Suspected Malware. here is my HJT file. can anyone help ?

Equaliser · November 13, 2010

hello all at IObit malware removal forum

I have just used Iobit 360 and used the HJT scan function. It shows some interesting entries. they have concerned me enough for me to post them on this fourm to get a more professional opinion.

Can somebody help me out and let me know if I am right to be concerned ?

I have allowed the viewing of hidden files and folders on my PC

I am using windows7 32bit

Here is my HJT scan log file :

Logfile of IObit HijackScan v1.0.2.0

Scan saved at 21:39:55, on 2010-11-13

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\WLTRYSVC.EXE

C:\Windows\System32\bcmwltry.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe

C:\Users\user\Desktop\Malware Removal Tools\Spybot

C:\Windows\system32\taskhost.exe

C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe

C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\Dwm.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\IObit\Advanced SystemCare 3\Sup_NetworkMon.exe

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\Program Files\IObit\IObit Security 360\is360tray.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\IObit\IObit Security 360\a_hijackscan.exe

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O9 - Extra button: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

O23 - Service: AMD External Events Utility (AMD External Events Utility) - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown -

O23 - Service: Diagnostic Policy Service (DPS) - Unknown -

O23 - Service: Group Policy Client (gpsvc) - Unknown -

O23 - Service: Windows CardSpace (idsvc) - Unknown - %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

O23 - Service: Net.Tcp Port Sharing Service (NetTcpPortSharing) - Unknown - %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe

O23 - Service: Quality Windows Audio Video Experience (QWAVE) - Unknown - %windir%\system32\svchost.exe

O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown -

O23 - Service: Security Accounts Manager (SamSs) - Unknown -

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Unknown - C:\Users\user\Desktop\Malware Removal Tools\Spybot.dll

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe

O23 - Service: Secondary Logon (seclogon) - Unknown - %windir%\system32\svchost.exe

O23 - Service: ThreatFire (ThreatFire) - Unknown - C:\Program Files\PC Tools Security\TFEngine\TFService.exe service

O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown -

O23 - Service: Windows Modules Installer (TrustedInstaller) - Unknown -

O23 - Service: Block Level Backup Engine Service (wbengine) - Unknown - %systemroot%\system32\wbengine.exe

O23 - Service: Diagnostic Service Host (WdiServiceHost) - Unknown -

O23 - Service: Diagnostic System Host (WdiSystemHost) - Unknown -

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown - C:\Windows\System32\WLTRYSVC.EXE %SystemRoot%\System32\bcmwltry.exe

O23 - Service: IS360service (IS360service) - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

Thanks in advance for any help

Equaliser · November 15, 2010

Here are my DDS scan log files:

here is my DDS.txt

DDS (Ver_10-11-10.01) - NTFSx86

Run by user at 23:18:24.61 on 15/11/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3067.2194 [GMT 0:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\WLTRYSVC.EXE

C:\Windows\System32\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe

C:\Users\user\Desktop\Malware Removal Tools\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe

C:\Windows\Explorer.EXE

C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\user\AppData\Local\Apps\2.0\BYLK0ZEV.RJW\R9NJZBPD.GW5\curs..tion_eee711038731a406_0004.0000_1829574f2226d088\CurseClient.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\Program Files\IObit\IObit Security 360\is360tray.exe

C:\Windows\explorer.exe

C:\Users\user\Downloads\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: SpywareGuard Download Protection: {4a368e80-174f-4872-96b5-0b27ddd11db2} - SpywareGuardDLBLOCK.CBrowserHelper

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\users\user\desktop\malware removal tools\spybot - search & destroy\SDHelper.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.1.0.37\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.1.0.37\IPSBHO.DLL

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.1.0.37\coIEPlg.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

StartupFolder: c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\users\user\desktop\malware removal tools\spybot - search & destroy\SDHelper.dll

LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll

SEH: SpywareGuard: {81559c35-8464-49f7-bb0e-07a383bef910} - SpywareGuard.Handler

================= FIREFOX ===================

FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\f1h6cwa1.default\

FF - prefs.js: network.proxy.type - 0

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\coffplgn\components\coFFPlgn.dll

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\ipsffplgn\components\IPSFFPl.dll

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-12 237632]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-11-12 338880]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-11-12 656320]

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-10-28 58472]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1201000.025\SymDS.sys [2010-11-5 339504]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1201000.025\SymEFA.sys [2010-11-5 666672]

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-11-12 51984]

R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-11-12 68880]

R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20101104.001\BHDrvx86.sys [2010-11-4 691248]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20101112.001\IDSvix86.sys [2010-10-19 353840]

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-11-12 249616]

R1 RapportCerberus_19917;RapportCerberus_19917;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus_19917.sys [2010-10-28 34792]

R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2010-10-28 62568]

R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-28 156776]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1201000.025\Ironx86.sys [2010-11-5 134704]

R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nis\1201000.025\symnets.sys [2010-11-5 294448]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-8 176128]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-11-5 102448]

R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2010-7-13 65640]

R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-13 229888]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2010-11-12 70536]

S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-11-12 33552]

=============== Created Last 30 ================

2010-11-13 20:49:40 -------- d-----w- c:\progra~2\IObit

2010-11-13 20:46:45 -------- d-----w- c:\users\user\appdata\roaming\IObit

2010-11-13 20:46:45 -------- d-----w- c:\program files\IObit

2010-11-12 23:11:46 -------- d-----w- c:\program files\MSECache

2010-11-12 21:26:03 -------- d-----w- c:\program files\PC Tools Security

2010-11-12 21:22:21 -------- d-----w- c:\users\user\appdata\roaming\Registry Mechanic

2010-11-12 17:30:09 880640 ----a-w- c:\windows\system32\UniBox10.ocx

2010-11-12 17:30:09 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX

2010-11-12 17:30:09 506368 ----a-w- c:\windows\system32\msxml.dll

2010-11-12 17:30:09 37336 ----a-w- c:\windows\system32\CleanMFT32.exe

2010-11-12 17:30:09 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx

2010-11-12 17:30:09 1101824 ----a-w- c:\windows\system32\UniBox210.ocx

2010-11-12 17:04:18 68880 --s---w- c:\windows\system32\drivers\TfSysMon.sys

2010-11-12 17:04:18 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys

2010-11-12 17:04:18 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys

2010-11-12 17:00:11 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys

2010-11-12 17:00:11 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys

2010-11-12 17:00:09 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2010-11-12 17:00:09 102184 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys

2010-11-12 17:00:05 237632 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2010-11-12 17:00:05 159936 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2010-11-12 16:59:57 87400 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys

2010-11-12 16:59:57 31960 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys

2010-11-12 16:59:57 123712 ----a-w- c:\windows\system32\drivers\pctplfw.sys

2010-11-12 16:59:56 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2010-11-12 16:59:44 -------- d-----w- c:\users\user\appdata\roaming\PC Tools

2010-11-12 16:59:44 -------- d-----w- c:\program files\common files\PC Tools

2010-11-12 16:57:32 -------- d-----w- c:\progra~2\PC Tools

2010-11-12 16:41:25 63536 ----a-w- c:\windows\system32\drivers\SymSMR130.SYS

2010-11-12 16:41:25 0 ----a-w- c:\windows\system32\drivers\SymSMR130.dat

2010-11-12 16:16:05 -------- d-----w- c:\progra~2\RFA_Backups

2010-11-12 16:15:59 -------- d-----w- c:\program files\RFA

2010-11-12 16:15:31 -------- d-----w- c:\users\user\appdata\roaming\Javacool Software

2010-11-12 16:13:57 -------- d-----w- c:\program files\EULAlyzer

2010-11-12 15:53:18 -------- d-----w- c:\program files\SpywareGuard

2010-11-12 15:51:26 -------- d-----w- c:\program files\MRU-Blaster

2010-11-11 17:11:43 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL

2010-11-11 17:09:47 -------- d-----w- c:\progra~2\Spybot - Search & Destroy

2010-11-11 05:02:49 -------- d-sh--w- C:\$RECYCLE.BIN

2010-11-11 05:02:47 -------- d-----w- c:\users\user\appdata\local\temp

2010-11-11 01:26:53 -------- d-----w- c:\users\user\appdata\local\ElevatedDiagnostics

2010-11-11 01:06:34 -------- d-----w- c:\program files\Cisco

2010-11-10 05:01:18 -------- d-----w- c:\users\user\appdata\roaming\AusLogics

2010-11-10 05:00:31 -------- d-----w- c:\program files\Auslogics

2010-11-09 21:37:10 -------- d-----w- c:\users\user\appdata\local\CrashDumps

2010-11-09 18:45:00 -------- d-----w- c:\program files\DellTPad

2010-11-09 18:44:46 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll

2010-11-09 18:44:46 108886 ----a-w- c:\windows\system32\Vxdif.dll

2010-11-09 18:44:45 212528 ----a-w- c:\windows\system32\drivers\Apfiltr.sys

2010-11-08 04:00:43 -------- d-----w- c:\users\user\appdata\roaming\VSRevoGroup

2010-11-08 00:40:25 -------- d-----w- c:\users\user\appdata\local\ATI

2010-11-08 00:38:08 -------- d-----w- c:\program files\ATI

2010-11-07 18:25:04 -------- d-----w- c:\program files\Ventrilo

2010-11-07 18:24:34 -------- d-----w- c:\program files\common files\Wise Installation Wizard

2010-11-07 15:19:32 -------- d-----w- c:\users\user\ISO (Various)

2010-11-06 19:30:44 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes

2010-11-06 19:30:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-06 19:30:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-06 19:30:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-06 19:30:35 -------- d-----w- c:\progra~2\Malwarebytes

2010-11-06 17:53:25 -------- d-----w- c:\windows\pss

2010-11-06 17:43:14 880284 ----a-w- c:\users\user\Universal-USB-Installer-1.8.1.0.exe

2010-11-06 17:15:42 -------- d-----w- c:\users\user\appdata\local\Thunderbird

2010-11-06 17:12:50 -------- d-----w- c:\program files\VS Revo Group

2010-11-06 16:39:04 -------- d-----w- c:\users\user\appdata\roaming\Windows Live Writer

2010-11-06 16:39:04 -------- d-----w- c:\users\user\appdata\local\Windows Live Writer

2010-11-06 16:32:00 3181568 ----a-w- c:\windows\system32\mf.dll

2010-11-06 16:32:00 196608 ----a-w- c:\windows\system32\mfreadwrite.dll

2010-11-06 16:31:57 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL

2010-11-06 16:26:05 -------- d-----w- c:\users\user\appdata\local\Windows Live

2010-11-06 16:26:04 -------- d-----w- c:\program files\common files\Windows Live

2010-11-06 14:14:12 -------- d-----w- c:\users\user\appdata\local\Apps

2010-11-06 14:14:11 -------- d-----w- c:\users\user\appdata\local\Deployment

2010-11-06 06:23:06 -------- d-----w- c:\windows\Panther

2010-11-06 03:28:53 53248 ----a-w- c:\windows\system32\CSVer.dll

2010-11-06 03:28:45 -------- d-----w- C:\Intel

2010-11-06 01:11:11 -------- d-----w- c:\users\user\appdata\local\Diagnostics

2010-11-06 00:32:04 -------- dc--a-w- c:\program files\World of Warcraft

2010-11-06 00:32:04 -------- d-----w- c:\program files\common files\Blizzard Entertainment

2010-11-06 00:31:28 -------- d-----w- c:\progra~2\Blizzard Entertainment

2010-11-06 00:25:45 -------- d-----w- c:\users\user\November 2010 backup folder

2010-11-06 00:10:14 -------- d-----w- c:\program files\CCleaner

2010-11-06 00:01:42 -------- d-----w- c:\users\user\appdata\roaming\Tific

2010-11-05 23:50:18 -------- d-----w- c:\users\user\appdata\roaming\Trusteer

2010-11-05 23:50:11 -------- d-----w- c:\program files\Trusteer

2010-11-05 23:49:08 -------- d-----w- c:\progra~2\Trusteer

2010-11-05 23:45:27 -------- d-----w- c:\users\user\appdata\local\NPE

2010-11-05 23:44:15 35888 ----a-r- c:\windows\system32\drivers\SymIMV.sys

2010-11-05 23:23:34 -------- d-----w- c:\progra~2\Norton

2010-11-05 23:08:39 90112 ----a-w- c:\windows\system32\snymsico.dll

2010-11-05 23:08:39 48128 ----a-w- c:\windows\system32\drivers\rimmptsk.sys

2010-11-05 23:08:39 44544 ----a-w- c:\windows\system32\drivers\rimsptsk.sys

2010-11-05 23:08:39 38400 ----a-w- c:\windows\system32\drivers\rixdptsk.sys

2010-11-05 23:08:39 172032 ----a-w- c:\windows\system32\rixdicon.dll

2010-11-05 23:08:12 -------- d-----w- C:\dell

2010-11-05 23:00:36 -------- d-----w- c:\windows\system32\Wat

2010-11-05 22:58:41 257024 ----a-w- c:\windows\system32\msv1_0.dll

2010-11-05 22:53:05 293376 ----a-w- c:\windows\system32\browserchoice.exe

2010-11-05 22:51:02 -------- d-sh--w- c:\windows\Installer

2010-11-05 22:50:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-11-05 22:50:16 49472 ----a-w- c:\windows\system32\netfxperf.dll

2010-11-05 22:50:16 297808 ----a-w- c:\windows\system32\mscoree.dll

2010-11-05 22:50:16 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2010-11-05 22:50:16 1130824 ----a-w- c:\windows\system32\dfshim.dll

2010-11-05 22:49:59 84992 ----a-w- c:\windows\system32\drivers\sdbus.sys

2010-11-05 22:49:59 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys

2010-11-05 22:49:48 190976 ----a-w- c:\windows\system32\drivers\ks.sys

2010-11-05 22:49:48 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys

2010-11-05 22:47:58 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2010-11-05 22:45:39 70656 ----a-w- c:\windows\system32\fontsub.dll

2010-11-05 22:45:39 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-11-05 22:45:39 293888 ----a-w- c:\windows\system32\atmfd.dll

2010-11-05 22:42:25 132608 ----a-w- c:\windows\system32\cabview.dll

2010-11-05 22:36:03 -------- d-----w- c:\windows\system32\wbem\Performance

2010-11-05 22:27:31 0 ----a-w- c:\windows\ativpsrm.bin

2010-10-28 00:23:26 58472 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

==================== Find3M ====================

2010-10-19 11:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll

2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec

2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2010-09-01 02:34:52 2327552 ----a-w- c:\windows\system32\win32k.sys

2010-08-31 04:32:30 954752 ----a-w- c:\windows\system32\mfc40.dll

2010-08-31 04:32:30 954288 ----a-w- c:\windows\system32\mfc40u.dll

2010-08-27 05:46:48 168448 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-26 04:39:58 109056 ----a-w- c:\windows\system32\t2embed.dll

2010-08-21 05:36:24 224256 ----a-w- c:\windows\system32\schannel.dll

2010-08-21 05:33:24 530432 ----a-w- c:\windows\system32\comctl32.dll

2010-08-21 05:32:37 316928 ----a-w- c:\windows\system32\spoolsv.exe

============= FINISH: 23:20:01.68 ===============

Equaliser · November 15, 2010

Here is my Attach.txt :

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-10.01)

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 05/11/2010 22:35:08

System Uptime: 15/11/2010 19:40:46 (4 hours ago)

Motherboard: Dell Inc. | | 0P786H

Processor: Intel® Core2 Duo CPU T6400 @ 2.00GHz | U2E1 | 2000/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 218 GiB total, 165.339 GiB free.

D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP20: 10/11/2010 02:48:18 - Windows Update

RP22: 12/11/2010 16:16:23 - Registry First Aid backup

RP24: 12/11/2010 17:12:47 - Revo Uninstaller's restore point - SpywareGuard v2.2

RP24: 12/11/2010 21:22:39 - Revo Uninstaller's restore point - Registry Mechanic 10.0

RP26: 12/11/2010 21:42:04 - Revo Uninstaller's restore point - Browser Defender 3.0

RP27: 13/11/2010 03:23:27 - Installed Microsoft Office Word Viewer 2003

RP29: 13/11/2010 20:35:19 - Registry First Aid backup

RP31: 13/11/2010 20:37:02 - Registry First Aid backup

RP33: 13/11/2010 20:47:25 - Advanced SystemCare RestorePoint

==== Installed Programs ======================

Adobe Flash Player 10 Plugin

Advanced SystemCare 3

Auslogics BoostSpeed Special Edition

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCleaner

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Curse Client

Dell Touchpad

Dell Wireless WLAN Card Utility

EULAlyzer 2.0

IObit Security 360

Malwarebytes' Anti-Malware

Microsoft .NET Framework 4 Client Profile

Microsoft Office Word Viewer 2003

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Mozilla Firefox (3.6.12)

Mozilla Thunderbird (3.1.6)

MRU-Blaster v1.5 (Database 3/28/2004)

Norton Internet Security

Rapport

Registry First Aid

Revo Uninstaller 1.90

RICOH Media Driver ver.2.07.01.04

Spybot - Search & Destroy

Spyware Doctor 8.0

SpywareBlaster 4.4

Ventrilo Client

World of Warcraft

==== Event Viewer Messages From Past Week ========

14/11/2010 02:07:35, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

13/11/2010 20:54:14, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

13/11/2010 20:54:14, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-2147217025.

13/11/2010 20:53:40, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

13/11/2010 20:53:40, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-2147218173.

12/11/2010 23:24:41, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

12/11/2010 23:24:39, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

12/11/2010 23:11:47, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

12/11/2010 22:54:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

12/11/2010 22:54:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

12/11/2010 22:54:12, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

12/11/2010 22:54:06, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

12/11/2010 22:53:52, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 discache eeCtrl IDSVix86 spldr SRTSP SRTSPX SymIRON SymNetS TfFsMon TfSysMon Wanarpv6

12/11/2010 21:28:59, Error: Service Control Manager [7030] - The ThreatFire service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

12/11/2010 17:45:54, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.

12/11/2010 17:44:39, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..

11/11/2010 05:00:59, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

11/11/2010 04:56:18, Error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

Equaliser · November 15, 2010

Here is My IObit 360 Full Scan Log file :

IObit Security 360

OS:Windows 7

Version:1.5.0.13

Define Version:1934

Time Elapsed:00:22:25

Objects Scanned:110886

Threats Found:1

Misleading.Antivirus, Registry Key, HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}, 4-31290

I have also used TFC to clean my system before any scans were executed.

I look forward to any assistance

Superdave · November 17, 2010

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.

Registry First Aid

There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

Further reading: XP Fixes Myth #1: Registry Cleaners

***************************************

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)

* Double-click the icon on your desktop to run the installer.

* When asked to Update the program definitions, click Yes

* If you encounter any problems while downloading the updates, manually download and unzip them from here

* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts

* Click the Scanning Control tab.

* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning

•Scan for tracking cookies

•Terminate memory threats before quarantining

•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer

* On the left check the box for the drive you are scanning.

* On the right choose Perform Complete Scan

* Click Next to start the scan. Please be patient while it scans your computer.

* After the scan is complete a summary box will appear. Click OK

* Make sure everything in the white box has a check next to it, then click Next

* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:

•After reboot, double-click the SUPERAntiSpyware icon on your desktop.

•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).

•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)

* Click close and close again to exit the program.

*Copy and Paste the log in your post.

*************************************

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

***************************************

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1

Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.

* Open the Security Check folder and double-click Security Check.bat

* Follow the on-screen instructions inside of the black box.

* A Notepad document should open automatically called checkup.txt

* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Equaliser · November 18, 2010

Hello Here are the various logs i was asked to supply ::

Here is my SUPERAntiSpyware full scan log file :

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 11/18/2010 at 02:38 AM

Application Version : 4.45.1000

Core Rules Database Version : 5879

Trace Rules Database Version: 3691

Scan type : Complete Scan

Total Scan Time : 00:47:28

Memory items scanned : 667

Memory threats detected : 0

Registry items scanned : 6934

Registry threats detected : 1

File items scanned : 63399

File threats detected : 0

System.BrokenFileAssociation

HKCR\.exe

Equaliser · November 18, 2010

here is my Malwarebytes full scan log file :

Malwarebytes' Anti-Malware 1.46

http://www.malwarebytes.org

Database version: 5142

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

18/11/2010 02:49:41

mbam-log-2010-11-18 (02-49-41).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 191745

Time elapsed: 1 hour(s), 0 minute(s), 31 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Equaliser · November 18, 2010

Whilst i was scanning my system with malwarebytes and superantispyware and right after i finished the security scan my windows 7 pc unexpectantly shut itself down. I did not make it close down it done this itself.

I had to perform all three scans of superantispyware and malwarebytes and security scan again. when i restarted windows 7 i was met with an error message stating that windows has recovered from an unexpected shutdown.

it gave me no real explanation why it done this. I am positive and also vey concerned there is some hidden malaware on my system that normal AV and anti spyware scans cannot find.

I was also told by a friend that avanquest makers of registry first aid were giving away a free 1 year licence of registry first aid. i took advantage of this promotion and got a 1year free licence and downloaded and installed registry first aid from the avanquest web site.

Is Registry first aid a safe product to have on my system ??

Can you please help me to fix this

Thanks

Equaliser · November 19, 2010

Here is the security scan checkup.txt scan log file :

Results of screen317's Security Check version 0.99.6

Windows 7 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

Norton Internet Security

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Adobe Flash Player 10.1.102.64

Adobe Reader X

Mozilla Firefox (3.6.12)

Mozilla Thunderbird (3.1.6)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Norton ccSvcHst.exe

Spybot Teatimer.exe is disabled!

user Desktop Malware Removal Tools Spybot - Search & Destroy\SDWinSec.exe

````````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Superdave · November 19, 2010

Is Registry first aid a safe product to have on my system ??

Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.

There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

Further reading: XP Fixes Myth #1: Registry Cleaners

*****************************************

Please download ComboFix http://img7.imageshack.us/img7/4930/combofix.gif from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here

Double-click on commy.exe to run ComboFix.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.

When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

Equaliser · November 19, 2010

Hello dave

here is my combofix/commy scan log file :

ComboFix 10-11-18.05 - User 19/11/2010 18:59:10.2.2 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3067.2239 [GMT 0:00]

Running from: c:\users\User\Desktop\commy.exe

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\oem18.inf

.

((((((((((((((((((((((((( Files Created from 2010-10-19 to 2010-11-19 )))))))))))))))))))))))))))))))

.

2010-11-19 19:02 . 2010-11-19 19:02 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-11-19 18:57 . 2010-11-19 18:58 -------- d-----w- C:\32788R22FWJFW

2010-11-19 15:53 . 2010-11-19 15:53 -------- d-----w- c:\program files\Broadcom

2010-11-19 15:23 . 2009-05-12 14:25 511488 ----a-w- c:\windows\system32\ctapo32.dll

2010-11-19 15:23 . 2009-06-29 12:44 536576 ----a-w- c:\windows\system32\idtmini1.exe

2010-11-19 15:23 . 2009-06-29 12:44 3600384 ----a-w- c:\windows\system32\stlang.dll

2010-11-19 15:23 . 2009-06-29 12:44 12021852 ----a-w- c:\windows\system32\idtcpl.cpl

2010-11-19 15:23 . 2009-05-12 14:26 47104 ----a-w- c:\windows\system32\ctppld.dll

2010-11-19 15:23 . 2009-03-02 12:57 142848 ----a-w- c:\windows\system32\aestacap.dll

2010-11-19 15:23 . 2009-03-02 12:57 61440 ----a-w- c:\windows\system32\aestaren.dll

2010-11-19 15:23 . 2009-03-02 12:47 86016 ----a-w- c:\windows\system32\AESTCom.dll

2010-11-19 15:23 . 2009-03-02 12:08 368640 ----a-w- c:\windows\system32\aestecap.dll

2010-11-19 15:22 . 2010-11-19 15:22 -------- d-----w- c:\windows\system32\SRSLabs

2010-11-19 15:21 . 2009-06-29 12:44 408576 ----a-w- c:\windows\system32\drivers\stwrt.sys

2010-11-19 15:21 . 2010-11-19 15:23 -------- d-----w- c:\program files\IDT

2010-11-19 15:21 . 2009-06-29 12:44 914944 ----a-w- c:\windows\system32\stapo.dll

2010-11-19 15:21 . 2009-06-29 12:44 485888 ------w- c:\windows\system32\stapi32.dll

2010-11-19 15:21 . 2009-06-29 12:44 405504 ----a-w- c:\windows\system32\stcplx.dll

2010-11-19 15:21 . 2009-06-29 12:44 175616 ----a-w- c:\windows\system32\st326217.dll

2010-11-19 15:18 . 2008-11-12 21:23 84008 ----a-w- c:\windows\system32\drivers\btwaudio.sys

2010-11-19 15:18 . 2008-11-12 21:23 109096 ----a-w- c:\windows\system32\drivers\btwavdt.sys

2010-11-19 15:18 . 2008-11-12 21:23 18344 ----a-w- c:\windows\system32\drivers\btwrchid.sys

2010-11-19 15:18 . 2008-07-25 15:41 29736 ----a-w- c:\windows\system32\drivers\btwl2cap.sys

2010-11-19 15:18 . 2008-11-17 19:04 225280 ----a-w- c:\windows\system32\BtwRSupport.dll

2010-11-19 15:18 . 2010-11-19 15:18 -------- d-----w- c:\windows\system32\es-MX

2010-11-19 15:18 . 2010-11-19 15:18 -------- d-----w- c:\windows\system32\es-AR

2010-11-19 15:18 . 2010-11-19 15:18 -------- d-----w- c:\program files\WIDCOMM

2010-11-19 15:15 . 2010-11-19 15:15 -------- d-----w- c:\programdata\Dell

2010-11-19 15:03 . 2010-11-19 15:03 -------- d-----w- c:\program files\Common Files\InstallShield

2010-11-19 15:03 . 2009-03-09 01:06 280096 ----a-w- c:\windows\system32\drivers\OA001Vid.sys

2010-11-19 15:03 . 2009-03-06 15:30 133632 ----a-w- c:\windows\system32\drivers\OA001Ufd.sys

2010-11-19 15:03 . 2009-02-25 01:00 24576 ----a-w- c:\windows\OA001Mon.exe

2010-11-19 15:03 . 2009-02-19 01:02 53248 ----a-w- c:\windows\system32\OA001Pin.dll

2010-11-19 15:03 . 2008-09-24 01:01 32768 ----a-w- c:\windows\OA001Cfg.exe

2010-11-19 15:03 . 2008-08-21 01:01 24576 ----a-w- c:\windows\system32\OA001Srv.exe

2010-11-19 15:03 . 2008-08-01 17:18 94208 ----a-w- c:\windows\CtDrvIns.exe

2010-11-19 15:03 . 2007-12-21 01:00 31256 ----a-w- c:\windows\system32\OA001Pin.crl

2010-11-19 15:03 . 2007-06-08 01:00 148056 ----a-w- c:\windows\system32\drivers\OA001Afx.sys

2010-11-19 14:46 . 2010-11-19 14:46 -------- d-----w- c:\program files\Cisco

2010-11-18 23:41 . 2010-11-18 23:41 -------- d-----w- c:\program files\Common Files\Adobe

2010-11-18 23:22 . 2010-10-28 12:23 2217088 ----a-w- c:\windows\system32\BootMan.exe

2010-11-18 23:22 . 2010-07-15 08:44 86408 ----a-w- c:\windows\system32\setupempdrv03.exe

2010-11-18 23:22 . 2010-07-15 08:44 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys

2010-11-18 23:22 . 2010-07-15 08:44 14216 ----a-w- c:\windows\system32\epmntdrv.sys

2010-11-18 23:22 . 2010-07-15 08:44 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll

2010-11-18 23:22 . 2010-11-18 23:22 -------- d-----w- c:\program files\EASEUS

2010-11-18 23:16 . 2010-11-18 23:17 7644 ----a-w- c:\windows\system32\cleartmp.cmd

2010-11-18 22:24 . 2010-11-19 12:54 -------- d-----w- c:\windows\LDC Driving Test Complete

2010-11-18 22:24 . 2010-11-18 23:32 -------- d-----w- c:\program files\LDC Driving Test Complete

2010-11-18 19:07 . 2010-08-26 12:39 68880 --s---w- c:\windows\system32\drivers\TfSysMon.sys

2010-11-18 19:07 . 2010-08-26 12:39 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys

2010-11-18 19:07 . 2010-08-26 12:39 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys

2010-11-18 19:06 . 2010-09-24 12:19 149456 ----a-w- c:\windows\SGDetectionTool.dll

2010-11-18 19:06 . 2010-09-24 12:19 743376 ----a-w- c:\windows\PCTBDRes.dll

2010-11-18 19:06 . 2010-09-24 12:19 1914832 ----a-w- c:\windows\PCTBDCore.dll

2010-11-18 19:06 . 2010-09-24 12:19 767952 ----a-w- c:\windows\BDTSupport.dll

2010-11-18 17:26 . 2010-07-16 14:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys

2010-11-18 17:26 . 2010-07-16 14:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys

2010-11-18 17:26 . 2010-10-05 11:10 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2010-11-18 17:26 . 2010-08-28 12:28 102184 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys

2010-11-18 17:26 . 2010-09-30 08:58 159936 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2010-11-18 17:26 . 2010-08-18 13:51 237632 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2010-11-18 17:26 . 2010-10-05 11:11 123712 ----a-w- c:\windows\system32\drivers\pctplfw.sys

2010-11-18 17:26 . 2010-09-03 12:28 87400 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys

2010-11-18 17:26 . 2010-08-10 17:58 31960 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys

2010-11-18 17:26 . 2010-08-27 09:26 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2010-11-18 17:25 . 2010-11-19 00:10 -------- d-----w- c:\program files\PC Tools Security

2010-11-18 05:05 . 2010-11-18 09:41 -------- d-----w- c:\program files\SpywareBlaster

2010-11-18 05:05 . 2010-01-10 19:40 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2010-11-18 04:38 . 2010-11-18 04:38 -------- d-----w- c:\program files\Axantum

2010-11-18 01:29 . 2010-11-18 01:29 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2010-11-18 01:29 . 2010-11-18 01:29 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-11-17 03:02 . 2010-11-17 16:19 -------- d-----w- c:\programdata\IObit

2010-11-17 02:38 . 2010-11-17 02:38 -------- d-----w- c:\program files\Microsoft.NET

2010-11-16 15:23 . 2010-11-16 15:23 -------- d-----w- c:\program files\Secunia

2010-11-15 23:45 . 2010-11-19 18:58 -------- d-----w- C:\ComboFix

2010-11-13 20:46 . 2010-11-18 22:59 -------- d-----w- c:\program files\IObit

2010-11-12 23:11 . 2010-11-12 23:11 -------- d-----w- c:\program files\MSECache

2010-11-12 17:30 . 2010-09-16 11:26 37336 ----a-w- c:\windows\system32\CleanMFT32.exe

2010-11-12 17:30 . 2008-09-17 21:17 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX

2010-11-12 17:30 . 2008-04-02 15:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx

2010-11-12 17:30 . 2008-04-02 15:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx

2010-11-12 17:30 . 2008-04-02 15:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx

2010-11-12 17:30 . 2004-08-04 07:00 506368 ----a-w- c:\windows\system32\msxml.dll

2010-11-12 16:59 . 2010-11-18 19:07 -------- d-----w- c:\program files\Common Files\PC Tools

2010-11-12 16:57 . 2010-11-18 19:07 -------- d-----w- c:\programdata\PC Tools

2010-11-12 15:53 . 2010-11-12 17:16 -------- d-----w- c:\program files\SpywareGuard

2010-11-11 17:11 . 2010-01-10 19:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL

2010-11-11 17:09 . 2010-11-18 05:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2010-11-10 05:00 . 2010-11-10 05:00 -------- d-----w- c:\program files\Auslogics

2010-11-09 18:44 . 2009-08-31 11:05 108886 ----a-w- c:\windows\system32\Vxdif.dll

2010-11-09 18:44 . 2006-11-02 08:09 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll

2010-11-09 18:44 . 2009-07-29 13:46 212528 ----a-w- c:\windows\system32\drivers\Apfiltr.sys

2010-11-08 00:40 . 2010-11-08 00:40 -------- d-----w- c:\programdata\ATI

2010-11-08 00:38 . 2010-11-08 00:38 -------- d-----w- c:\program files\ATI

2010-11-07 18:25 . 2010-11-17 02:46 -------- d-----w- c:\program files\Ventrilo

2010-11-07 18:24 . 2010-11-07 18:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2010-11-06 19:30 . 2010-04-29 15:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-06 19:30 . 2010-11-17 02:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-06 19:30 . 2010-11-06 19:30 -------- d-----w- c:\programdata\Malwarebytes

2010-11-06 19:30 . 2010-04-29 15:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-06 17:15 . 2010-11-17 02:46 -------- d-----w- c:\program files\Mozilla Thunderbird

2010-11-06 17:12 . 2010-11-17 02:43 -------- d-----w- c:\program files\VS Revo Group

2010-11-06 16:32 . 2010-05-23 10:11 196608 ----a-w- c:\windows\system32\mfreadwrite.dll

2010-11-06 16:32 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll

2010-11-06 16:31 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL

2010-11-06 16:26 . 2010-11-06 16:26 -------- d-----w- c:\program files\Common Files\Windows Live

2010-11-06 06:23 . 2010-11-05 22:35 -------- d-----w- c:\windows\Panther

2010-11-06 03:28 . 2010-11-06 03:28 -------- d-----w- c:\program files\Intel

2010-11-06 03:28 . 2008-02-22 13:06 53248 ----a-w- c:\windows\system32\CSVer.dll

2010-11-06 03:28 . 2010-11-06 03:28 -------- d-----w- C:\Intel

2010-11-06 02:44 . 2010-11-06 02:44 -------- d-----w- c:\windows\system32\Macromed

2010-11-06 00:32 . 2010-11-19 16:19 -------- dc--a-w- c:\program files\World of Warcraft

2010-11-06 00:32 . 2010-11-06 00:38 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment

2010-11-06 00:31 . 2010-11-06 10:08 -------- d-----w- c:\programdata\Blizzard Entertainment

2010-11-06 00:10 . 2010-11-17 02:46 -------- d-----w- c:\program files\CCleaner

2010-11-05 23:50 . 2010-11-05 23:50 -------- d-----w- c:\program files\Trusteer

2010-11-05 23:49 . 2010-11-05 23:49 -------- d-----w- c:\programdata\Trusteer

2010-11-05 23:44 . 2010-07-22 01:27 35888 ----a-r- c:\windows\system32\drivers\SymIMV.sys

2010-11-05 23:25 . 2010-11-05 23:31 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-11-05 23:25 . 2010-11-05 23:25 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-11-05 23:25 . 2010-11-05 23:25 -------- d-----w- c:\program files\Symantec

2010-11-05 23:25 . 2010-11-05 23:25 -------- d-----w- c:\windows\system32\drivers\NIS

2010-11-05 23:25 . 2010-11-05 23:25 -------- d-----w- c:\program files\Norton Internet Security

2010-11-05 23:25 . 2010-11-05 23:25 -------- d-----w- c:\program files\NortonInstaller

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-13 17:11 . 2010-11-18 19:06 2052 ----a-w- c:\windows\UDB.zip

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-11-17 780840]

QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-31 1616976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]

path=c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

backup=c:\windows\pss\CurseClientStartup.ccip.Startup

backupExtension=.Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfagent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-11-10 12:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-11-10 12:49 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]

2009-06-19 14:57 249856 ----a-w- c:\program files\DellTPad\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]

2008-11-17 07:29 3810304 ----a-w- c:\windows\System32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]

2009-06-29 12:44 458844 ----a-w- c:\program files\IDT\WDM\sttray.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 14216]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 8456]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-05 1343400]

S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2010-10-28 58472]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1201000.025\SYMDS.SYS [2010-06-13 339504]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1201000.025\SYMEFA.SYS [2010-07-29 666672]

S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20101104.001\BHDrvx86.sys [2010-11-04 691248]

S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20101111.001\IDSvix86.sys [2010-10-19 353840]

S1 RapportCerberus_19917;RapportCerberus_19917;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus_19917.sys [2010-10-28 34792]

S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2010-10-28 62568]

S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2010-10-28 156776]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1201000.025\Ironx86.SYS [2010-06-27 134704]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NIS\1201000.025\SYMNETS.SYS [2010-07-13 294448]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\aestsrv.exe [2009-03-02 81920]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-06-25 176128]

S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe [2010-07-23 126904]

S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-10-28 763112]

S2 SBSDWSCService;SBSD Security Center Service;c:\users\User\Desktop\Malware Removal Tools\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-07-25 29736]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-11-17 102448]

S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-07-13 65640]

S3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-06-07 273448]

S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2009-03-06 133632]

S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2009-03-09 280096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc

.

Contents of the 'Scheduled Tasks' folder

2010-11-17 c:\windows\Tasks\SmartDefrag.job

- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-11-17 18:08]

.

------- Supplementary Scan -------

.

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\f1h6cwa1.default\

FF - prefs.js: keyword.URL - hxxp://uk.search-results.com/web?o=15868&l=dis&prt=PRT&chn=UN&geo=GB&ver=UN&q=

FF - prefs.js: network.proxy.type - 0

FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\components\coFFPlgn.dll

FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.1.0.37\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2433850054-3243049886-925488322-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (S-1-5-21-2433850054-3243049886-925488322-1000)

@Denied: (2) (LocalSystem)

"Progid"="ThunderbirdEML"

[HKEY_USERS\S-1-5-21-2433850054-3243049886-925488322-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2010-11-19 19:04:21

ComboFix-quarantined-files.txt 2010-11-19 19:04

ComboFix2.txt 2010-11-15 23:55

ComboFix3.txt 2010-11-11 05:02

Pre-Run: 174,394,208,256 bytes free

Post-Run: 174,189,940,736 bytes free

- - End Of File - - AA0632EC11102587EF47C17AFCFBB0EE

Superdave · November 20, 2010

SysProt Antirootkit

Download

SysProt Antirootkit from the link below (you will find it at the bottom

of the page under attachments, or you can get it from one of the

mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.
- Process << Selected
- Kernel Modules << Selected
- SSDT << Selected
- Kernel Hooks << Selected
- IRP Hooks << NOT Selected
- Ports << NOT Selected
- Hidden Files << Selected
[*]At the bottom of the page
- Hidden Objects Only << Selected
[*]Click on the Create Log button on the bottom right.
[*]After a few seconds a new window should appear.
[*]Select Scan Root Drive. Click on the Start button.
[*]When it is complete a new window will appear to indicate that the scan is finished.
[*]The log will be saved automatically in the same folder Sysprot.exe was
extracted to. Open the text file and copy/paste the log here.

Equaliser · November 21, 2010

Hello

I had 1 error when using SysProt.exe !!

The error was

Error Scanning SSDT hooks.

I clicked ok on the error message box. Then clicked start to run the scan

Here is the sysprot scan log file :

SysProt AntiRootkit v1.0.1.0

by swatkat

******************************************************************************************

No Hidden Processes found

******************************************************************************************

Kernel Modules:

Module Name: \??\C:\Users\user\Desktop\SysProt\SysProt\SysProtDrv.sys

Service Name: SysProtDrv.sys

Module Base: A132D000

Module End: A1338000

Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys

Service Name: ---

Module Base: 81FE1000

Module End: 81FEC000

Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_msahci.sys

Service Name: ---

Module Base: 81FEC000

Module End: 81FF6000

Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_dumpfve.sys

Service Name: ---

Module Base: 81E00000

Module End: 81E11000

Hidden: Yes

******************************************************************************************

No SSDT Hooks found

******************************************************************************************

No Kernel Hooks found

******************************************************************************************

No IRP Hooks found

******************************************************************************************

Ports:

Local Address: user-PC.CABLE.VIRGINMEDIA.NET:49256

Remote Address: LHR14S02-IN-F100.1E100.NET:HTTP

Type: TCP

Process: 0 (PID)

State: TIME_WAIT

Local Address: user-PC.CABLE.VIRGINMEDIA.NET:NETBIOS-SSN

Remote Address: 0.0.0.0:0

Type: TCP

Process: 4 (PID)

State: LISTENING

Local Address: user-PC:49180

Remote Address: LOCALHOST:49179

Type: TCP

Process: 1840 (PID)

State: ESTABLISHED

Local Address: user-PC:49179

Remote Address: LOCALHOST:49180

Type: TCP

Process: 1840 (PID)

State: ESTABLISHED

Local Address: user-PC:49178

Remote Address: LOCALHOST:49177

Type: TCP

Process: 1840 (PID)

State: ESTABLISHED

Local Address: user-PC:49177

Remote Address: LOCALHOST:49178

Type: TCP

Process: 1840 (PID)

State: ESTABLISHED

Local Address: user-PC:49168

Remote Address: LOCALHOST:49167

Type: TCP

Process: 2156 (PID)

State: ESTABLISHED

Local Address: user-PC:49167

Remote Address: LOCALHOST:49168

Type: TCP

Process: 2156 (PID)

State: ESTABLISHED

Local Address: user-PC:49166

Remote Address: LOCALHOST:49165

Type: TCP

Process: 2156 (PID)

State: ESTABLISHED

Local Address: user-PC:49165

Remote Address: LOCALHOST:49166

Type: TCP

Process: 2156 (PID)

State: ESTABLISHED

Local Address: user-PC:49157

Remote Address: 0.0.0.0:0

Type: TCP

Process: 1380 (PID)

State: LISTENING

Local Address: user-PC:49159

Remote Address: 0.0.0.0:0

Type: TCP

Process: 592 (PID)

State: LISTENING

Local Address: user-PC:49155

Remote Address: 0.0.0.0:0

Type: TCP

Process: 1120 (PID)

State: LISTENING

Local Address: user-PC:49154

Remote Address: 0.0.0.0:0

Type: TCP

Process: 1056 (PID)

State: LISTENING

Local Address: user-PC:49153

Remote Address: 0.0.0.0:0

Type: TCP

Process: 628 (PID)

State: LISTENING

Local Address: user-PC:49152

Remote Address: 0.0.0.0:0

Type: TCP

Process: 524 (PID)

State: LISTENING

Local Address: user-PC:9000

Remote Address: 0.0.0.0:0

Type: TCP

Process: 4 (PID)

State: LISTENING

Local Address: user-PC:WSD

Remote Address: 0.0.0.0:0

Type: TCP

Process: 4 (PID)

State: LISTENING

Local Address: user-PC:MICROSOFT-DS

Remote Address: 0.0.0.0:0

Type: TCP

Process: 4 (PID)

State: LISTENING

Local Address: user-PC:EPMAP

Remote Address: 0.0.0.0:0

Type: TCP

Process: 816 (PID)

State: LISTENING

Local Address: user-PC.CABLE.VIRGINMEDIA.NET:51766

Remote Address: NA

Type: UDP

Process: 2944 (PID)

State: NA

Local Address: user-PC.CABLE.VIRGINMEDIA.NET:SSDP

Remote Address: NA

Type: UDP

Process: 2944 (PID)

State: NA

Local Address: user-PC.CABLE.VIRGINMEDIA.NET:138

Remote Address: NA

Type: UDP

Process: 4 (PID)

State: NA

Local Address: user-PC.CABLE.VIRGINMEDIA.NET:NETBIOS-NS

Remote Address: NA

Type: UDP

Process: 4 (PID)

State: NA

Local Address: user-PC:61613

Remote Address: NA

Type: UDP

Process: 3672 (PID)

State: NA

Local Address: user-PC:51767

Remote Address: NA

Type: UDP

Process: 2944 (PID)

State: NA

Local Address: user-PC:49152

Remote Address: NA

Type: UDP

Process: 940 (PID)

State: NA

Local Address: user-PC:SSDP

Remote Address: NA

Type: UDP

Process: 2944 (PID)

State: NA

Local Address: user-PC:51406

Remote Address: NA

Type: UDP

Process: 1288 (PID)

State: NA

Local Address: user-PC:51404

Remote Address: NA

Type: UDP

Process: 2944 (PID)

State: NA

Local Address: user-PC:LLMNR

Remote Address: NA

Type: UDP

Process: 1504 (PID)

State: NA

Local Address: user-PC:IPSEC-MSFT

Remote Address: NA

Type: UDP

Process: 1120 (PID)

State: NA

Local Address: user-PC:WS-DISCOVERY

Remote Address: NA

Type: UDP

Process: 2944 (PID)

State: NA

Local Address: user-PC:WS-DISCOVERY

Remote Address: NA

Type: UDP

Process: 2944 (PID)

State: NA

Local Address: user-PC:WS-DISCOVERY

Remote Address: NA

Type: UDP

Process: 1288 (PID)

State: NA

Local Address: user-PC:WS-DISCOVERY

Remote Address: NA

Type: UDP

Process: 1288 (PID)

State: NA

Local Address: user-PC:500

Remote Address: NA

Type: UDP

Process: 1120 (PID)

State: NA

Local Address: user-PC:68

Remote Address: NA

Type: UDP

Process: 1056 (PID)

State: NA

******************************************************************************************

Hidden files/folders:

Object: C:\Program Files\IObit\IObit SmartDefrag\language\Lietuviu.lng

Status: Hidden

Object: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp\4115E14D.TMP

Status: Access denied

Object: C:\Qoobox\BackEnv\AppData.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat

Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00

Status: Access denied

Object: C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp\4115E14D.TMP

Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl

Status: Access denied

Superdave · November 21, 2010

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory..

Equaliser · November 23, 2010

I cannot copy and paste the TSSkiller scan results

it did NOT find anything anyway

2010/11/23 02:33:50.0398 TDSS rootkit removing tool 2.4.8.0 Nov 17 2010 07:23:12

2010/11/23 02:33:50.0398 ================================================================================

2010/11/23 02:33:50.0398 SystemInfo:

2010/11/23 02:33:50.0398

2010/11/23 02:33:50.0398 OS Version: 6.1.7600 ServicePack: 0.0

2010/11/23 02:33:50.0398 Product type: Workstation

2010/11/23 02:33:50.0398 ComputerName: user-PC

2010/11/23 02:33:50.0398 UserName: user

2010/11/23 02:33:50.0398 Windows directory: C:\Windows

2010/11/23 02:33:50.0398 System windows directory: C:\Windows

2010/11/23 02:33:50.0398 Processor architecture: Intel x86

2010/11/23 02:33:50.0398 Number of processors: 2

2010/11/23 02:33:50.0398 Page size: 0x1000

2010/11/23 02:33:50.0398 Boot type: Normal boot

2010/11/23 02:33:50.0398 ================================================================================

2010/11/23 02:33:51.0958 Initialize success

2010/11/23 02:34:00.0491 ================================================================================

2010/11/23 02:34:00.0491 Scan started

2010/11/23 02:34:00.0491 Mode: Manual;

2010/11/23 02:34:00.0491 ================================================================================

2010/11/23 02:34:02.0316 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys

2010/11/23 02:34:02.0706 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys

2010/11/23 02:34:02.0738 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

2010/11/23 02:34:02.0769 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

2010/11/23 02:34:02.0862 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

2010/11/23 02:34:02.0940 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

2010/11/23 02:34:03.0018 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys

2010/11/23 02:34:03.0096 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys

2010/11/23 02:34:03.0128 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

2010/11/23 02:34:03.0284 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

2010/11/23 02:34:03.0580 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

2010/11/23 02:34:03.0720 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

2010/11/23 02:34:04.0017 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

2010/11/23 02:34:04.0157 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

2010/11/23 02:34:04.0266 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys

2010/11/23 02:34:04.0422 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

2010/11/23 02:34:04.0532 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys

2010/11/23 02:34:04.0625 ApfiltrService (f45f2965c43cecfbd04b0d1674643522) C:\Windows\system32\DRIVERS\Apfiltr.sys

2010/11/23 02:34:04.0734 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

2010/11/23 02:34:04.0968 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

2010/11/23 02:34:05.0156 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

2010/11/23 02:34:05.0374 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/11/23 02:34:05.0655 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

2010/11/23 02:34:05.0811 AtiHdmiService (bb9e7c7f937714f05a4e05c287d6ddff) C:\Windows\system32\drivers\AtiHdmi.sys

2010/11/23 02:34:08.0603 atikmdag (7ad53cc3a290ed312d54727ddda98927) C:\Windows\system32\DRIVERS\atikmdag.sys

2010/11/23 02:34:10.0491 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

2010/11/23 02:34:11.0474 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2010/11/23 02:34:12.0425 BCM42RLY (423c7b87e886ac93d22936ea82665f83) C:\Windows\system32\drivers\BCM42RLY.sys

2010/11/23 02:34:13.0673 BCM43XX (b56999be8f22ba3071e4ceafa9e82e26) C:\Windows\system32\DRIVERS\bcmwl6.sys

2010/11/23 02:34:14.0328 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2010/11/23 02:34:15.0171 BHDrvx86 (80f390347c7754835a900349ba1e4b75) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20101104.001\BHDrvx86.sys

2010/11/23 02:34:16.0247 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

2010/11/23 02:34:17.0027 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys

2010/11/23 02:34:17.0620 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2010/11/23 02:34:18.0306 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2010/11/23 02:34:18.0634 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2010/11/23 02:34:18.0728 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2010/11/23 02:34:18.0774 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2010/11/23 02:34:18.0837 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2010/11/23 02:34:18.0899 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys

2010/11/23 02:34:18.0993 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

2010/11/23 02:34:19.0055 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys

2010/11/23 02:34:19.0102 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys

2010/11/23 02:34:19.0258 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys

2010/11/23 02:34:19.0851 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys

2010/11/23 02:34:20.0350 btwaudio (489727ea3dceba3bac3215f94bfbcaa1) C:\Windows\system32\drivers\btwaudio.sys

2010/11/23 02:34:20.0491 btwavdt (dead0e02e2efdb03209c9237e93a619c) C:\Windows\system32\drivers\btwavdt.sys

2010/11/23 02:34:20.0803 btwl2cap (b9920fb30bcaff10c111654909b275c9) C:\Windows\system32\DRIVERS\btwl2cap.sys

2010/11/23 02:34:21.0130 btwrchid (280e088046dcac249bb08505e296db86) C:\Windows\system32\DRIVERS\btwrchid.sys

2010/11/23 02:34:21.0333 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2010/11/23 02:34:21.0442 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys

2010/11/23 02:34:21.0598 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

2010/11/23 02:34:21.0692 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2010/11/23 02:34:21.0832 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

2010/11/23 02:34:21.0879 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

2010/11/23 02:34:21.0957 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2010/11/23 02:34:22.0487 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

2010/11/23 02:34:22.0768 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

2010/11/23 02:34:22.0815 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

2010/11/23 02:34:22.0924 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys

2010/11/23 02:34:23.0049 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2010/11/23 02:34:23.0111 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

2010/11/23 02:34:23.0205 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2010/11/23 02:34:23.0345 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys

2010/11/23 02:34:23.0611 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

2010/11/23 02:34:23.0813 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

2010/11/23 02:34:23.0985 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

2010/11/23 02:34:24.0110 epmntdrv (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys

2010/11/23 02:34:24.0235 EraserUtilDrvI10 (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI10.sys

2010/11/23 02:34:24.0344 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

2010/11/23 02:34:24.0515 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys

2010/11/23 02:34:24.0703 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2010/11/23 02:34:24.0827 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2010/11/23 02:34:24.0952 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

2010/11/23 02:34:25.0015 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2010/11/23 02:34:25.0108 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2010/11/23 02:34:25.0155 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/11/23 02:34:25.0280 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2010/11/23 02:34:25.0389 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2010/11/23 02:34:25.0498 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2010/11/23 02:34:25.0639 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys

2010/11/23 02:34:25.0732 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

2010/11/23 02:34:25.0857 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2010/11/23 02:34:25.0935 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys

2010/11/23 02:34:26.0044 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/11/23 02:34:26.0138 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

2010/11/23 02:34:26.0216 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

2010/11/23 02:34:26.0278 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

2010/11/23 02:34:26.0387 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

2010/11/23 02:34:26.0528 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

2010/11/23 02:34:26.0653 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

2010/11/23 02:34:26.0777 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

2010/11/23 02:34:26.0887 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/11/23 02:34:26.0980 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys

2010/11/23 02:34:27.0199 IDSVix86 (ee90168d5578359fe9a295b8611330c0) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20101122.004\IDSvix86.sys

2010/11/23 02:34:27.0323 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

2010/11/23 02:34:27.0401 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

2010/11/23 02:34:27.0511 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

2010/11/23 02:34:27.0589 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/11/23 02:34:27.0776 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

2010/11/23 02:34:27.0838 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2010/11/23 02:34:27.0885 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2010/11/23 02:34:28.0010 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys

2010/11/23 02:34:28.0088 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/11/23 02:34:28.0228 itecir (83a0305939e1d113a8d8bc2b2ea64774) C:\Windows\system32\DRIVERS\itecir.sys

2010/11/23 02:34:28.0603 k57nd60x (faafa13932361d0a5a7ba5690ca4e377) C:\Windows\system32\DRIVERS\k57nd60x.sys

2010/11/23 02:34:28.0774 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/11/23 02:34:28.0837 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

2010/11/23 02:34:28.0993 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys

2010/11/23 02:34:29.0086 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys

2010/11/23 02:34:29.0227 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2010/11/23 02:34:29.0336 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

2010/11/23 02:34:29.0429 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

2010/11/23 02:34:29.0507 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2010/11/23 02:34:29.0617 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2010/11/23 02:34:29.0710 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2010/11/23 02:34:29.0804 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

2010/11/23 02:34:29.0882 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

2010/11/23 02:34:30.0053 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2010/11/23 02:34:30.0116 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2010/11/23 02:34:30.0880 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

2010/11/23 02:34:31.0036 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

2010/11/23 02:34:31.0114 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

2010/11/23 02:34:31.0208 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys

2010/11/23 02:34:31.0286 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2010/11/23 02:34:31.0333 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

2010/11/23 02:34:31.0379 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/11/23 02:34:31.0457 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/11/23 02:34:31.0504 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/11/23 02:34:31.0551 msahci (4326d168944123f38dd3b2d9c

Equaliser · November 23, 2010

2010/11/23 02:34:31.0504 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/11/23 02:34:31.0551 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys

2010/11/23 02:34:31.0645 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys

2010/11/23 02:34:32.0113 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2010/11/23 02:34:32.0269 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2010/11/23 02:34:32.0315 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

2010/11/23 02:34:32.0503 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2010/11/23 02:34:32.0612 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/11/23 02:34:32.0705 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2010/11/23 02:34:32.0877 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2010/11/23 02:34:33.0002 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/11/23 02:34:33.0111 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2010/11/23 02:34:33.0189 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

2010/11/23 02:34:33.0298 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2010/11/23 02:34:33.0439 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2010/11/23 02:34:33.0657 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20101122.022\NAVENG.SYS

2010/11/23 02:34:33.0907 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20101122.022\NAVEX15.SYS

2010/11/23 02:34:34.0047 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys

2010/11/23 02:34:34.0125 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2010/11/23 02:34:34.0250 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/11/23 02:34:34.0281 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/11/23 02:34:34.0312 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/11/23 02:34:34.0343 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

2010/11/23 02:34:34.0421 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

2010/11/23 02:34:34.0546 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

2010/11/23 02:34:34.0655 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

2010/11/23 02:34:34.0796 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

2010/11/23 02:34:34.0905 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

2010/11/23 02:34:35.0045 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys

2010/11/23 02:34:35.0186 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

2010/11/23 02:34:35.0279 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys

2010/11/23 02:34:35.0716 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys

2010/11/23 02:34:35.0825 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

2010/11/23 02:34:35.0950 OA001Ufd (2cf21d5f8f1b74bb1922135ac2b12ddb) C:\Windows\system32\DRIVERS\OA001Ufd.sys

2010/11/23 02:34:36.0059 OA001Vid (4075063d25af9da64101769854b83787) C:\Windows\system32\DRIVERS\OA001Vid.sys

2010/11/23 02:34:36.0153 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

2010/11/23 02:34:36.0340 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

2010/11/23 02:34:36.0418 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

2010/11/23 02:34:36.0512 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

2010/11/23 02:34:36.0886 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys

2010/11/23 02:34:36.0917 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

2010/11/23 02:34:37.0042 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

2010/11/23 02:34:37.0198 PCTCore (8f93fb300deac55c553c2255f1d0342d) C:\Windows\system32\drivers\PCTCore.sys

2010/11/23 02:34:37.0323 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\Windows\system32\drivers\pctDS.sys

2010/11/23 02:34:37.0463 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\Windows\system32\drivers\pctEFA.sys

2010/11/23 02:34:37.0635 pctgntdi (d01c7ecb9a1de9c6615326c8b3f3a013) C:\Windows\System32\drivers\pctgntdi.sys

2010/11/23 02:34:37.0760 pctplsg (95d9c7ef0e391bee16505536825d4863) C:\Windows\System32\drivers\pctplsg.sys

2010/11/23 02:34:37.0900 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

2010/11/23 02:34:38.0025 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

2010/11/23 02:34:38.0212 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

2010/11/23 02:34:38.0306 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

2010/11/23 02:34:38.0415 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

2010/11/23 02:34:38.0540 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

2010/11/23 02:34:38.0680 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

2010/11/23 02:34:38.0774 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

2010/11/23 02:34:38.0883 RapportCerberus_19917 (539fbdcff37a24102c507092b333ec2b) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus_19917.sys

2010/11/23 02:34:38.0977 RapportEI (93b99aac32d636d8b264c6d91843ecd0) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys

2010/11/23 02:34:39.0101 RapportKELL (b633c712b9ecad4d2cc2c490aad8d81d) C:\Windows\system32\Drivers\RapportKELL.sys

2010/11/23 02:34:39.0195 RapportPG (0bc3d57d240481ad07affb4fdccd12ae) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

2010/11/23 02:34:39.0320 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

2010/11/23 02:34:39.0398 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

2010/11/23 02:34:39.0554 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/11/23 02:34:39.0632 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/11/23 02:34:39.0725 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

2010/11/23 02:34:39.0819 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

2010/11/23 02:34:39.0975 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

2010/11/23 02:34:40.0037 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/11/23 02:34:40.0162 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

2010/11/23 02:34:40.0240 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

2010/11/23 02:34:40.0381 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys

2010/11/23 02:34:40.0427 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

2010/11/23 02:34:40.0615 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys

2010/11/23 02:34:40.0786 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\Windows\system32\DRIVERS\rimmptsk.sys

2010/11/23 02:34:40.0911 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\Windows\system32\DRIVERS\rimsptsk.sys

2010/11/23 02:34:40.0989 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\Windows\system32\DRIVERS\rixdptsk.sys

2010/11/23 02:34:41.0067 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

2010/11/23 02:34:41.0207 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

2010/11/23 02:34:41.0239 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

2010/11/23 02:34:41.0379 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

2010/11/23 02:34:41.0457 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

2010/11/23 02:34:41.0597 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\DRIVERS\sdbus.sys

2010/11/23 02:34:41.0675 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2010/11/23 02:34:41.0800 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

2010/11/23 02:34:41.0863 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

2010/11/23 02:34:41.0941 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

2010/11/23 02:34:42.0128 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

2010/11/23 02:34:42.0175 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys

2010/11/23 02:34:42.0284 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys

2010/11/23 02:34:42.0346 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

2010/11/23 02:34:42.0549 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys

2010/11/23 02:34:42.0627 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2010/11/23 02:34:42.0689 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

2010/11/23 02:34:42.0799 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

2010/11/23 02:34:43.0001 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

2010/11/23 02:34:43.0142 SRTSP (d0ab8e989935d895f1bed8f607fa0948) C:\Windows\system32\drivers\NIS\1201000.025\SRTSP.SYS

2010/11/23 02:34:43.0345 SRTSPX (fae9f5558a1f53670e579f9ffb4a67cc) C:\Windows\system32\drivers\NIS\1201000.025\SRTSPX.SYS

2010/11/23 02:34:43.0516 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys

2010/11/23 02:34:43.0688 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys

2010/11/23 02:34:43.0750 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys

2010/11/23 02:34:43.0891 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

2010/11/23 02:34:44.0125 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

2010/11/23 02:34:44.0265 SymDS (67e83f8c7e80dc898a1d73b38412ba7a) C:\Windows\system32\drivers\NIS\1201000.025\SYMDS.SYS

2010/11/23 02:34:44.0468 SymEFA (3986a8de371e985ba6c82eb8da3b1e98) C:\Windows\system32\drivers\NIS\1201000.025\SYMEFA.SYS

2010/11/23 02:34:44.0593 SymEvent (5c76a63fac8a5580c5a1c4a4ed827782) C:\Windows\system32\Drivers\SYMEVENT.SYS

2010/11/23 02:34:44.0671 SymIM (0f67b57928e1a112e15ee5a463df83d0) C:\Windows\system32\DRIVERS\SymIMv.sys

2010/11/23 02:34:44.0827 SymIRON (8ae632773b5192dce48f4ec8de753863) C:\Windows\system32\drivers\NIS\1201000.025\Ironx86.SYS

2010/11/23 02:34:45.0014 SymNetS (9531b03525eb2a3eacb75caa5e9a18d9) C:\Windows\system32\drivers\NIS\1201000.025\SYMNETS.SYS

2010/11/23 02:34:45.0217 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys

2010/11/23 02:34:45.0404 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys

2010/11/23 02:34:45.0560 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

2010/11/23 02:34:45.0622 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

2010/11/23 02:34:45.0731 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys

2010/11/23 02:34:45.0794 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

2010/11/23 02:34:45.0825 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

2010/11/23 02:34:45.0934 TfFsMon (f8f242be50c36628372f361d24541521) C:\Windows\system32\drivers\TfFsMon.sys

2010/11/23 02:34:46.0075 TfNetMon (17747052db3cf94712b599c3c0cdd6fb) C:\Windows\system32\drivers\TfNetMon.sys

2010/11/23 02:34:46.0153 TfSysMon (a5899ef04f22ffdd4872214d8607cdaa) C:\Windows\system32\drivers\TfSysMon.sys

2010/11/23 02:34:46.0309 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/11/23 02:34:46.0418 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

2010/11/23 02:34:46.0543 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

2010/11/23 02:34:46.0636 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys

2010/11/23 02:34:46.0777 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

2010/11/23 02:34:46.0839 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

2010/11/23 02:34:46.0979 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

2010/11/23 02:34:47.0026 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/11/23 02:34:47.0089 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

2010/11/23 02:34:47.0229 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys

2010/11/23 02:34:47.0276 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys

2010/11/23 02:34:47.0338 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys

2010/11/23 02:34:47.0463 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

2010/11/23 02:34:47.0525 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/11/23 02:34:47.0884 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/11/23 02:34:48.0087 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys

2010/11/23 02:34:48.0227 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

2010/11/23 02:34:48.0305 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/11/23 02:34:48.0446 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

2010/11/23 02:34:48.0524 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys

2010/11/23 02:34:48.0664 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

2010/11/23 02:34:48.0695 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

2010/11/23 02:34:48.0742 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

2010/11/23 02:34:48.0851 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys

2010/11/23 02:34:48.0976 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

2010/11/23 02:34:49.0085 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys

2010/11/23 02:34:49.0210 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

2010/11/23 02:34:49.0319 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

2010/11/23 02:34:49.0413 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

2010/11/23 02:34:49.0507 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

2010/11/23 02:34:49.0585 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2010/11/23 02:34:49.0600 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2010/11/23 02:34:49.0772 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

2010/11/23 02:34:49.0865 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2010/11/23 02:34:50.0006 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

2010/11/23 02:34:50.0084 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

2010/11/23 02:34:50.0271 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

2010/11/23 02:34:50.0365 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

2010/11/23 02:34:50.0536 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

2010/11/23 02:34:50.0645 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/11/23 02:34:50.0739 ================================================================================

2010/11/23 02:34:50.0739 Scan finished

2010/11/23 02:34:50.0739 ================================================================================

Superdave · November 23, 2010

How's your computer running now?

ESET Online Scan

Scan your computer with the ESET FREE Online Virus Scan

* Click the ESET Online Scanner button.

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop

* Double click on the esetsmartinstaller_enu.exe icon on your desktop.

* Place a check mark next to YES, I accept the Terms of Use.

* Click the Start button.

* Accept any security warnings from your browser.

* Leave the check mark next to Remove found threats and place a check next to Scan archives.

* Click the Start button.

* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.

* When the scan completes, click List of found threats.

* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.

* Click the Back button then click Finish.

In your next reply please include the ESET Online Scan Log

Equaliser · November 23, 2010

here is my eset online scan log file :

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=addc90f66999c04391635f51a234068c

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-11-23 04:38:21

# local_time=2010-11-23 04:38:21 (+0000, GMT Standard Time)

# country="United Kingdom"

# lang=1033

# osver=6.1.7600 NT

# compatibility_mode=3588 16777214 85 83 7200 14059684 0 0

# compatibility_mode=5893 16776574 100 94 1447305 42948780 0 0

# compatibility_mode=8192 67108863 100 0 3695 3695 0 0

# scanned=68488

# found=1

# cleaned=1

# scan_time=4713

C:\MGtools\Process.exe Win32/PrcView application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Superdave · November 23, 2010

You never told me if you're having any more problems with your computer.

Equaliser · November 24, 2010

Hello

unfortunately i am having the original problem of unexpected shutdown.

i am still quite concerned about this I think it is something to do with the kernel though i am not qualified to make this judgement

Superdave · November 24, 2010

unfortunately i am having the original problem of unexpected shutdown.

This sounds like a hardware problem. Could your computer be overheating? Download Speedfan and check the temps. Is the computer clean inside? Did you check to see if everything is secure; cables and components?

Do you have your OS CD/DVD?

If so,

1/ Click the Start button.

2/ From the Start Menu, Click All programs followed by Accessories.

3/ In the Accessories menu, Right Click on the Command Prompt option.

4/ From the drop down menu that appears, Click on the Run as administrator option.

5/ If you have the User Account Control (UAC) enabled you will be asked for authorisation prior to the command prompt opening. You may simply need to press the Continue button if you are the administrator or insert the administrator password etc.

6/ In the Command Prompt window, type: sfc /scannow and then press Enter.

7/ A message will appear stating that the system scan will begin.

8/ Be patient because the scan may take some time.

9/ If any files require replacing SFC will replace them. You may be asked to insert your Vista DVD for this process to continue.

10/ If everything is okay you should, after the scan, see the following message Windows resource protection did not find any integrity violations.

11/ After the scan has completed, Close the command prompt window.

Equaliser · November 25, 2010

Hello

I ran sfc /scannow and it stated it did NOT find any file integrity violations/problems.

I have a loaptop i have checked it and it is clean.

but my fan is running more than usual and is loader than usual.

I went to my manufactureres web site and downlaoded and installed al my drivers inc chipset graphic network etc.

but this has not fixed my issue.

my laptop and internet browsing are pretty slow

can you help me fix this ?

Superdave · November 25, 2010

can you help me fix this ?

I'm sorry but I only deal with malware. Perhaps you could start a new thread in the General Discussion forum to get some help with that. Let's do some cleanup.

* Click START then RUN - Vista users press the Windows Key and the R keys together for the Run box.

* Now type commy /uninstall in the runbox

* Make sure there's a space between commy and /Uninstall

* Then hit Enter

* The above procedure will:

* Delete the following:

* ComboFix and its associated files and folders.

* Reset the clock settings.

* Hide file extensions, if required.

* Hide System/Hidden files, if required.

* Set a new, clean Restore Point.

**********************************

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.

* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.

* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

*****************************************

Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)

2) Online Armor

3) Agnitum Outpost

4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

************************************************************

Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.

•Update anything listed.

.

----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.

* Using SpywareBlaster to protect your computer from Spyware and Malware

* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.

*******************************************

Please run this next scan and post the log for the Administration

* Open IObit Security 360.

* Click the Update button and download any available updates.

* Choose Quarantine threats when removing them in Scan Parameters of Scan Setting in Options.

* Click Apply and OK buttons.

* Next (on the left) click the Scan button.

* Choose the Full Scan (Scan all hard drives in your computer) option to begin the scan.

* Once the scan has completed click Remove

* Next click Save a Report

* Post the IObit Security 360.log in your next reply.

Equaliser · November 26, 2010

Hello

interesting how you say install a third party firewall i use norton IS 2011 with smart firewall can i use another firewall as extra protection ??

Superdave · November 26, 2010

Norton IS 2011 did not show in your logs. No, don't install another firewall. You're only supposed to have on AV and one Firewall enabled on your computer.

Suspected Malware. here is my HJT file. can anyone help ?

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Archived