Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Redirect using google and yahoo [Solved]


  • This topic is locked This topic is locked

#1
Tdub68

Tdub68

    New Member

  • Member
  • Pip
  • 7 posts
Hello,

I have been having a problem getting redirected while using google and yahoo search engines. Below are my logs from OTL, hijackthis, and GMER. I am not sure what to do after this. Any help would be much appreciated. Thank you in advance.

OTL logfile created on: 3/12/2012 6:14:52 AM - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.37 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 51.94% Memory free
4.22 Gb Paging File | 3.25 Gb Available in Paging File | 76.97% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.62 Gb Total Space | 72.63 Gb Free Space | 48.54% Space Free | Partition Type: NTFS
Drive D: | 3.75 Gb Total Space | 1.68 Gb Free Space | 44.84% Space Free | Partition Type: FAT32

Computer Name: TODD-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/12 06:14:14 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
PRC - [2012/02/19 22:20:02 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.2.0.13\ccsvchst.exe
PRC - [2011/02/18 19:38:24 | 000,793,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe
PRC - [2011/02/18 19:37:56 | 000,494,192 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/09/11 19:44:18 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2009/08/19 21:16:40 | 000,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxducoms.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/04/07 15:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/06 18:24:38 | 000,079,872 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ep5c2xvr.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko10.dll
MOD - [2012/02/19 22:20:02 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/20 08:09:27 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/06 12:58:30 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
MOD - [2009/08/19 20:51:16 | 000,155,648 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdudrpp.dll
MOD - [2009/08/19 20:49:36 | 000,081,920 | ---- | M] () -- C:\WINDOWS\system32\lxducaps.dll
MOD - [2009/08/19 20:49:32 | 001,036,288 | ---- | M] () -- C:\WINDOWS\system32\lxdudrs.dll
MOD - [2009/08/19 20:39:44 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\lxducnv4.dll
MOD - [2007/08/21 14:32:44 | 000,098,304 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe -- (N360)
SRV - [2011/02/18 19:38:24 | 000,793,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe -- (wsnm_usbctrl)
SRV - [2011/02/18 19:37:56 | 000,494,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe -- (wsnm)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/09/11 19:44:18 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2009/08/19 21:16:40 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxducoms.exe -- (lxdu_device)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2004/04/07 15:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (jbridgep)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (cpuz132)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/03/11 00:58:33 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120311.017\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/03/11 00:58:33 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120311.017\NAVENG.SYS -- (NAVENG)
DRV - [2012/03/06 17:04:10 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120309.002\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/03/02 14:58:02 | 000,820,856 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120302.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/02/03 22:43:07 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/03 22:43:07 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/11/05 19:20:11 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/20 21:37:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0502000.00D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0502000.00D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0502000.00D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/02/18 19:38:24 | 000,039,984 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmwvusb.sys -- (vmwvusb)
DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMDS.SYS -- (SymDS)
DRV - [2010/11/15 21:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0502000.00D\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/26 22:25:20 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/04/26 22:25:20 | 000,110,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV - [2010/04/26 22:25:20 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010/04/26 22:25:20 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/01/31 22:20:50 | 000,071,040 | R--- | M] (Linksys, A Division of Cisco Systems, Inc ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EG1032xp.sys -- (RTL8023xp)
DRV - [2004/11/17 23:05:38 | 002,297,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/11/15 20:41:54 | 000,036,804 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/11/11 23:02:00 | 000,863,744 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/06/17 18:56:22 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/06/17 18:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 18:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 19:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 16:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsea...GdaIy.K2_D1ITZg
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://search.babylo...m/home?AF=15627
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {f78bf7a8-cf12-4de7-a6da-c463d1b539a7} - C:\Program Files\Dogpile Bundle Toolbar\Helper.dll ()
IE - HKCU\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...search&AF=15627
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...B-DA5C13880CA0
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{76E9350E-0392-9C19-F83A-99BC015260AF}: "URL" = http://www.bing.com/...039&form=ZGAIDF
IE - HKCU\..\SearchScopes\{89B2D841-7FE8-493A-BB00-D50D837CBE0F}: "URL" = http://ws.infospace....r?_iceUrl=true user_id=%userid&tool_id=60231&qkw={searchTerms}
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...il&geo=US&ver=5
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....rchTerms}590048
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:flock|about:myworld|http://geocities.yahoo.com/v/p/edu.html"
FF - prefs.js..extensions.enabledItems: [email protected]:0.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.1
FF - prefs.js..extensions.enabledItems: {b01bf10c-302a-11da-b67b-000d60ca027b}:2.5.2

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ep5c2xvr.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\plugins\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.4.17: C:\Documents and Settings\Owner\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/16 17:28:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/01 18:36:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_5_2 [2012/03/12 06:06:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.0\extensions\\Components: C:\Program Files\Flock\components [2011/12/20 08:43:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.0\extensions\\Plugins: C:\Program Files\Flock\plugins [2011/12/20 08:43:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.5\extensions\\Components: C:\Program Files\Flock\components [2011/12/20 08:43:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.5\extensions\\Plugins: C:\Program Files\Flock\plugins [2011/12/20 08:43:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/19 22:20:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/15 18:49:17 | 000,000,000 | ---D | M]

[2009/09/20 20:03:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/09/20 20:03:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2012/03/07 19:13:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ep5c2xvr.default\extensions
[2011/08/27 10:43:35 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ep5c2xvr.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/11/16 18:16:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ep5c2xvr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/10 17:54:32 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ep5c2xvr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/04/25 09:19:11 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ep5c2xvr.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}
[2012/01/25 23:39:10 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ep5c2xvr.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/03/07 19:13:49 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ep5c2xvr.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/10/14 03:28:31 | 000,000,000 | ---D | M] (My Web Search) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ep5c2xvr.default\extensions\[email protected]
[2011/03/16 09:51:47 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ep5c2xvr.default\extensions\[email protected]
[2012/02/01 19:05:58 | 000,000,000 | ---D | M] (We-Care Reminder) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ep5c2xvr.default\extensions\[email protected]
[2011/11/11 07:46:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRA~1\FLOCK\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRA~1\FLOCK\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRA~1\FLOCK\EXTENSIONS\[email protected]
[2012/02/19 22:20:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/11/21 19:23:59 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/10/19 17:27:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/11 07:46:49 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/07 22:55:10 | 000,000,882 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 94.63.147.16 www.google.com
O1 - Hosts: 94.63.147.17 www.bing.com
O2 - BHO: (IE7Pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.2.0.13\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Dogpile Bundle Toolbar BHO) - {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - C:\Program Files\Dogpile Bundle Toolbar\Toolbar.dll ()
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (Dogpile Bundle Toolbar) - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files\Dogpile Bundle Toolbar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Dogpile Bundle Toolbar) - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files\Dogpile Bundle Toolbar\Toolbar.dll ()
O4 - HKCU..\Run: [Mail.com] C:\Program Files\mail.com\mcalert.exe -auto File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\run_startmenu.cmd ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &Search - ?s=100000345&p=ZLxdm256YYUS&si=1579&a=1wB9qIRGdaIy.K2_D1ITZg&n=2011042620 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O9 - Extra Button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBC355D8-C011-4193-AEED-5A122414DFFA}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - logonui.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - wlnotify.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - msnsspc.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wsauth) - C:\WINDOWS\System32\wsauth.dll (VMware, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 14:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O33 - MountPoints2\{60eaae51-c2d0-11e0-a627-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{60eaae51-c2d0-11e0-a627-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{60eaae51-c2d0-11e0-a627-00038a000015}\Shell\AutoRun\command - "" = F:\TLBootstrap_WPP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/11 22:32:31 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/03/11 21:58:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/03/11 21:58:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/03/11 21:58:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/03/11 21:58:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/03/11 21:57:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/03/11 21:56:57 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/03/11 21:54:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/11 21:53:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Administrative Tools
[2012/03/11 20:29:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/03/11 15:12:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2012/03/11 15:11:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/11 15:11:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/03/11 15:11:47 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/11 15:11:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/10 19:16:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/03/10 19:16:13 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/03/10 19:16:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/03/10 13:49:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\N360_BACKUP
[2012/03/06 21:42:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\American General
[2012/03/06 20:59:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Wells Fargo Student Loan
[2012/03/06 20:46:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Consumers Energy
[2012/02/29 22:52:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/02/29 22:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/02/29 19:10:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/02/29 08:10:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2012/02/26 12:48:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\H&R Block 2011
[2012/02/26 12:47:36 | 000,000,000 | ---D | C] -- C:\Program Files\HRBlock2011
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/12 06:20:00 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2012/03/12 06:17:28 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/12 06:06:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/12 06:06:00 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2288967359-2276481897-1919252991-1003.job
[2012/03/12 06:05:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/12 06:05:09 | 2548,617,216 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/12 05:05:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/11 22:33:04 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2012/03/11 19:39:08 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\np1o2m70.exe
[2012/03/11 19:14:50 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2012/03/11 19:00:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2012/03/11 15:11:50 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/11 09:16:32 | 000,444,794 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/11 09:16:32 | 000,072,544 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/10 21:30:53 | 000,005,299 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012/03/10 20:59:52 | 000,000,955 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy (for blind users).lnk
[2012/03/10 20:59:52 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/03/10 20:59:52 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2012/03/06 08:07:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/05 20:46:42 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2288967359-2276481897-1919252991-1003.job
[2012/03/04 10:28:00 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2012/02/29 07:56:16 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/27 23:16:10 | 003,213,193 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\2001-Chevrolet-Tahoe.pdf
[2012/02/26 12:48:29 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\H&R Block 2011.lnk
[2012/02/19 19:31:00 | 000,000,670 | ---- | M] () -- C:\WINDOWS\tasks\SymInstallStub.job
[2012/02/19 17:31:39 | 000,002,177 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SymInstallStub.lnk
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/11 22:32:53 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2012/03/11 22:32:41 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/03/11 21:58:04 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/03/11 21:58:04 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/03/11 21:58:04 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/03/11 21:58:04 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/03/11 21:58:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/03/11 19:38:55 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\np1o2m70.exe
[2012/03/11 15:11:50 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/10 21:30:08 | 000,005,299 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/03/10 20:59:52 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy (for blind users).lnk
[2012/03/10 19:16:27 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/03/10 19:16:26 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2012/02/29 08:15:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/27 23:16:10 | 003,213,193 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\2001-Chevrolet-Tahoe.pdf
[2012/02/26 12:48:29 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\H&R Block 2011.lnk
[2012/02/19 17:31:39 | 000,002,183 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\SymInstallStub.lnk
[2012/02/19 17:31:39 | 000,002,177 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SymInstallStub.lnk
[2012/02/19 17:31:39 | 000,000,670 | ---- | C] () -- C:\WINDOWS\tasks\SymInstallStub.job
[2011/10/29 18:15:38 | 000,000,337 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2011/05/18 17:25:44 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/18 17:20:42 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/14 11:45:41 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2011/02/06 13:01:55 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2011/02/06 12:58:30 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2011/02/06 12:58:30 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2010/12/24 01:03:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2010/11/21 19:24:35 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll

========== Files - Unicode (All) ==========
[2009/09/12 14:46:19 | 000,032,256 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Franklin ?.doc) -- C:\Documents and Settings\Owner\My Documents\Franklin Δ.doc
[2008/09/25 21:44:58 | 000,032,256 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Franklin ?.doc) -- C:\Documents and Settings\Owner\My Documents\Franklin Δ.doc

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:43:54 PM, on 3/11/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxducoms.exe
C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe
C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsea...GdaIy.K2_D1ITZg
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: FCToolbarURLSearchHook Class - {f78bf7a8-cf12-4de7-a6da-c463d1b539a7} - C:\Program Files\Dogpile Bundle Toolbar\Helper.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: 94.63.147.16 www.google.com
O1 - Hosts: 94.63.147.17 www.bing.com
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.2.0.13\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.2.0.13\IPS\IPSBHO.DLL
O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: FCTBPos00Pos - {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - C:\Program Files\Dogpile Bundle Toolbar\Toolbar.dll
O2 - BHO: WeCareReminder - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O3 - Toolbar: Dogpile Bundle Toolbar - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files\Dogpile Bundle Toolbar\Toolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.0.13\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Mail.com] C:\Program Files\mail.com\mcalert.exe -auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: run_startmenu.cmd
O8 - Extra context menu item: &Search - ?s=100000345&p=ZLxdm256YYUS&si=1579&a=1wB9qIRGdaIy.K2_D1ITZg&n=2011042620
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdu_device - - C:\WINDOWS\system32\lxducoms.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: VMware View Client (wsnm) - VMware, Inc. - C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
O23 - Service: VMware View USB Control (wsnm_usbctrl) - VMware, Inc. - C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10434 bytes

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-11 21:34:16
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort4 HDS722516VLAT20 rev.V34OA6MA
Running: 0z3y8f6h.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kxtdipob.sys


---- System - GMER 1.0.15 ----

SSDT 894DD188 ZwAlertResumeThread
SSDT 894DAA90 ZwAlertThread
SSDT 89FB64F0 ZwAllocateVirtualMemory
SSDT 894A9620 ZwAssignProcessToJobObject
SSDT 8A432E18 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xA637D710]
SSDT 8A9E6078 ZwCreateMutant
SSDT 894BB888 ZwCreateSymbolicLinkObject
SSDT 894B3F50 ZwCreateThread
SSDT 894B5098 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xA637D990]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA637DEF0]
SSDT 895290F8 ZwDuplicateObject
SSDT 894B5498 ZwFreeVirtualMemory
SSDT 894DD1C0 ZwImpersonateAnonymousToken
SSDT 894C6690 ZwImpersonateThread
SSDT 8A444918 ZwLoadDriver
SSDT 894B53F8 ZwMapViewOfSection
SSDT 894CC2D8 ZwOpenEvent
SSDT 894B5858 ZwOpenProcess
SSDT 894E3930 ZwOpenProcessToken
SSDT 894BE640 ZwOpenSection
SSDT 894B57C8 ZwOpenThread
SSDT 894BB918 ZwProtectVirtualMemory
SSDT 894A5340 ZwResumeThread
SSDT 894A94D0 ZwSetContextThread
SSDT 894A7568 ZwSetInformationProcess
SSDT 8A5967F8 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA637E140]
SSDT 8A012470 ZwSuspendProcess
SSDT 894CEF00 ZwSuspendThread
SSDT 894CAC08 ZwTerminateProcess
SSDT 894D5138 ZwTerminateThread
SSDT 894CAB18 ZwUnmapViewOfSection
SSDT 89FB6460 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
init C:\WINDOWS\System32\Drivers\sunkfilt.sys entry point in "init" section [0xAC82E300]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1376] kernel32.dll!WriteFile 7C810E27 5 Bytes JMP 0090000C
.text C:\WINDOWS\System32\svchost.exe[1376] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 02E9000A
.text C:\WINDOWS\System32\svchost.exe[1376] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 02EA000A
.text C:\WINDOWS\System32\svchost.exe[1376] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 02EB000A
.text C:\WINDOWS\System32\svchost.exe[1376] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 00D9000A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1792] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 106C01A3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1792] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 106C0135 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1792] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 10450924 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1792] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10450ECF C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2292] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 0527003A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2292] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 052700F7
.text C:\Program Files\Mozilla Firefox\firefox.exe[2292] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 016A5B60 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2292] kernel32.dll!VirtualProtectEx + 6E 7C801ACF 7 Bytes JMP 052703D2
.text C:\Program Files\Mozilla Firefox\firefox.exe[2292] kernel32.dll!ReadProcessMemory + 3E 7C80220E 7 Bytes JMP 052701B0
.text C:\Program Files\Mozilla Firefox\firefox.exe[2292] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 0527031C
.text C:\Program Files\Mozilla Firefox\firefox.exe[2292] kernel32.dll!GetVersionExA + D3 7C812C51 7 Bytes JMP 05270488
.text C:\Program Files\Mozilla Firefox\firefox.exe[2292] kernel32.dll!GetProcessHandleCount + 35 7C86229F 7 Bytes JMP 05270266

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A9CB2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A9CB2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8A9CB2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8A9CB2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort4 8A9CB2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort5 8A9CB2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP5T1L0-14 8A9CB2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP5T0L0-c 8A9CB2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP4T0L0-1f 8A9CB2C6

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 [email protected] code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

Once again thank you, I hope I have done this correctly. Please advise me if I should be sending this in a different format.
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello Tdub68 and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Verify Driver Digital Signature
    • Detect TDLFS file system
  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post aswMBR.txt in your next reply
  • Also, ZIP MBR.dat it creates and attach it to your next reply

Step 3

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

#3
Tdub68

Tdub68

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you for your help. I went through your instructions you provided and below are the things you asked for. I also had an error occur when I was running TDSSKiller.exe. I included that as well. Thanks again for your help.


Error:
Windows - No Disk
Exception Processing Message c0000013 Parameters 75b6b7c 4 75b6bf7c 75b6bf7c

Cancel Retry Continue

I chose continue a bunch of time until it finally continued.

Below is the TDSSKiller Log

18:08:47.0375 3800 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
18:08:48.0343 3800 ============================================================
18:08:48.0343 3800 Current date / time: 2012/03/12 18:08:48.0343
18:08:48.0343 3800 SystemInfo:
18:08:48.0343 3800
18:08:48.0343 3800 OS Version: 5.1.2600 ServicePack: 3.0
18:08:48.0343 3800 Product type: Workstation
18:08:48.0343 3800 ComputerName: TODD-PC
18:08:48.0343 3800 UserName: Owner
18:08:48.0343 3800 Windows directory: C:\WINDOWS
18:08:48.0343 3800 System windows directory: C:\WINDOWS
18:08:48.0343 3800 Processor architecture: Intel x86
18:08:48.0343 3800 Number of processors: 1
18:08:48.0343 3800 Page size: 0x1000
18:08:48.0343 3800 Boot type: Normal boot
18:08:48.0343 3800 ============================================================
18:08:50.0203 3800 Drive \Device\Harddisk0\DR0 - Size: 0x2658AE0000 (153.39 Gb), SectorSize: 0x200, Cylinders: 0x4E37, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:08:50.0281 3800 \Device\Harddisk0\DR0:
18:08:50.0281 3800 MBR used
18:08:50.0281 3800 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x781D6A, BlocksNum 0x12B3ED4C
18:08:50.0281 3800 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x781D2B
18:08:50.0546 3800 Initialize success
18:08:50.0546 3800 ============================================================
18:09:39.0812 3276 ============================================================
18:09:39.0812 3276 Scan started
18:09:39.0812 3276 Mode: Manual; SigCheck; TDLFS;
18:09:39.0812 3276 ============================================================
18:09:40.0109 3276 Abiosdsk - ok
18:09:40.0171 3276 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
18:09:41.0609 3276 abp480n5 - ok
18:09:41.0765 3276 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:09:41.0921 3276 ACPI - ok
18:09:42.0078 3276 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:09:42.0234 3276 ACPIEC - ok
18:09:42.0500 3276 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
18:09:42.0640 3276 adpu160m - ok
18:09:42.0812 3276 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:09:42.0953 3276 aec - ok
18:09:43.0109 3276 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:09:43.0156 3276 AFD - ok
18:09:43.0375 3276 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:09:43.0500 3276 agp440 - ok
18:09:43.0656 3276 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
18:09:43.0796 3276 agpCPQ - ok
18:09:43.0968 3276 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
18:09:44.0031 3276 Aha154x - ok
18:09:44.0187 3276 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
18:09:44.0328 3276 aic78u2 - ok
18:09:44.0484 3276 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
18:09:44.0640 3276 aic78xx - ok
18:09:44.0875 3276 ALCXWDM (933933288df5ed26d1928215c97d05c7) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
18:09:45.0140 3276 ALCXWDM - ok
18:09:45.0359 3276 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
18:09:45.0500 3276 AliIde - ok
18:09:45.0656 3276 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
18:09:45.0781 3276 alim1541 - ok
18:09:45.0953 3276 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
18:09:46.0078 3276 amdagp - ok
18:09:46.0234 3276 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
18:09:46.0328 3276 amsint - ok
18:09:46.0515 3276 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:09:46.0640 3276 Arp1394 - ok
18:09:46.0781 3276 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
18:09:46.0937 3276 asc - ok
18:09:47.0093 3276 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
18:09:47.0140 3276 asc3350p - ok
18:09:47.0359 3276 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
18:09:47.0500 3276 asc3550 - ok
18:09:47.0671 3276 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:09:47.0796 3276 AsyncMac - ok
18:09:47.0953 3276 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:09:48.0062 3276 atapi - ok
18:09:48.0187 3276 Atdisk - ok
18:09:48.0296 3276 ati2mtag (dcd26b36ce305b718e2f1c56c19df668) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:09:48.0390 3276 ati2mtag - ok
18:09:48.0531 3276 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:09:48.0656 3276 Atmarpc - ok
18:09:48.0812 3276 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:09:48.0968 3276 audstub - ok
18:09:49.0125 3276 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:09:49.0296 3276 Beep - ok
18:09:49.0500 3276 BHDrvx86 (eb7f1f1dfa95c25d762c22d3cf13d4e0) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120302.001\BHDrvx86.sys
18:09:49.0562 3276 BHDrvx86 - ok
18:09:49.0750 3276 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
18:09:49.0906 3276 cbidf - ok
18:09:50.0062 3276 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:09:50.0218 3276 cbidf2k - ok
18:09:50.0515 3276 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
18:09:50.0578 3276 cd20xrnt - ok
18:09:50.0750 3276 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:09:50.0890 3276 Cdaudio - ok
18:09:51.0046 3276 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:09:51.0171 3276 Cdfs - ok
18:09:51.0406 3276 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:09:51.0437 3276 Cdrom - ok
18:09:51.0562 3276 Changer - ok
18:09:51.0734 3276 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
18:09:51.0906 3276 CmdIde - ok
18:09:52.0093 3276 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
18:09:52.0281 3276 Cpqarray - ok
18:09:52.0453 3276 cpuz132 - ok
18:09:52.0640 3276 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
18:09:52.0796 3276 dac2w2k - ok
18:09:52.0953 3276 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
18:09:53.0109 3276 dac960nt - ok
18:09:53.0453 3276 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:09:53.0578 3276 Disk - ok
18:09:53.0781 3276 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:09:53.0953 3276 dmboot - ok
18:09:54.0109 3276 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:09:54.0250 3276 dmio - ok
18:09:54.0406 3276 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:09:54.0562 3276 dmload - ok
18:09:54.0718 3276 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:09:54.0843 3276 DMusic - ok
18:09:55.0000 3276 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
18:09:55.0156 3276 dpti2o - ok
18:09:55.0343 3276 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:09:55.0468 3276 drmkaud - ok
18:09:55.0640 3276 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:09:55.0656 3276 eeCtrl - ok
18:09:55.0828 3276 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:09:55.0828 3276 EraserUtilRebootDrv - ok
18:09:56.0015 3276 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:09:56.0140 3276 Fastfat - ok
18:09:56.0375 3276 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:09:56.0500 3276 Fdc - ok
18:09:56.0656 3276 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:09:56.0781 3276 Fips - ok
18:09:56.0937 3276 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:09:57.0062 3276 Flpydisk - ok
18:09:57.0234 3276 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:09:57.0359 3276 FltMgr - ok
18:09:57.0531 3276 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:09:57.0671 3276 Fs_Rec - ok
18:09:57.0843 3276 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:09:58.0000 3276 Ftdisk - ok
18:09:58.0156 3276 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:09:58.0156 3276 GEARAspiWDM - ok
18:09:58.0328 3276 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:09:58.0453 3276 Gpc - ok
18:09:58.0625 3276 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:09:58.0750 3276 HidUsb - ok
18:09:58.0937 3276 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
18:09:59.0078 3276 hpn - ok
18:09:59.0265 3276 HSFHWBS2 (33dfc0afa95f9a2c753ff2adb7d4a21f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
18:09:59.0312 3276 HSFHWBS2 - ok
18:09:59.0515 3276 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
18:09:59.0625 3276 HSF_DP - ok
18:09:59.0781 3276 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:09:59.0828 3276 HTTP - ok
18:09:59.0984 3276 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
18:10:00.0109 3276 i2omgmt - ok
18:10:00.0296 3276 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
18:10:00.0421 3276 i2omp - ok
18:10:00.0578 3276 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:10:00.0703 3276 i8042prt - ok
18:10:00.0921 3276 IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120309.002\IDSxpx86.sys
18:10:00.0937 3276 IDSxpx86 - ok
18:10:01.0109 3276 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:10:01.0234 3276 Imapi - ok
18:10:01.0421 3276 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
18:10:01.0578 3276 ini910u - ok
18:10:01.0734 3276 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:10:01.0859 3276 IntelIde - ok
18:10:02.0046 3276 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:10:02.0156 3276 Ip6Fw - ok
18:10:02.0359 3276 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:10:02.0515 3276 IpFilterDriver - ok
18:10:02.0656 3276 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:10:02.0765 3276 IpInIp - ok
18:10:02.0937 3276 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:10:03.0078 3276 IpNat - ok
18:10:03.0250 3276 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:10:03.0390 3276 IPSec - ok
18:10:03.0531 3276 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:10:03.0656 3276 IRENUM - ok
18:10:03.0812 3276 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:10:03.0953 3276 isapnp - ok
18:10:04.0109 3276 jbridgep - ok
18:10:04.0281 3276 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:10:04.0406 3276 Kbdclass - ok
18:10:04.0578 3276 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:10:04.0687 3276 kmixer - ok
18:10:04.0859 3276 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:10:04.0906 3276 KSecDD - ok
18:10:05.0281 3276 lbrtfdc - ok
18:10:05.0468 3276 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
18:10:05.0500 3276 mdmxsdk - ok
18:10:05.0671 3276 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:10:05.0812 3276 mnmdd - ok
18:10:05.0984 3276 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:10:06.0109 3276 Modem - ok
18:10:06.0281 3276 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:10:06.0421 3276 Mouclass - ok
18:10:06.0578 3276 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:10:06.0718 3276 MountMgr - ok
18:10:06.0875 3276 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
18:10:07.0031 3276 mraid35x - ok
18:10:07.0187 3276 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:10:07.0312 3276 MRxDAV - ok
18:10:07.0484 3276 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:10:07.0562 3276 MRxSmb - ok
18:10:07.0718 3276 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:10:07.0843 3276 Msfs - ok
18:10:08.0000 3276 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:10:08.0125 3276 MSKSSRV - ok
18:10:08.0328 3276 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:10:08.0453 3276 MSPCLOCK - ok
18:10:08.0593 3276 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:10:08.0718 3276 MSPQM - ok
18:10:08.0875 3276 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:10:09.0000 3276 mssmbios - ok
18:10:09.0203 3276 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:10:09.0265 3276 Mup - ok
18:10:09.0437 3276 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys
18:10:09.0578 3276 mxnic - ok
18:10:09.0765 3276 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120312.003\NAVENG.SYS
18:10:09.0765 3276 NAVENG - ok
18:10:10.0031 3276 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120312.003\NAVEX15.SYS
18:10:10.0140 3276 NAVEX15 - ok
18:10:10.0343 3276 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:10:10.0484 3276 NDIS - ok
18:10:10.0640 3276 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:10:10.0671 3276 NdisTapi - ok
18:10:10.0828 3276 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:10:10.0953 3276 Ndisuio - ok
18:10:11.0125 3276 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:10:11.0265 3276 NdisWan - ok
18:10:11.0421 3276 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:10:11.0453 3276 NDProxy - ok
18:10:11.0625 3276 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:10:11.0750 3276 NetBIOS - ok
18:10:11.0906 3276 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:10:12.0031 3276 NetBT - ok
18:10:12.0218 3276 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:10:12.0359 3276 NIC1394 - ok
18:10:12.0531 3276 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:10:12.0640 3276 Npfs - ok
18:10:12.0828 3276 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:10:12.0968 3276 Ntfs - ok
18:10:13.0125 3276 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:10:13.0312 3276 Null - ok
18:10:13.0578 3276 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:10:13.0859 3276 nv - ok
18:10:14.0015 3276 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:10:14.0171 3276 NwlnkFlt - ok
18:10:14.0468 3276 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:10:14.0625 3276 NwlnkFwd - ok
18:10:14.0796 3276 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:10:14.0921 3276 ohci1394 - ok
18:10:15.0078 3276 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
18:10:15.0218 3276 P3 - ok
18:10:15.0437 3276 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:10:15.0562 3276 Parport - ok
18:10:15.0718 3276 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:10:15.0843 3276 PartMgr - ok
18:10:15.0984 3276 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:10:16.0140 3276 ParVdm - ok
18:10:16.0406 3276 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:10:16.0531 3276 PCI - ok
18:10:16.0656 3276 PCIDump - ok
18:10:16.0718 3276 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:10:16.0875 3276 PCIIde - ok
18:10:17.0031 3276 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:10:17.0140 3276 Pcmcia - ok
18:10:17.0328 3276 PDCOMP - ok
18:10:17.0453 3276 PDFRAME - ok
18:10:17.0484 3276 PDRELI - ok
18:10:17.0609 3276 PDRFRAME - ok
18:10:17.0656 3276 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
18:10:17.0812 3276 perc2 - ok
18:10:17.0968 3276 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
18:10:18.0140 3276 perc2hib - ok
18:10:18.0421 3276 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:10:18.0546 3276 PptpMiniport - ok
18:10:18.0703 3276 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
18:10:18.0828 3276 Processor - ok
18:10:19.0000 3276 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:10:19.0125 3276 PSched - ok
18:10:19.0312 3276 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:10:19.0468 3276 Ptilink - ok
18:10:19.0625 3276 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:10:19.0640 3276 PxHelp20 - ok
18:10:19.0796 3276 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
18:10:19.0968 3276 ql1080 - ok
18:10:20.0109 3276 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
18:10:20.0281 3276 Ql10wnt - ok
18:10:20.0437 3276 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
18:10:20.0593 3276 ql12160 - ok
18:10:20.0750 3276 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
18:10:20.0906 3276 ql1240 - ok
18:10:21.0062 3276 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
18:10:21.0234 3276 ql1280 - ok
18:10:21.0421 3276 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:10:21.0578 3276 RasAcd - ok
18:10:21.0750 3276 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:10:21.0859 3276 Rasl2tp - ok
18:10:22.0015 3276 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:10:22.0140 3276 RasPppoe - ok
18:10:22.0328 3276 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:10:22.0500 3276 Raspti - ok
18:10:22.0671 3276 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:10:22.0796 3276 Rdbss - ok
18:10:22.0953 3276 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:10:23.0109 3276 RDPCDD - ok
18:10:23.0390 3276 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:10:23.0515 3276 rdpdr - ok
18:10:23.0687 3276 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:10:23.0734 3276 RDPWD - ok
18:10:23.0890 3276 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:10:24.0046 3276 redbook - ok
18:10:24.0187 3276 RTL8023xp (223d721e1334425df479b58123c9e886) C:\WINDOWS\system32\DRIVERS\EG1032xp.sys
18:10:24.0218 3276 RTL8023xp - ok
18:10:24.0406 3276 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
18:10:24.0531 3276 rtl8139 - ok
18:10:24.0718 3276 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:10:24.0859 3276 Secdrv - ok
18:10:25.0031 3276 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:10:25.0156 3276 serenum - ok
18:10:25.0531 3276 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:10:25.0656 3276 Serial - ok
18:10:25.0828 3276 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:10:25.0953 3276 Sfloppy - ok
18:10:26.0125 3276 Simbad - ok
18:10:26.0484 3276 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
18:10:26.0609 3276 sisagp - ok
18:10:26.0765 3276 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
18:10:26.0828 3276 Sparrow - ok
18:10:26.0984 3276 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:10:27.0125 3276 splitter - ok
18:10:27.0484 3276 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:10:27.0671 3276 sr - ok
18:10:27.0859 3276 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0502000.00D\SRTSP.SYS
18:10:27.0890 3276 SRTSP - ok
18:10:28.0062 3276 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0502000.00D\SRTSPX.SYS
18:10:28.0062 3276 SRTSPX - ok
18:10:28.0250 3276 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:10:28.0421 3276 Srv - ok
18:10:28.0562 3276 sscdbus (ffe42941e0326c322f40b0b79a46493c) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
18:10:28.0578 3276 sscdbus - ok
18:10:28.0734 3276 sscdmdfl (a68e7d87adfbb8c50d88cd58230c6819) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
18:10:28.0734 3276 sscdmdfl - ok
18:10:28.0875 3276 sscdmdm (b534b24151281856ec2f69ed3d6d60dd) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
18:10:28.0890 3276 sscdmdm - ok
18:10:29.0109 3276 sscdserd (d04bd59f28c78e2e66632092cafc0a2b) C:\WINDOWS\system32\DRIVERS\sscdserd.sys
18:10:29.0140 3276 sscdserd - ok
18:10:29.0453 3276 SunkFilt (86ca1a5c15a5a98d5533945fb1120b05) C:\WINDOWS\System32\Drivers\sunkfilt.sys
18:10:29.0453 3276 SunkFilt ( UnsignedFile.Multi.Generic ) - warning
18:10:29.0453 3276 SunkFilt - detected UnsignedFile.Multi.Generic (1)
18:10:29.0671 3276 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:10:29.0812 3276 swenum - ok
18:10:29.0953 3276 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:10:30.0078 3276 swmidi - ok
18:10:30.0265 3276 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
18:10:30.0406 3276 symc810 - ok
18:10:30.0562 3276 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
18:10:30.0750 3276 symc8xx - ok
18:10:30.0921 3276 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMDS.SYS
18:10:30.0953 3276 SymDS - ok
18:10:31.0140 3276 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMEFA.SYS
18:10:31.0203 3276 SymEFA - ok
18:10:31.0500 3276 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
18:10:31.0531 3276 SymEvent - ok
18:10:31.0781 3276 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0502000.00D\Ironx86.SYS
18:10:31.0796 3276 SymIRON - ok
18:10:32.0015 3276 SYMTDI (336cace58f0359d5cbb1ae6b8a2fb205) C:\WINDOWS\System32\Drivers\N360\0502000.00D\SYMTDI.SYS
18:10:32.0046 3276 SYMTDI - ok
18:10:32.0203 3276 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
18:10:32.0375 3276 sym_hi - ok
18:10:32.0703 3276 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
18:10:32.0859 3276 sym_u3 - ok
18:10:33.0015 3276 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:10:33.0156 3276 sysaudio - ok
18:10:33.0437 3276 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:10:33.0531 3276 Tcpip - ok
18:10:33.0671 3276 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:10:33.0796 3276 TDPIPE - ok
18:10:33.0953 3276 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:10:34.0109 3276 TDTCP - ok
18:10:34.0296 3276 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:10:34.0531 3276 TermDD - ok
18:10:34.0875 3276 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
18:10:35.0031 3276 TosIde - ok
18:10:35.0203 3276 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:10:35.0343 3276 Udfs - ok
18:10:35.0468 3276 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
18:10:35.0546 3276 ultra - ok
18:10:35.0828 3276 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:10:36.0062 3276 Update - ok
18:10:36.0281 3276 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:10:36.0406 3276 USBAAPL - ok
18:10:36.0562 3276 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:10:36.0687 3276 usbccgp - ok
18:10:36.0859 3276 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:10:36.0984 3276 usbehci - ok
18:10:37.0140 3276 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:10:37.0296 3276 usbhub - ok
18:10:37.0468 3276 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:10:37.0593 3276 usbohci - ok
18:10:37.0765 3276 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:10:37.0906 3276 usbprint - ok
18:10:38.0125 3276 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:10:38.0281 3276 usbscan - ok
18:10:38.0562 3276 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:10:38.0718 3276 USBSTOR - ok
18:10:39.0031 3276 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:10:39.0171 3276 usbuhci - ok
18:10:39.0656 3276 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:10:39.0812 3276 VgaSave - ok
18:10:40.0093 3276 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
18:10:40.0250 3276 viaagp - ok
18:10:40.0562 3276 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
18:10:40.0687 3276 ViaIde - ok
18:10:40.0859 3276 vmwvusb (6ba3ed102ab24310a0259c8f9e29d5b8) C:\WINDOWS\system32\Drivers\vmwvusb.sys
18:10:40.0875 3276 vmwvusb - ok
18:10:41.0031 3276 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:10:41.0156 3276 VolSnap - ok
18:10:41.0546 3276 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:10:41.0671 3276 Wanarp - ok
18:10:41.0843 3276 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
18:10:41.0875 3276 wanatw - ok
18:10:42.0046 3276 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
18:10:42.0078 3276 Wdf01000 - ok
18:10:42.0187 3276 WDICA - ok
18:10:42.0359 3276 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:10:42.0546 3276 wdmaud - ok
18:10:42.0718 3276 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
18:10:42.0812 3276 winachsf - ok
18:10:43.0093 3276 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:10:43.0265 3276 WS2IFSL - ok
18:10:43.0578 3276 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:10:43.0625 3276 WudfPf - ok
18:10:43.0781 3276 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:10:43.0812 3276 WudfRd - ok
18:10:43.0843 3276 MBR (0x1B8) (6c6d144f827d7eaa303e8f77bd248ea8) \Device\Harddisk0\DR0
18:10:43.0859 3276 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
18:10:43.0859 3276 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
18:10:43.0890 3276 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:10:43.0890 3276 \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:10:43.0921 3276 Boot (0x1200) (61605476e4d25a16bc967c1205e4690a) \Device\Harddisk0\DR0\Partition0
18:10:43.0921 3276 \Device\Harddisk0\DR0\Partition0 - ok
18:10:43.0921 3276 Boot (0x1200) (1be64efdf209316ccdd7038143c0d284) \Device\Harddisk0\DR0\Partition1
18:10:43.0937 3276 \Device\Harddisk0\DR0\Partition1 - ok
18:10:43.0937 3276 ============================================================
18:10:43.0937 3276 Scan finished
18:10:43.0937 3276 ============================================================
18:10:44.0062 3216 Detected object count: 3
18:10:44.0062 3216 Actual detected object count: 3
18:12:51.0656 3216 SunkFilt ( UnsignedFile.Multi.Generic ) - skipped by user
18:12:51.0656 3216 SunkFilt ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:12:51.0718 3216 \Device\Harddisk0\DR0\# - copied to quarantine
18:12:51.0718 3216 \Device\Harddisk0\DR0 - copied to quarantine
18:12:51.0812 3216 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
18:12:51.0843 3216 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
18:12:51.0859 3216 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
18:12:51.0859 3216 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
18:12:51.0859 3216 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
18:12:51.0875 3216 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
18:12:51.0875 3216 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
18:12:51.0906 3216 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
18:12:51.0906 3216 \Device\Harddisk0\DR0 - ok
18:14:31.0515 3216 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
18:14:31.0531 3216 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:14:31.0531 3216 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
18:14:42.0500 0380 Deinitialize success

I will put the aswMBR log in another post.

Thanks,
TDUB
  • 0

#4
Tdub68

Tdub68

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello again,

I wasn't sure if you wanted the file attached as a Zip or just a copy posted to this so I included both.

Thanks again for all your help.

aswMBR log:

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-12 18:23:25
-----------------------------
18:23:25.843 OS Version: Windows 5.1.2600 Service Pack 3
18:23:25.843 Number of processors: 1 586 0x1F00
18:23:25.843 ComputerName: TODD-PC UserName: Owner
18:23:27.359 Initialize success
18:29:38.453 AVAST engine defs: 12031200
18:29:44.468 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-1f
18:29:44.468 Disk 0 Vendor: HDS722516VLAT20 V34OA6MA Size: 157066MB BusType: 3
18:29:44.484 Disk 0 MBR read successfully
18:29:44.484 Disk 0 MBR scan
18:29:44.546 Disk 0 unknown MBR code
18:29:44.562 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 153213 MB offset 7871850
18:29:44.562 Disk 0 Partition 2 00 0B FAT32 RECOVERY 3843 MB offset 63
18:29:44.562 Disk 0 scanning sectors +321653430
18:29:44.656 Disk 0 scanning C:\WINDOWS\system32\drivers
18:29:58.406 Service scanning
18:30:33.281 Modules scanning
18:30:53.375 Disk 0 trace - called modules:
18:30:53.375 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
18:30:53.734 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ab1dab8]
18:30:53.734 3 CLASSPNP.SYS[ba168fd7] -> nt!IofCallDriver -> \Device\0000008d[0x8ab1e9e8]
18:30:53.734 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-1f[0x8ab12940]
18:30:54.437 AVAST engine scan C:\WINDOWS
18:31:09.421 AVAST engine scan C:\WINDOWS\system32
18:34:27.312 AVAST engine scan C:\WINDOWS\system32\drivers
18:34:46.015 AVAST engine scan C:\Documents and Settings\Owner
18:46:21.890 AVAST engine scan C:\Documents and Settings\All Users
18:55:54.343 Scan finished successfully
19:05:06.421 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
19:05:06.437 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

Attached Files


  • 0

#5
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Tdub68,

I also had an error occur when I was running TDSSKiller.exe. I included that as well.


This was probably generated by malware when we tried to remove it.

Step 1

Please try to run TDSSKiller one more time and post log. I need to see what's left behind after first run.

Step 2

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe &amp; follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Step 3

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#6
Tdub68

Tdub68

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello maliprog,

I did a few test after running these two programs. I am not getting redirected anymore. Everything seems to be running great. Thank you so much I really appreciate it. Now, I included the one log below and I will be sending you the other log in another post. After you look at everything and if it looks good how do I stop this from happening again? I have Norton 360 as for viruses. Should I be running something else? Once again thank you so much for your help.


TDSSKiller Log:

17:55:36.0687 1124 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
17:55:38.0156 1124 ============================================================
17:55:38.0156 1124 Current date / time: 2012/03/13 17:55:38.0156
17:55:38.0156 1124 SystemInfo:
17:55:38.0156 1124
17:55:38.0156 1124 OS Version: 5.1.2600 ServicePack: 3.0
17:55:38.0156 1124 Product type: Workstation
17:55:38.0156 1124 ComputerName: TODD-PC
17:55:38.0156 1124 UserName: Owner
17:55:38.0156 1124 Windows directory: C:\WINDOWS
17:55:38.0156 1124 System windows directory: C:\WINDOWS
17:55:38.0156 1124 Processor architecture: Intel x86
17:55:38.0156 1124 Number of processors: 1
17:55:38.0156 1124 Page size: 0x1000
17:55:38.0156 1124 Boot type: Normal boot
17:55:38.0156 1124 ============================================================
17:55:40.0875 1124 Drive \Device\Harddisk0\DR0 - Size: 0x2658AE0000 (153.39 Gb), SectorSize: 0x200, Cylinders: 0x4E37, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:55:40.0937 1124 \Device\Harddisk0\DR0:
17:55:40.0953 1124 MBR used
17:55:40.0953 1124 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x781D6A, BlocksNum 0x12B3ED4C
17:55:40.0953 1124 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x781D2B
17:55:41.0156 1124 Initialize success
17:55:41.0156 1124 ============================================================
17:55:49.0421 3144 ============================================================
17:55:49.0421 3144 Scan started
17:55:49.0421 3144 Mode: Manual; SigCheck; TDLFS;
17:55:49.0421 3144 ============================================================
17:55:49.0750 3144 Abiosdsk - ok
17:55:49.0906 3144 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
17:55:52.0062 3144 abp480n5 - ok
17:55:52.0218 3144 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:55:52.0375 3144 ACPI - ok
17:55:52.0515 3144 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:55:52.0656 3144 ACPIEC - ok
17:55:52.0812 3144 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
17:55:52.0968 3144 adpu160m - ok
17:55:53.0125 3144 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:55:53.0312 3144 aec - ok
17:55:53.0484 3144 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:55:53.0531 3144 AFD - ok
17:55:53.0765 3144 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
17:55:53.0906 3144 agp440 - ok
17:55:54.0171 3144 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
17:55:54.0296 3144 agpCPQ - ok
17:55:54.0515 3144 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
17:55:54.0609 3144 Aha154x - ok
17:55:54.0765 3144 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
17:55:54.0937 3144 aic78u2 - ok
17:55:55.0109 3144 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
17:55:55.0234 3144 aic78xx - ok
17:55:55.0968 3144 ALCXWDM (933933288df5ed26d1928215c97d05c7) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
17:55:57.0203 3144 ALCXWDM - ok
17:55:57.0390 3144 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
17:55:57.0546 3144 AliIde - ok
17:55:57.0796 3144 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
17:55:57.0937 3144 alim1541 - ok
17:55:58.0187 3144 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
17:55:58.0312 3144 amdagp - ok
17:55:58.0546 3144 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
17:55:58.0609 3144 amsint - ok
17:55:58.0781 3144 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:55:58.0906 3144 Arp1394 - ok
17:55:59.0234 3144 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
17:55:59.0421 3144 asc - ok
17:55:59.0687 3144 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
17:55:59.0765 3144 asc3350p - ok
17:56:00.0015 3144 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
17:56:00.0218 3144 asc3550 - ok
17:56:00.0375 3144 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:56:00.0500 3144 AsyncMac - ok
17:56:00.0671 3144 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:56:00.0796 3144 atapi - ok
17:56:00.0921 3144 Atdisk - ok
17:56:01.0437 3144 ati2mtag (dcd26b36ce305b718e2f1c56c19df668) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:56:01.0546 3144 ati2mtag - ok
17:56:01.0734 3144 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:56:01.0875 3144 Atmarpc - ok
17:56:02.0109 3144 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:56:02.0296 3144 audstub - ok
17:56:02.0531 3144 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:56:02.0687 3144 Beep - ok
17:56:02.0953 3144 BHDrvx86 (eb7f1f1dfa95c25d762c22d3cf13d4e0) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120302.001\BHDrvx86.sys
17:56:03.0093 3144 BHDrvx86 - ok
17:56:03.0312 3144 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
17:56:03.0484 3144 cbidf - ok
17:56:03.0656 3144 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:56:03.0812 3144 cbidf2k - ok
17:56:04.0015 3144 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
17:56:04.0125 3144 cd20xrnt - ok
17:56:04.0406 3144 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:56:04.0562 3144 Cdaudio - ok
17:56:04.0765 3144 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:56:04.0906 3144 Cdfs - ok
17:56:05.0187 3144 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:56:05.0250 3144 Cdrom - ok
17:56:05.0421 3144 Changer - ok
17:56:05.0656 3144 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
17:56:05.0875 3144 CmdIde - ok
17:56:06.0062 3144 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
17:56:06.0234 3144 Cpqarray - ok
17:56:06.0546 3144 cpuz132 - ok
17:56:06.0812 3144 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
17:56:06.0984 3144 dac2w2k - ok
17:56:07.0218 3144 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
17:56:07.0390 3144 dac960nt - ok
17:56:07.0640 3144 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:56:07.0781 3144 Disk - ok
17:56:08.0156 3144 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:56:08.0546 3144 dmboot - ok
17:56:08.0781 3144 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:56:08.0921 3144 dmio - ok
17:56:09.0250 3144 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:56:09.0421 3144 dmload - ok
17:56:09.0687 3144 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:56:09.0828 3144 DMusic - ok
17:56:10.0078 3144 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
17:56:10.0234 3144 dpti2o - ok
17:56:10.0437 3144 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:56:10.0562 3144 drmkaud - ok
17:56:10.0718 3144 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
17:56:10.0765 3144 eeCtrl - ok
17:56:10.0937 3144 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:56:10.0937 3144 EraserUtilRebootDrv - ok
17:56:11.0312 3144 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:56:11.0468 3144 Fastfat - ok
17:56:11.0656 3144 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:56:11.0781 3144 Fdc - ok
17:56:12.0078 3144 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:56:12.0203 3144 Fips - ok
17:56:12.0359 3144 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:56:12.0500 3144 Flpydisk - ok
17:56:12.0703 3144 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:56:12.0828 3144 FltMgr - ok
17:56:13.0078 3144 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:56:13.0250 3144 Fs_Rec - ok
17:56:13.0484 3144 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:56:13.0687 3144 Ftdisk - ok
17:56:13.0968 3144 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:56:14.0015 3144 GEARAspiWDM - ok
17:56:14.0390 3144 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:56:14.0500 3144 Gpc - ok
17:56:14.0765 3144 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:56:14.0921 3144 HidUsb - ok
17:56:15.0171 3144 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
17:56:15.0312 3144 hpn - ok
17:56:15.0562 3144 HSFHWBS2 (33dfc0afa95f9a2c753ff2adb7d4a21f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
17:56:15.0656 3144 HSFHWBS2 - ok
17:56:15.0968 3144 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
17:56:16.0328 3144 HSF_DP - ok
17:56:16.0578 3144 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:56:16.0640 3144 HTTP - ok
17:56:16.0859 3144 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
17:56:17.0000 3144 i2omgmt - ok
17:56:17.0203 3144 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
17:56:17.0421 3144 i2omp - ok
17:56:17.0640 3144 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:56:17.0765 3144 i8042prt - ok
17:56:18.0015 3144 IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120310.001\IDSxpx86.sys
17:56:18.0046 3144 IDSxpx86 - ok
17:56:18.0203 3144 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:56:18.0343 3144 Imapi - ok
17:56:18.0531 3144 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
17:56:18.0687 3144 ini910u - ok
17:56:18.0875 3144 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:56:19.0000 3144 IntelIde - ok
17:56:19.0203 3144 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:56:19.0343 3144 Ip6Fw - ok
17:56:19.0593 3144 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:56:19.0750 3144 IpFilterDriver - ok
17:56:19.0968 3144 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:56:20.0109 3144 IpInIp - ok
17:56:20.0484 3144 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:56:20.0625 3144 IpNat - ok
17:56:20.0921 3144 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:56:21.0062 3144 IPSec - ok
17:56:21.0250 3144 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:56:21.0375 3144 IRENUM - ok
17:56:21.0625 3144 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:56:21.0750 3144 isapnp - ok
17:56:22.0234 3144 jbridgep - ok
17:56:22.0468 3144 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:56:22.0609 3144 Kbdclass - ok
17:56:23.0000 3144 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:56:23.0343 3144 kmixer - ok
17:56:23.0687 3144 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:56:23.0859 3144 KSecDD - ok
17:56:24.0125 3144 lbrtfdc - ok
17:56:24.0468 3144 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
17:56:24.0515 3144 mdmxsdk - ok
17:56:24.0734 3144 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:56:24.0890 3144 mnmdd - ok
17:56:25.0140 3144 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:56:25.0265 3144 Modem - ok
17:56:25.0515 3144 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:56:25.0656 3144 Mouclass - ok
17:56:25.0843 3144 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:56:25.0968 3144 MountMgr - ok
17:56:26.0187 3144 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17:56:26.0359 3144 mraid35x - ok
17:56:26.0609 3144 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:56:26.0734 3144 MRxDAV - ok
17:56:27.0062 3144 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:56:27.0156 3144 MRxSmb - ok
17:56:27.0390 3144 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:56:27.0515 3144 Msfs - ok
17:56:27.0703 3144 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:56:27.0859 3144 MSKSSRV - ok
17:56:28.0046 3144 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:56:28.0203 3144 MSPCLOCK - ok
17:56:28.0453 3144 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:56:28.0562 3144 MSPQM - ok
17:56:28.0843 3144 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:56:28.0968 3144 mssmbios - ok
17:56:29.0250 3144 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:56:29.0312 3144 Mup - ok
17:56:29.0531 3144 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys
17:56:29.0703 3144 mxnic - ok
17:56:29.0984 3144 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120312.035\NAVENG.SYS
17:56:30.0000 3144 NAVENG - ok
17:56:30.0546 3144 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120312.035\NAVEX15.SYS
17:56:30.0640 3144 NAVEX15 - ok
17:56:30.0828 3144 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:56:30.0953 3144 NDIS - ok
17:56:31.0125 3144 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:56:31.0187 3144 NdisTapi - ok
17:56:31.0343 3144 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:56:31.0468 3144 Ndisuio - ok
17:56:31.0625 3144 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:56:31.0750 3144 NdisWan - ok
17:56:31.0906 3144 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:56:31.0953 3144 NDProxy - ok
17:56:32.0156 3144 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:56:32.0281 3144 NetBIOS - ok
17:56:32.0437 3144 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:56:32.0562 3144 NetBT - ok
17:56:32.0750 3144 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:56:32.0875 3144 NIC1394 - ok
17:56:33.0078 3144 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:56:33.0218 3144 Npfs - ok
17:56:33.0421 3144 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:56:33.0562 3144 Ntfs - ok
17:56:33.0812 3144 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:56:33.0968 3144 Null - ok
17:56:34.0375 3144 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:56:34.0906 3144 nv - ok
17:56:35.0125 3144 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:56:35.0296 3144 NwlnkFlt - ok
17:56:35.0531 3144 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:56:35.0687 3144 NwlnkFwd - ok
17:56:35.0875 3144 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:56:36.0031 3144 ohci1394 - ok
17:56:36.0343 3144 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
17:56:36.0468 3144 P3 - ok
17:56:36.0718 3144 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:56:36.0875 3144 Parport - ok
17:56:37.0156 3144 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:56:37.0296 3144 PartMgr - ok
17:56:37.0546 3144 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:56:37.0703 3144 ParVdm - ok
17:56:37.0921 3144 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:56:38.0031 3144 PCI - ok
17:56:38.0250 3144 PCIDump - ok
17:56:38.0406 3144 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:56:38.0562 3144 PCIIde - ok
17:56:38.0781 3144 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:56:38.0921 3144 Pcmcia - ok
17:56:39.0156 3144 PDCOMP - ok
17:56:39.0375 3144 PDFRAME - ok
17:56:39.0515 3144 PDRELI - ok
17:56:39.0781 3144 PDRFRAME - ok
17:56:39.0968 3144 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
17:56:40.0125 3144 perc2 - ok
17:56:40.0296 3144 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
17:56:40.0468 3144 perc2hib - ok
17:56:40.0703 3144 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:56:40.0828 3144 PptpMiniport - ok
17:56:41.0109 3144 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
17:56:41.0234 3144 Processor - ok
17:56:41.0515 3144 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:56:41.0687 3144 PSched - ok
17:56:41.0953 3144 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:56:42.0109 3144 Ptilink - ok
17:56:42.0250 3144 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:56:42.0265 3144 PxHelp20 - ok
17:56:42.0421 3144 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
17:56:42.0578 3144 ql1080 - ok
17:56:42.0734 3144 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
17:56:43.0109 3144 Ql10wnt - ok
17:56:43.0250 3144 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
17:56:43.0437 3144 ql12160 - ok
17:56:43.0593 3144 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
17:56:43.0750 3144 ql1240 - ok
17:56:43.0890 3144 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
17:56:44.0046 3144 ql1280 - ok
17:56:44.0312 3144 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:56:44.0468 3144 RasAcd - ok
17:56:44.0703 3144 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:56:44.0828 3144 Rasl2tp - ok
17:56:45.0109 3144 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:56:45.0250 3144 RasPppoe - ok
17:56:45.0515 3144 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:56:45.0671 3144 Raspti - ok
17:56:45.0937 3144 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:56:46.0062 3144 Rdbss - ok
17:56:46.0265 3144 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:56:46.0421 3144 RDPCDD - ok
17:56:46.0640 3144 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:56:46.0765 3144 rdpdr - ok
17:56:47.0031 3144 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:56:47.0093 3144 RDPWD - ok
17:56:47.0312 3144 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:56:47.0453 3144 redbook - ok
17:56:47.0750 3144 RTL8023xp (223d721e1334425df479b58123c9e886) C:\WINDOWS\system32\DRIVERS\EG1032xp.sys
17:56:47.0812 3144 RTL8023xp - ok
17:56:48.0000 3144 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
17:56:48.0093 3144 rtl8139 - ok
17:56:48.0328 3144 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:56:48.0468 3144 Secdrv - ok
17:56:48.0734 3144 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:56:48.0859 3144 serenum - ok
17:56:49.0093 3144 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:56:49.0218 3144 Serial - ok
17:56:49.0468 3144 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:56:49.0593 3144 Sfloppy - ok
17:56:49.0781 3144 Simbad - ok
17:56:49.0984 3144 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
17:56:50.0109 3144 sisagp - ok
17:56:50.0296 3144 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
17:56:50.0375 3144 Sparrow - ok
17:56:50.0593 3144 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:56:50.0703 3144 splitter - ok
17:56:50.0890 3144 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:56:51.0031 3144 sr - ok
17:56:51.0312 3144 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0502000.00D\SRTSP.SYS
17:56:51.0375 3144 SRTSP - ok
17:56:51.0546 3144 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0502000.00D\SRTSPX.SYS
17:56:51.0625 3144 SRTSPX - ok
17:56:51.0828 3144 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:56:52.0093 3144 Srv - ok
17:56:52.0250 3144 sscdbus (ffe42941e0326c322f40b0b79a46493c) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
17:56:52.0343 3144 sscdbus - ok
17:56:52.0593 3144 sscdmdfl (a68e7d87adfbb8c50d88cd58230c6819) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
17:56:52.0609 3144 sscdmdfl - ok
17:56:52.0828 3144 sscdmdm (b534b24151281856ec2f69ed3d6d60dd) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
17:56:52.0843 3144 sscdmdm - ok
17:56:53.0093 3144 sscdserd (d04bd59f28c78e2e66632092cafc0a2b) C:\WINDOWS\system32\DRIVERS\sscdserd.sys
17:56:53.0125 3144 sscdserd - ok
17:56:53.0390 3144 SunkFilt (86ca1a5c15a5a98d5533945fb1120b05) C:\WINDOWS\System32\Drivers\sunkfilt.sys
17:56:53.0390 3144 SunkFilt ( UnsignedFile.Multi.Generic ) - warning
17:56:53.0390 3144 SunkFilt - detected UnsignedFile.Multi.Generic (1)
17:56:53.0562 3144 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:56:53.0687 3144 swenum - ok
17:56:53.0968 3144 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:56:54.0093 3144 swmidi - ok
17:56:54.0343 3144 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
17:56:54.0484 3144 symc810 - ok
17:56:54.0734 3144 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
17:56:54.0906 3144 symc8xx - ok
17:56:55.0171 3144 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMDS.SYS
17:56:55.0203 3144 SymDS - ok
17:56:55.0390 3144 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMEFA.SYS
17:56:55.0453 3144 SymEFA - ok
17:56:55.0609 3144 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
17:56:55.0625 3144 SymEvent - ok
17:56:55.0796 3144 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0502000.00D\Ironx86.SYS
17:56:55.0812 3144 SymIRON - ok
17:56:56.0000 3144 SYMTDI (336cace58f0359d5cbb1ae6b8a2fb205) C:\WINDOWS\System32\Drivers\N360\0502000.00D\SYMTDI.SYS
17:56:56.0031 3144 SYMTDI - ok
17:56:56.0203 3144 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
17:56:56.0359 3144 sym_hi - ok
17:56:56.0515 3144 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
17:56:56.0671 3144 sym_u3 - ok
17:56:56.0875 3144 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:56:57.0015 3144 sysaudio - ok
17:56:57.0296 3144 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:56:57.0406 3144 Tcpip - ok
17:56:57.0578 3144 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:56:57.0718 3144 TDPIPE - ok
17:56:57.0875 3144 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:56:58.0015 3144 TDTCP - ok
17:56:58.0234 3144 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:56:58.0359 3144 TermDD - ok
17:56:58.0640 3144 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
17:56:58.0796 3144 TosIde - ok
17:56:59.0078 3144 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:56:59.0203 3144 Udfs - ok
17:56:59.0375 3144 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
17:56:59.0453 3144 ultra - ok
17:56:59.0781 3144 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:56:59.0937 3144 Update - ok
17:57:00.0171 3144 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
17:57:00.0250 3144 USBAAPL - ok
17:57:00.0453 3144 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:57:00.0578 3144 usbccgp - ok
17:57:00.0843 3144 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:57:00.0968 3144 usbehci - ok
17:57:01.0187 3144 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:57:01.0312 3144 usbhub - ok
17:57:01.0562 3144 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:57:01.0687 3144 usbohci - ok
17:57:01.0921 3144 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:57:02.0078 3144 usbprint - ok
17:57:02.0328 3144 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:57:02.0437 3144 usbscan - ok
17:57:02.0640 3144 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:57:02.0781 3144 USBSTOR - ok
17:57:03.0046 3144 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:57:03.0156 3144 usbuhci - ok
17:57:03.0375 3144 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:57:03.0531 3144 VgaSave - ok
17:57:03.0687 3144 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
17:57:03.0843 3144 viaagp - ok
17:57:04.0078 3144 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
17:57:04.0203 3144 ViaIde - ok
17:57:04.0406 3144 vmwvusb (6ba3ed102ab24310a0259c8f9e29d5b8) C:\WINDOWS\system32\Drivers\vmwvusb.sys
17:57:04.0406 3144 vmwvusb - ok
17:57:04.0593 3144 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:57:04.0703 3144 VolSnap - ok
17:57:04.0875 3144 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:57:05.0000 3144 Wanarp - ok
17:57:05.0250 3144 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
17:57:05.0281 3144 wanatw - ok
17:57:05.0500 3144 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
17:57:05.0546 3144 Wdf01000 - ok
17:57:05.0734 3144 WDICA - ok
17:57:05.0953 3144 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:57:06.0078 3144 wdmaud - ok
17:57:06.0343 3144 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
17:57:06.0453 3144 winachsf - ok
17:57:06.0750 3144 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:57:06.0906 3144 WS2IFSL - ok
17:57:07.0156 3144 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:57:07.0203 3144 WudfPf - ok
17:57:07.0453 3144 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:57:07.0468 3144 WudfRd - ok
17:57:07.0500 3144 MBR (0x1B8) (b20939cd98b7710036274839082ae757) \Device\Harddisk0\DR0
17:57:07.0562 3144 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:57:07.0562 3144 \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:57:07.0593 3144 Boot (0x1200) (61605476e4d25a16bc967c1205e4690a) \Device\Harddisk0\DR0\Partition0
17:57:07.0593 3144 \Device\Harddisk0\DR0\Partition0 - ok
17:57:07.0593 3144 Boot (0x1200) (1be64efdf209316ccdd7038143c0d284) \Device\Harddisk0\DR0\Partition1
17:57:07.0593 3144 \Device\Harddisk0\DR0\Partition1 - ok
17:57:07.0593 3144 ============================================================
17:57:07.0593 3144 Scan finished
17:57:07.0593 3144 ============================================================
17:57:07.0750 3124 Detected object count: 2
17:57:07.0750 3124 Actual detected object count: 2
17:58:07.0250 3124 SunkFilt ( UnsignedFile.Multi.Generic ) - skipped by user
17:58:07.0250 3124 SunkFilt ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:58:07.0250 3124 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
17:58:07.0250 3124 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
17:58:15.0578 2768 Deinitialize success
  • 0

#7
Tdub68

Tdub68

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here is the ComboFix Log as well. Thanks,

ComboFix 12-03-13.01 - Owner 03/13/2012 18:11:46.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2430.1863 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\documents and settings\All Users\SPL6E.tmp
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ep5c2xvr.default\searchplugins\bing-zugo.xml
c:\documents and settings\Owner\My Documents\~WRL0167.tmp
c:\documents and settings\Owner\My Documents\~WRL2113.tmp
c:\documents and settings\Owner\My Documents\~WRL2575.tmp
c:\documents and settings\Owner\WINDOWS
c:\program files\Mozilla Firefox\components\AskHPRFF.js
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\SET4B.tmp
c:\windows\system32\SET50.tmp
c:\windows\system32\SET57.tmp
c:\windows\system32\SET60.tmp
c:\windows\system32\SET61.tmp
c:\windows\system32\SET62.tmp
c:\windows\system32\SET65.tmp
D:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
.
.
((((((((((((((((((((((((( Files Created from 2012-02-13 to 2012-03-13 )))))))))))))))))))))))))))))))
.
.
2012-03-13 10:06 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-03-13 10:06 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-03-12 22:12 . 2012-03-12 22:12 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-11 19:12 . 2012-03-11 19:12 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2012-03-11 19:11 . 2012-03-11 19:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-03-11 19:11 . 2011-12-10 19:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-11 19:11 . 2012-03-11 19:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-10 23:16 . 2012-03-11 01:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-03-10 23:16 . 2012-03-11 01:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-03-10 17:49 . 2012-03-10 17:49 -------- d-----w- c:\windows\system32\N360_BACKUP
2012-02-26 16:47 . 2012-02-26 16:48 -------- d-----w- c:\program files\HRBlock2011
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 16:53 . 2004-08-26 16:12 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2004-08-26 16:12 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2004-08-26 16:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2004-08-26 16:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2004-08-26 16:11 385024 ----a-w- c:\windows\system32\html.iec
2012-02-20 02:20 . 2011-04-01 13:58 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}"= "c:\program files\Dogpile Bundle Toolbar\Helper.dll" [2011-04-27 357376]
.
[HKEY_CLASSES_ROOT\clsid\{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{C766F9AD-E91E-43DE-91DC-D007680ED4AF}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}]
2011-04-27 00:32 1534976 ----a-w- c:\program files\Dogpile Bundle Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files\Dogpile Bundle Toolbar\Toolbar.dll" [2011-04-27 1534976]
.
[HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files\Dogpile Bundle Toolbar\Toolbar.dll" [2011-04-27 1534976]
.
[HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
run_startmenu.cmd [2004-10-11 45]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest wsauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxducoms.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Dogpile Bundle Toolbar\\TroubleShooter.exe"=
"c:\\Program Files\\Dogpile Bundle Toolbar\\ToolbarUpdate.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\VMware\\VMware View\\Client\\bin\\vmware-remotemks.exe"=
"c:\\Program Files\\VMware\\VMware View\\Client\\bin\\wswc.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502000.00D\symds.sys [1/30/2012 11:10 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502000.00D\symefa.sys [1/30/2012 11:10 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120302.001\BHDrvx86.sys [3/2/2012 2:58 PM 820856]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502000.00D\ironx86.sys [1/30/2012 11:10 PM 136312]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\5.2.0.13\ccsvchst.exe [1/30/2012 11:10 PM 130008]
R2 wsnm;VMware View Client;c:\program files\VMware\VMware View\Client\bin\wsnm.exe [2/18/2011 7:37 PM 494192]
R2 wsnm_usbctrl;VMware View USB Control;c:\program files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe [2/18/2011 7:38 PM 793200]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/9/2012 9:15 PM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120310.001\IDSXpx86.sys [3/12/2012 9:42 PM 356280]
R3 vmwvusb;VMware View Generic USB Driver;c:\windows\system32\drivers\vmwvusb.sys [12/7/2011 9:43 PM 39984]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/15/2010 7:51 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/15/2010 7:51 PM 135664]
S3 jbridgep;jbridgep;\??\c:\docume~1\Owner\LOCALS~1\Temp\jbridgep.sys --> c:\docume~1\Owner\LOCALS~1\Temp\jbridgep.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 15:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-15 23:51]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-15 23:51]
.
2009-09-12 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 09:42]
.
2012-03-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2288967359-2276481897-1919252991-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2012-03-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2288967359-2276481897-1919252991-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZLxdm256YYUS&ptb=1wB9qIRGdaIy.K2_D1ITZg
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ep5c2xvr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZLxdm256YYUS&ptnrS=ZLxdm256YYUS&si=1579&ptb=1wB9qIRGdaIy.K2_D1ITZg&ind=2011042620&n=77de133c&psa=&st=kwd&searchfor=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Mail.com - c:\program files\mail.com\mcalert.exe
AddRemove-Cars - Radiator Springs Adventures - c:\documents and settings\Owner\Desktop\Uninstall_Cars - Radiator Springs Adventures\Uninstall Cars - Radiator Springs Adventures.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-13 18:45
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(788)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\wsauth.dll
.
- - - - - - - > 'lsass.exe'(844)
c:\windows\system32\wsauth.dll
.
- - - - - - - > 'explorer.exe'(632)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\lxducoms.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2012-03-13 18:55:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-13 22:55
.
Pre-Run: 77,455,851,520 bytes free
Post-Run: 80,134,160,384 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptOut
.
- - End Of File - - 4779C6FA09FCF7C27E6C5924E8CDB671
  • 0

#8
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Tdub68,

After you look at everything and if it looks good how do I stop this from happening again? I have Norton 360 as for viruses. Should I be running something else?


Of course. After we remove some leftovers I'll prepare recommendations for you.

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsea...GdaIy.K2_D1ITZg
    [2011/10/14 03:28:31 | 000,000,000 | ---D | M] (My Web Search) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ep5c2xvr.default\extensions\[email protected]
    O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
    O33 - MountPoints2\{60eaae51-c2d0-11e0-a627-00038a000015}\Shell - "" = AutoRun
    O33 - MountPoints2\{60eaae51-c2d0-11e0-a627-00038a000015}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{60eaae51-c2d0-11e0-a627-00038a000015}\Shell\AutoRun\command - "" = F:\TLBootstrap_WPP.exe

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

  • 0

#9
Tdub68

Tdub68

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi again Maliprog,

While running the OTL it came up with another error code as before. I kept clicking continue until it stopped. The OTL log is below.

Thanks so much for all your help.

========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ep5c2xvr.default\extensions\[email protected]\chrome folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ep5c2xvr.default\extensions\[email protected] folder moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D425283-D487-4337-BAB6-AB8354A81457} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
File C:\Program Files\Search Toolbar\SearchToolbar.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{60eaae51-c2d0-11e0-a627-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60eaae51-c2d0-11e0-a627-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{60eaae51-c2d0-11e0-a627-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60eaae51-c2d0-11e0-a627-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{60eaae51-c2d0-11e0-a627-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60eaae51-c2d0-11e0-a627-00038a000015}\ not found.
File F:\TLBootstrap_WPP.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.36.3 log created on 03142012_063008
  • 0

#10
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
&nbsp;&nbsp;
3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#11
Tdub68

Tdub68

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks Maliprog,

I down loaded the updates and I am currently working on getting my external hard drive set up so I can start backing everything up. Thank you so much for your time I really appreciate it. You do amazing work. Take a break and enjoy the coffee. :laughing:

Keep up the good work,

TDub68
  • 0

#12
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Tdub68,

Thank you very much for your donation! I'll take a brake now and drink my fresh coffee :lol: .

Goodbye and stay safe :thumbsup:
  • 0

#13
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP