 0xa8935f10
08:37:37.500 Scan finished successfully
08:37:49.281 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Kacie and Brad\Desktop\MBR.dat"
08:37:49.281 The log file has been saved successfully to "C:\Documents and Settings\Kacie and Brad\Desktop\aswMBR.txt"
  • 0

#4
azarl
Posted 07 November 2011 - 02:37 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Re-Run aswMBR

Click Scan

On completion of the scan

Click the Fix button

Save the log as before and post in your next reply
  • 0

#5
bradkc
Posted 07 November 2011 - 02:53 AM

bradkc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I can't click the 'Fix' button, only the FixMBR button..
  • 0

#6
azarl
Posted 07 November 2011 - 03:04 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#7
bradkc
Posted 07 November 2011 - 03:27 AM

bradkc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
19:18:31.0625 5840 TDSS rootkit removing tool 2.6.15.0 Nov 3 2011 17:15:49
19:18:32.0437 5840 ============================================================
19:18:32.0437 5840 Current date / time: 2011/11/07 19:18:32.0437
19:18:32.0437 5840 SystemInfo:
19:18:32.0437 5840
19:18:32.0437 5840 OS Version: 5.1.2600 ServicePack: 3.0
19:18:32.0437 5840 Product type: Workstation
19:18:32.0437 5840 ComputerName: KACIENBRAD
19:18:32.0437 5840 UserName: Kacie and Brad
19:18:32.0437 5840 Windows directory: C:\WINDOWS
19:18:32.0437 5840 System windows directory: C:\WINDOWS
19:18:32.0437 5840 Processor architecture: Intel x86
19:18:32.0437 5840 Number of processors: 2
19:18:32.0437 5840 Page size: 0x1000
19:18:32.0437 5840 Boot type: Normal boot
19:18:32.0437 5840 ============================================================
19:18:35.0140 5840 Initialize success
19:18:37.0593 4872 ============================================================
19:18:37.0593 4872 Scan started
19:18:37.0593 4872 Mode: Manual;
19:18:37.0593 4872 ============================================================
19:18:40.0250 4872 Abiosdsk - ok
19:18:40.0328 4872 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
19:18:40.0343 4872 abp480n5 - ok
19:18:40.0453 4872 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:18:40.0453 4872 ACPI - ok
19:18:40.0515 4872 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:18:40.0515 4872 ACPIEC - ok
19:18:40.0593 4872 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
19:18:40.0593 4872 adpu160m - ok
19:18:40.0656 4872 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:18:40.0656 4872 aec - ok
19:18:40.0796 4872 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys
19:18:40.0796 4872 AegisP - ok
19:18:40.0859 4872 AFD (29ada7574b433632b71264a207dbffde) C:\WINDOWS\System32\drivers\afd.sys
19:18:40.0875 4872 AFD ( Rootkit.Win32.ZAccess.h ) - infected
19:18:40.0875 4872 AFD - detected Rootkit.Win32.ZAccess.h (0)
19:18:40.0937 4872 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
19:18:40.0937 4872 agp440 - ok
19:18:40.0953 4872 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
19:18:40.0953 4872 agpCPQ - ok
19:18:40.0984 4872 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
19:18:40.0984 4872 Aha154x - ok
19:18:41.0015 4872 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
19:18:41.0015 4872 aic78u2 - ok
19:18:41.0031 4872 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
19:18:41.0031 4872 aic78xx - ok
19:18:41.0078 4872 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
19:18:41.0078 4872 AliIde - ok
19:18:41.0109 4872 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
19:18:41.0109 4872 alim1541 - ok
19:18:41.0218 4872 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
19:18:41.0234 4872 amdagp - ok
19:18:41.0312 4872 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
19:18:41.0312 4872 amsint - ok
19:18:41.0437 4872 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:18:41.0437 4872 Arp1394 - ok
19:18:41.0562 4872 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
19:18:41.0562 4872 asc - ok
19:18:41.0640 4872 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
19:18:41.0640 4872 asc3350p - ok
19:18:41.0718 4872 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
19:18:41.0718 4872 asc3550 - ok
19:18:41.0828 4872 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:18:41.0828 4872 AsyncMac - ok
19:18:41.0875 4872 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:18:41.0875 4872 atapi - ok
19:18:41.0906 4872 Atdisk - ok
19:18:42.0000 4872 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:18:42.0000 4872 Atmarpc - ok
19:18:42.0140 4872 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:18:42.0140 4872 audstub - ok
19:18:42.0250 4872 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
19:18:42.0250 4872 bcm4sbxp - ok
19:18:42.0359 4872 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:18:42.0359 4872 Beep - ok
19:18:42.0796 4872 BHDrvx86 (fe57ab6683f48264d1cd36f5d5ee95a8) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111027.001\BHDrvx86.sys
19:18:42.0843 4872 BHDrvx86 - ok
19:18:42.0859 4872 BPIKSp50 - ok
19:18:42.0984 4872 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
19:18:42.0984 4872 BrScnUsb - ok
19:18:43.0109 4872 btaudio (ecdc40cc54603c711e1a7a1c9255184a) C:\WINDOWS\system32\drivers\btaudio.sys
19:18:43.0140 4872 btaudio - ok
19:18:43.0187 4872 BTDriver (58a49bd10e08d3d4333a60dedcb1ced8) C:\WINDOWS\system32\DRIVERS\btport.sys
19:18:43.0203 4872 BTDriver - ok
19:18:43.0312 4872 BTKRNL (885b6d0f826a216eee4c3ad883809012) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
19:18:43.0359 4872 BTKRNL - ok
19:18:43.0468 4872 BTWDNDIS (b1d350f3f13cf340fce93912d2ba1ebf) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
19:18:43.0468 4872 BTWDNDIS - ok
19:18:43.0578 4872 btwhid (e48668b4a6a5cf68b33aecad18ee8e1e) C:\WINDOWS\system32\DRIVERS\btwhid.sys
19:18:43.0578 4872 btwhid - ok
19:18:43.0593 4872 btwmodem (8bcd7bfe9c70a8ff7444263435b18aa1) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
19:18:43.0593 4872 btwmodem - ok
19:18:43.0656 4872 BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys
19:18:43.0656 4872 BTWUSB - ok
19:18:43.0687 4872 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
19:18:43.0687 4872 cbidf - ok
19:18:43.0703 4872 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:18:43.0718 4872 cbidf2k - ok
19:18:43.0765 4872 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:18:43.0765 4872 CCDECODE - ok
19:18:43.0796 4872 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
19:18:43.0796 4872 cd20xrnt - ok
19:18:43.0828 4872 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:18:43.0828 4872 Cdaudio - ok
19:18:43.0906 4872 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:18:43.0906 4872 Cdfs - ok
19:18:43.0968 4872 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:18:43.0968 4872 Cdrom - ok
19:18:44.0031 4872 Changer - ok
19:18:44.0062 4872 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:18:44.0062 4872 CmBatt - ok
19:18:44.0093 4872 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
19:18:44.0093 4872 CmdIde - ok
19:18:44.0140 4872 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:18:44.0140 4872 Compbatt - ok
19:18:44.0281 4872 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
19:18:44.0281 4872 Cpqarray - ok
19:18:44.0343 4872 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
19:18:44.0343 4872 CVirtA - ok
19:18:44.0375 4872 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
19:18:44.0375 4872 dac2w2k - ok
19:18:44.0406 4872 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
19:18:44.0406 4872 dac960nt - ok
19:18:44.0453 4872 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:18:44.0453 4872 Disk - ok
19:18:44.0531 4872 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
19:18:44.0531 4872 DLABMFSM - ok
19:18:44.0546 4872 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
19:18:44.0546 4872 DLABOIOM - ok
19:18:44.0562 4872 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
19:18:44.0562 4872 DLACDBHM - ok
19:18:44.0578 4872 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS
19:18:44.0593 4872 DLADResM - ok
19:18:44.0609 4872 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
19:18:44.0609 4872 DLAIFS_M - ok
19:18:44.0625 4872 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
19:18:44.0625 4872 DLAOPIOM - ok
19:18:44.0640 4872 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
19:18:44.0640 4872 DLAPoolM - ok
19:18:44.0656 4872 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
19:18:44.0671 4872 DLARTL_M - ok
19:18:44.0687 4872 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
19:18:44.0687 4872 DLAUDFAM - ok
19:18:44.0703 4872 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
19:18:44.0703 4872 DLAUDF_M - ok
19:18:44.0781 4872 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:18:44.0812 4872 dmboot - ok
19:18:44.0953 4872 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:18:44.0953 4872 dmio - ok
19:18:45.0062 4872 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:18:45.0062 4872 dmload - ok
19:18:45.0109 4872 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:18:45.0109 4872 DMusic - ok
19:18:45.0156 4872 DNE (86d52c32a308f84bbc626bff7c1fb710) C:\WINDOWS\system32\DRIVERS\dne2000.sys
19:18:45.0171 4872 DNE - ok
19:18:45.0203 4872 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
19:18:45.0203 4872 dpti2o - ok
19:18:45.0265 4872 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:18:45.0265 4872 drmkaud - ok
19:18:45.0296 4872 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
19:18:45.0312 4872 DRVMCDB - ok
19:18:45.0359 4872 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
19:18:45.0359 4872 DRVNDDM - ok
19:18:45.0546 4872 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
19:18:45.0546 4872 DSproct - ok
19:18:45.0656 4872 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
19:18:45.0656 4872 dsunidrv - ok
19:18:45.0781 4872 DXEC02 (0c8762b91b967a91373e0e022b62acfc) C:\WINDOWS\system32\drivers\dxec02.sys
19:18:45.0875 4872 DXEC02 - ok
19:18:46.0078 4872 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
19:18:46.0078 4872 E100B - ok
19:18:46.0281 4872 EAPPkt (efacd8d57a42a93e244a0dbd357e8cb8) C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
19:18:46.0281 4872 EAPPkt - ok
19:18:46.0578 4872 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
19:18:46.0656 4872 eeCtrl - ok
19:18:47.0187 4872 ENETHUSB (8c3f3914f1c1e3e3ffe77190a4c9d735) C:\WINDOWS\system32\DRIVERS\enethusb.sys
19:18:47.0265 4872 ENETHUSB - ok
19:18:47.0453 4872 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:18:47.0468 4872 EraserUtilRebootDrv - ok
19:18:47.0625 4872 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:18:47.0625 4872 Fastfat - ok
19:18:47.0734 4872 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:18:47.0734 4872 Fdc - ok
19:18:47.0796 4872 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:18:47.0796 4872 Fips - ok
19:18:47.0890 4872 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:18:47.0906 4872 Flpydisk - ok
19:18:48.0015 4872 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:18:48.0015 4872 FltMgr - ok
19:18:48.0125 4872 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:18:48.0125 4872 Fs_Rec - ok
19:18:48.0234 4872 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:18:48.0234 4872 Ftdisk - ok
19:18:48.0312 4872 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
19:18:48.0312 4872 GEARAspiWDM - ok
19:18:48.0453 4872 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:18:48.0453 4872 Gpc - ok
19:18:48.0578 4872 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:18:48.0578 4872 HDAudBus - ok
19:18:48.0656 4872 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:18:48.0656 4872 HidUsb - ok
19:18:48.0781 4872 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
19:18:48.0781 4872 hpn - ok
19:18:48.0953 4872 HSFHWAZL (b1526810210980bed9d22315946c919d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
19:18:48.0968 4872 HSFHWAZL - ok
19:18:49.0171 4872 HSF_DPV (ddbd528e60f5961c142a490dc4ea7780) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
19:18:49.0265 4872 HSF_DPV - ok
19:18:49.0406 4872 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:18:49.0406 4872 HTTP - ok
19:18:49.0546 4872 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
19:18:49.0562 4872 i2omgmt - ok
19:18:49.0656 4872 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
19:18:49.0656 4872 i2omp - ok
19:18:49.0750 4872 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:18:49.0750 4872 i8042prt - ok
19:18:50.0140 4872 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
19:18:50.0437 4872 ialm - ok
19:18:50.0546 4872 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\drivers\iaStor.sys
19:18:50.0546 4872 iaStor - ok
19:18:50.0843 4872 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111104.030\IDSxpx86.sys
19:18:50.0859 4872 IDSxpx86 - ok
19:18:51.0031 4872 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:18:51.0031 4872 Imapi - ok
19:18:51.0125 4872 InCDFs - ok
19:18:51.0140 4872 InCDPass - ok
19:18:51.0140 4872 InCDRm - ok
19:18:51.0203 4872 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
19:18:51.0203 4872 ini910u - ok
19:18:51.0218 4872 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
19:18:51.0218 4872 IntelIde - ok
19:18:51.0281 4872 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:18:51.0281 4872 intelppm - ok
19:18:51.0312 4872 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:18:51.0312 4872 Ip6Fw - ok
19:18:51.0343 4872 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:18:51.0343 4872 IpFilterDriver - ok
19:18:51.0359 4872 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:18:51.0359 4872 IpInIp - ok
19:18:51.0390 4872 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:18:51.0390 4872 IpNat - ok
19:18:51.0437 4872 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:18:51.0437 4872 IPSec - ok
19:18:51.0484 4872 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:18:51.0484 4872 IRENUM - ok
19:18:51.0656 4872 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:18:51.0656 4872 isapnp - ok
19:18:51.0687 4872 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:18:51.0687 4872 Kbdclass - ok
19:18:51.0750 4872 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:18:51.0765 4872 kbdhid - ok
19:18:51.0859 4872 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:18:51.0859 4872 kmixer - ok
19:18:51.0890 4872 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:18:51.0906 4872 KSecDD - ok
19:18:52.0062 4872 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
19:18:52.0062 4872 Lavasoft Kernexplorer - ok
19:18:52.0125 4872 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
19:18:52.0125 4872 Lbd - ok
19:18:52.0171 4872 lbrtfdc - ok
19:18:52.0281 4872 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
19:18:52.0281 4872 mdmxsdk - ok
19:18:52.0390 4872 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:18:52.0390 4872 mnmdd - ok
19:18:52.0531 4872 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:18:52.0531 4872 Modem - ok
19:18:52.0562 4872 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:18:52.0562 4872 Mouclass - ok
19:18:52.0578 4872 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:18:52.0578 4872 mouhid - ok
19:18:52.0609 4872 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:18:52.0609 4872 MountMgr - ok
19:18:52.0640 4872 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
19:18:52.0656 4872 mraid35x - ok
19:18:52.0671 4872 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:18:52.0671 4872 MRxDAV - ok
19:18:52.0750 4872 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:18:52.0750 4872 MRxSmb - ok
19:18:52.0796 4872 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:18:52.0796 4872 Msfs - ok
19:18:52.0843 4872 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:18:52.0843 4872 MSKSSRV - ok
19:18:52.0984 4872 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:18:52.0984 4872 MSPCLOCK - ok
19:18:53.0109 4872 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:18:53.0109 4872 MSPQM - ok
19:18:53.0140 4872 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:18:53.0140 4872 mssmbios - ok
19:18:53.0203 4872 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:18:53.0203 4872 MSTEE - ok
19:18:53.0265 4872 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:18:53.0265 4872 Mup - ok
19:18:53.0328 4872 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:18:53.0328 4872 NABTSFEC - ok
19:18:53.0625 4872 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111106.009\NAVENG.SYS
19:18:53.0625 4872 NAVENG - ok
19:18:53.0765 4872 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111106.009\NAVEX15.SYS
19:18:53.0812 4872 NAVEX15 - ok
19:18:53.0968 4872 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:18:53.0968 4872 NDIS - ok
19:18:54.0031 4872 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:18:54.0031 4872 NdisIP - ok
19:18:54.0140 4872 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:18:54.0140 4872 NdisTapi - ok
19:18:54.0203 4872 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:18:54.0203 4872 Ndisuio - ok
19:18:54.0234 4872 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:18:54.0250 4872 NdisWan - ok
19:18:54.0328 4872 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:18:54.0328 4872 NDProxy - ok
19:18:54.0421 4872 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:18:54.0421 4872 NetBIOS - ok
19:18:54.0531 4872 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:18:54.0531 4872 NetBT - ok
19:18:54.0703 4872 NETw4x32 (b5ab1108b377b5f3d37409fabda01453) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
19:18:54.0781 4872 NETw4x32 - ok
19:18:54.0875 4872 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:18:54.0875 4872 NIC1394 - ok
19:18:54.0937 4872 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys
19:18:54.0937 4872 nmwcd - ok
19:18:55.0031 4872 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys
19:18:55.0046 4872 nmwcdc - ok
19:18:55.0156 4872 nmwcdnsu (338f83ee9cb9e15eeacf0cbb90218cbf) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
19:18:55.0156 4872 nmwcdnsu - ok
19:18:55.0250 4872 nmwcdnsuc (d15bac979144fb69ed28f97b2dd84d48) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
19:18:55.0250 4872 nmwcdnsuc - ok
19:18:55.0328 4872 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:18:55.0328 4872 Npfs - ok
19:18:55.0421 4872 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:18:55.0453 4872 Ntfs - ok
19:18:55.0515 4872 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:18:55.0515 4872 Null - ok
19:18:55.0781 4872 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:18:55.0906 4872 nv - ok
19:18:56.0296 4872 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:18:56.0296 4872 NwlnkFlt - ok
19:18:56.0468 4872 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:18:56.0468 4872 NwlnkFwd - ok
19:18:56.0609 4872 OEM02Dev (9d20fa5d8875f6063aa5e1c44446f698) C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys
19:18:56.0625 4872 OEM02Dev - ok
19:18:56.0640 4872 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys
19:18:56.0640 4872 OEM02Vfx - ok
19:18:56.0703 4872 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:18:56.0718 4872 ohci1394 - ok
19:18:56.0765 4872 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:18:56.0765 4872 Parport - ok
19:18:56.0781 4872 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:18:56.0781 4872 PartMgr - ok
19:18:56.0812 4872 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:18:56.0812 4872 ParVdm - ok
19:18:56.0875 4872 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
19:18:56.0875 4872 pccsmcfd - ok
19:18:56.0890 4872 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:18:56.0906 4872 PCI - ok
19:18:56.0906 4872 PCIDump - ok
19:18:56.0953 4872 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:18:56.0953 4872 PCIIde - ok
19:18:57.0062 4872 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:18:57.0062 4872 Pcmcia - ok
19:18:57.0125 4872 Pcouffin - ok
19:18:57.0187 4872 PDCOMP - ok
19:18:57.0203 4872 PDFRAME - ok
19:18:57.0218 4872 PDRELI - ok
19:18:57.0234 4872 PDRFRAME - ok
19:18:57.0265 4872 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
19:18:57.0265 4872 perc2 - ok
19:18:57.0296 4872 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
19:18:57.0296 4872 perc2hib - ok
19:18:57.0375 4872 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:18:57.0375 4872 PptpMiniport - ok
19:18:57.0421 4872 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:18:57.0421 4872 PSched - ok
19:18:57.0437 4872 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:18:57.0437 4872 Ptilink - ok
19:18:57.0500 4872 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:18:57.0515 4872 PxHelp20 - ok
19:18:57.0546 4872 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
19:18:57.0546 4872 ql1080 - ok
19:18:57.0562 4872 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
19:18:57.0562 4872 Ql10wnt - ok
19:18:57.0593 4872 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
19:18:57.0593 4872 ql12160 - ok
19:18:57.0609 4872 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
19:18:57.0625 4872 ql1240 - ok
19:18:57.0656 4872 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
19:18:57.0656 4872 ql1280 - ok
19:18:57.0750 4872 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:18:57.0750 4872 RasAcd - ok
19:18:57.0859 4872 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:18:57.0859 4872 Rasl2tp - ok
19:18:57.0906 4872 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:18:57.0906 4872 RasPppoe - ok
19:18:57.0968 4872 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:18:57.0968 4872 Raspti - ok
19:18:58.0046 4872 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:18:58.0046 4872 Rdbss - ok
19:18:58.0062 4872 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:18:58.0078 4872 RDPCDD - ok
19:18:58.0109 4872 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:18:58.0125 4872 rdpdr - ok
19:18:58.0203 4872 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
19:18:58.0203 4872 RDPWD - ok
19:18:58.0250 4872 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:18:58.0265 4872 redbook - ok
19:18:58.0343 4872 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
19:18:58.0343 4872 rimmptsk - ok
19:18:58.0406 4872 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
19:18:58.0406 4872 rimsptsk - ok
19:18:58.0500 4872 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
19:18:58.0500 4872 rismxdp - ok
19:18:58.0640 4872 RTLWUSB (691db86b09e13ca5d3e8881141738cc5) C:\WINDOWS\system32\DRIVERS\wg111v2.sys
19:18:58.0656 4872 RTLWUSB - ok
19:18:58.0765 4872 s24trans (eadfb87f911a7a75d1b80617f92901e8) C:\WINDOWS\system32\DRIVERS\s24trans.sys
19:18:58.0765 4872 s24trans - ok
19:18:58.0875 4872 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
19:18:58.0875 4872 sdbus - ok
19:18:58.0968 4872 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:18:58.0968 4872 Secdrv - ok
19:18:59.0125 4872 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:18:59.0125 4872 serenum - ok
19:18:59.0218 4872 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:18:59.0218 4872 Serial - ok
19:18:59.0281 4872 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
19:18:59.0281 4872 sffdisk - ok
19:18:59.0296 4872 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
19:18:59.0312 4872 sffp_sd - ok
19:18:59.0328 4872 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
19:18:59.0328 4872 Sfloppy - ok
19:18:59.0359 4872 Simbad - ok
19:18:59.0406 4872 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
19:18:59.0406 4872 sisagp - ok
19:18:59.0484 4872 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:18:59.0484 4872 SLIP - ok
19:18:59.0718 4872 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
19:18:59.0734 4872 Sparrow - ok
19:18:59.0828 4872 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:18:59.0828 4872 splitter - ok
19:18:59.0859 4872 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:18:59.0875 4872 sr - ok
19:19:00.0015 4872 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSP.SYS
19:19:00.0031 4872 SRTSP - ok
19:19:00.0093 4872 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS
19:19:00.0093 4872 SRTSPX - ok
19:19:00.0234 4872 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:19:00.0250 4872 Srv - ok
19:19:00.0437 4872 STHDA (58f855684e163466a5c565adf0865536) C:\WINDOWS\system32\drivers\sthda.sys
19:19:00.0500 4872 STHDA - ok
19:19:00.0671 4872 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:19:00.0671 4872 streamip - ok
19:19:00.0718 4872 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:19:00.0734 4872 swenum - ok
19:19:00.0765 4872 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:19:00.0765 4872 swmidi - ok
19:19:00.0812 4872 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
19:19:00.0812 4872 symc810 - ok
19:19:00.0843 4872 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
19:19:00.0843 4872 symc8xx - ok
19:19:00.0953 4872 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS
19:19:00.0968 4872 SymDS - ok
19:19:01.0078 4872 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS
19:19:01.0109 4872 SymEFA - ok
19:19:01.0203 4872 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
19:19:01.0203 4872 SymEvent - ok
19:19:01.0296 4872 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS
19:19:01.0296 4872 SymIRON - ok
19:19:01.0406 4872 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMTDI.SYS
19:19:01.0421 4872 SYMTDI - ok
19:19:01.0500 4872 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
19:19:01.0515 4872 sym_hi - ok
19:19:01.0609 4872 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
19:19:01.0609 4872 sym_u3 - ok
19:19:01.0687 4872 SynTP (936cd58395d36659bb798b961ef7357f) C:\WINDOWS\system32\DRIVERS\SynTP.sys
19:19:01.0687 4872 SynTP - ok
19:19:01.0765 4872 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:19:01.0781 4872 sysaudio - ok
19:19:01.0875 4872 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:19:01.0875 4872 Tcpip - ok
19:19:01.0968 4872 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:19:01.0968 4872 TDPIPE - ok
19:19:01.0984 4872 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:19:02.0000 4872 TDTCP - ok
19:19:02.0031 4872 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:19:02.0031 4872 TermDD - ok
19:19:02.0125 4872 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
19:19:02.0140 4872 TosIde - ok
19:19:02.0328 4872 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:19:02.0328 4872 Udfs - ok
19:19:02.0421 4872 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
19:19:02.0421 4872 ultra - ok
19:19:02.0546 4872 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:19:02.0546 4872 Update - ok
19:19:02.0687 4872 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
19:19:02.0687 4872 upperdev - ok
19:19:02.0875 4872 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
19:19:02.0875 4872 USBAAPL - ok
19:19:02.0890 4872 usbbus - ok
19:19:03.0000 4872 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:19:03.0000 4872 usbccgp - ok
19:19:03.0015 4872 UsbDiag - ok
19:19:03.0046 4872 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:19:03.0046 4872 usbehci - ok
19:19:03.0093 4872 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:19:03.0093 4872 usbhub - ok
19:19:03.0109 4872 USBModem - ok
19:19:03.0156 4872 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:19:03.0156 4872 usbprint - ok
19:19:03.0171 4872 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:19:03.0171 4872 usbscan - ok
19:19:03.0218 4872 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
19:19:03.0234 4872 usbser - ok
19:19:03.0296 4872 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
19:19:03.0296 4872 UsbserFilt - ok
19:19:03.0328 4872 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:19:03.0328 4872 USBSTOR - ok
19:19:03.0406 4872 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:19:03.0406 4872 usbuhci - ok
19:19:03.0515 4872 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
19:19:03.0515 4872 usbvideo - ok
19:19:03.0640 4872 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:19:03.0640 4872 VgaSave - ok
19:19:03.0671 4872 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
19:19:03.0671 4872 viaagp - ok
19:19:03.0703 4872 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
19:19:03.0703 4872 ViaIde - ok
19:19:03.0781 4872 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:19:03.0781 4872 VolSnap - ok
19:19:03.0812 4872 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:19:03.0828 4872 Wanarp - ok
19:19:03.0906 4872 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
19:19:03.0921 4872 Wdf01000 - ok
19:19:04.0015 4872 WDICA - ok
19:19:04.0062 4872 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:19:04.0062 4872 wdmaud - ok
19:19:04.0234 4872 winachsf (96aff1738271755a39b52eef7e35f98f) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
19:19:04.0281 4872 winachsf - ok
19:19:04.0468 4872 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
19:19:04.0468 4872 WmiAcpi - ok
19:19:04.0562 4872 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
19:19:04.0562 4872 WpdUsb - ok
19:19:04.0671 4872 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:19:04.0687 4872 WSTCODEC - ok
19:19:04.0796 4872 WudfPf (50eb9e21963b4f06fd010d007d54351b) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:19:04.0812 4872 WudfPf - ok
19:19:04.0875 4872 WUDFRd (6e209664bdea8a15b5e8e480d6c607c2) C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
19:19:04.0875 4872 WUDFRd - ok
19:19:04.0984 4872 zgwhsdiag (d5030e0598d4108e26220490e97f7598) C:\WINDOWS\system32\DRIVERS\zgwhsdiag.sys
19:19:04.0984 4872 zgwhsdiag - ok
19:19:05.0125 4872 zgwhsmdm (d5030e0598d4108e26220490e97f7598) C:\WINDOWS\system32\DRIVERS\zgwhsmdm.sys
19:19:05.0125 4872 zgwhsmdm - ok
19:19:05.0250 4872 zgwhsnmea (d5030e0598d4108e26220490e97f7598) C:\WINDOWS\system32\DRIVERS\zgwhsnmea.sys
19:19:05.0250 4872 zgwhsnmea - ok
19:19:05.0312 4872 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:19:05.0593 4872 \Device\Harddisk0\DR0 - ok
19:19:05.0593 4872 Boot (0x1200) (4af07962eb1ad56c6d4360b32dbd68ca) \Device\Harddisk0\DR0\Partition0
19:19:05.0593 4872 \Device\Harddisk0\DR0\Partition0 - ok
19:19:05.0593 4872 ============================================================
19:19:05.0593 4872 Scan finished
19:19:05.0593 4872 ============================================================
19:19:05.0625 2948 Detected object count: 1
19:19:05.0625 2948 Actual detected object count: 1
19:19:21.0734 2948 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\afd.sys) error 1813
19:19:23.0937 2948 Backup copy found, using it..
19:19:23.0984 2948 C:\WINDOWS\System32\drivers\afd.sys - will be cured on reboot
19:19:23.0984 2948 AFD ( Rootkit.Win32.ZAccess.h ) - User select action: Cure
19:21:22.0359 1664 Deinitialize success
  • 0

#8
azarl
Posted 07 November 2011 - 04:25 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Can you ensure that you've rebooted please then run ASWMBR again, scan and post the log please
  • 0

#9
bradkc
Posted 07 November 2011 - 01:51 PM

bradkc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
The little threat message stopped appearing after I ran TDSSKiller and reboot the computer. Log of aswMBR-

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-08 05:45:37
-----------------------------
05:45:37.781 OS Version: Windows 5.1.2600 Service Pack 3
05:45:37.781 Number of processors: 2 586 0xF0D
05:45:37.796 ComputerName: KACIENBRAD UserName:
05:46:31.421 Initialize success
05:47:27.750 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
05:47:27.750 Disk 0 Vendor: FUJITSU_MHW2160BH 0085001C Size: 152627MB BusType: 3
05:47:29.843 Disk 0 MBR read successfully
05:47:29.843 Disk 0 MBR scan
05:47:29.859 Disk 0 Windows XP default MBR code
05:47:30.046 Disk 0 scanning sectors +312576705
05:47:30.281 Disk 0 scanning C:\WINDOWS\system32\drivers
05:48:24.000 Service scanning
05:48:28.312 Service BPIKSp50 D:\BPIKSp50.sys **LOCKED** 21
05:48:30.125 Modules scanning
05:49:07.812 Disk 0 trace - called modules:
05:49:07.859 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
05:49:07.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad5dab8]
05:49:07.859 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8ad5e940]
05:49:07.875 Scan finished successfully
05:50:20.265 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Kacie and Brad\Desktop\MBR.dat"
05:50:20.281 The log file has been saved successfully to "C:\Documents and Settings\Kacie and Brad\Desktop\aswMBR.txtv2.txt"
  • 0

#10
azarl
Posted 08 November 2011 - 02:42 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts

The little threat message stopped appearing after I ran TDSSKiller and reboot the computer. Log of aswMBR-

We killed the rootkit :)

» Step 1 «
Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

» Step 2 «
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

» Step 3 «
ESET Scanner
Please run a free online scan with the ESET Online Scanner
Note: Use Internet Explorer for this scan. (If you need to use Firefox or Opera, click on the download icon to download the ESET Installer and save to your desktop. When the download is complete double-click on the icon on the desktop.)
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

  • 0

#11
bradkc
Posted 08 November 2011 - 05:00 PM

bradkc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Step 1 - Done. Also rebooted.

Step 2 - I already have and regularly use Malware Bytes. Log of scan:-
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8105

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/11/2011 7:10:07 PM
mbam-log-2011-11-08 (19-10-07).txt

Scan type: Quick scan
Objects scanned: 184382
Time elapsed: 8 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Step 3 -

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e2ec06d91ca14242878a63aeb37c801c
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-08 10:20:46
# local_time=2011-11-08 08:20:46 (+1000, E. Australia Standard Time)
# country="Australia"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3589 16777213 100 84 0 71406575 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=81203
# found=5
# cleaned=5
# scan_time=3564
C:\Documents and Settings\Kacie and Brad\Application Data\F933EBA15791B28CC779D1DC33256DDB\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Kacie and Brad\Application Data\F933EBA15791B28CC779D1DC33256DDB\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Kacie and Brad\Desktop\OTHER\SoftonicDownloader_for_kaspersky-tdsskiller.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Kacie and Brad\Desktop\Programs\FreeYouTubeDownloaderSetup.exe Win32/Toolbar.Zugo application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Common Files\ZugoInstaller.exe Win32/Toolbar.Zugo application (deleted - quarantined) 00000000000000000000000000000000 C
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e2ec06d91ca14242878a63aeb37c801c
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-08 08:49:28
# local_time=2011-11-09 06:49:28 (+1000, E. Australia Standard Time)
# country="Australia"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3589 16777213 100 84 0 71443510 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=88899
# found=0
# cleaned=0
# scan_time=4352
  • 0

#12
azarl
Posted 09 November 2011 - 02:43 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Looks clean - you are clear or seem to be. Please advise me if you still have any problems.

OTL Cleanup
Run OTL and click the cleanup button. It will remove all the programmes we have used plus itself.

Preventing re-infection
Now that your system is clear, there are a number of steps you can take to prevent re-infection

It is critical that you have both a firewall and anti virus to protect your system and to keep them updated.

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Browsers
Consider using FIREFOX or OPERA, both are free to use and are more secure than IE. If you are using Firefox you can stay more secure by adding NoScript and WOT (Web Of Trust). NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.

Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • Run Internet Explorer
  • Click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
Updates
From time to time, software vendors introduce updates for their products. Sometimes these are to enhance the product, but often they are to repair an exploitable vulnerability. You may like to consider installing Secunia PSI. This is a free application (for home users) that sits in the system tray and alerts you when security updates are available, and where from. Secunia PSI can be downloaded from HERE
  • 0

#13
bradkc
Posted 09 November 2011 - 03:02 AM

bradkc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I will look into the browsers, but I've done everything you've suggested above. THANK YOU VERY much for your assistance. You've saved me a massive headache. Much appreciated :)
  • 0

#14
azarl
Posted 09 November 2011 - 03:11 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts

I will look into the browsers, but I've done everything you've suggested above. THANK YOU VERY much for your assistance. You've saved me a massive headache. Much appreciated :)

No problem :yes:
  • 0

#15
azarl
Posted 14 November 2011 - 12:42 PM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP