Go Back   Cyber Tech Help Support Forums > Hardware > Hardware

Notices

Reply
 
Topic Tools
  #1  
Old December 18th, 2011, 05:33 AM
ephie ephie is offline
Member
 
Join Date: Jun 2011
Posts: 51
No idea what's going on - moved by Jintan

For some reason my netbook keeps freezing up - completely - and I'm forced to do a manual shutdown. The lock up occurs when I'm surfing the Internet so I'm thinking the netbook is infected with some sort of malware. Please let me know what I need to do to check this problem out because it is far from normal and extremely distracting and bothersome.
Thanks for your help!
Reply With Quote


  #2  
Old December 18th, 2011, 11:00 PM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 50,520
Hello ephie,

Let's take a look.

If the system is Vista/Windows7, when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

-------

Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please.

-----------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

Note - If Gmer shows it has located infection once it's opening scan completes, do not click the Scan button. We don't want hidden malware settings to cause any problems. Instead, just click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-----------

Download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Decline a download of avast itself if offered
  • If avast! antivirus is already installed, go to the dropdown next to AV engine: and select (none)
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

A lot, but comprehensive, and will make sure we get a good view of everything.
Reply With Quote
  #3  
Old January 15th, 2012, 04:55 AM
ephie ephie is offline
Member
 
Join Date: Jun 2011
Posts: 51
It's been a while since I first posted with my computer issues but it's gotten worse. There was this weird "Windows" update that happened, which occurred when my computer started up this past week. It read "Update 28 of 28" or "Update 14 of 14" or something similar but it was weird and not like a normal Windows update. So, my streaming video is really off - like skipping and pausing or having buffering issues that it never had before...

Well, I ran the three scans you asked for -- and here are the outputs.


Please let me know how to fix my computer =( Thank you!


OTL.exe output:
OTL logfile created on: 1/14/2012 6:31:50 PM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Eph Fane\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 62.07% Memory free
4.00 Gb Paging File | 3.17 Gb Available in Paging File | 79.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 75.18 Gb Free Space | 75.18% Space Free | Partition Type: NTFS
Drive D: | 117.87 Gb Total Space | 42.29 Gb Free Space | 35.88% Space Free | Partition Type: NTFS

Computer Name: EPHFANE | User Name: Eph Fane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/14 01:20:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Eph Fane\Downloads\OTL(1).exe
PRC - [2011/10/10 17:30:48 | 004,712,864 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
PRC - [2011/06/23 20:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/04/16 16:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe
PRC - [2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 04:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/09/02 13:46:16 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010/08/09 14:04:58 | 001,244,592 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
PRC - [2010/06/11 20:56:42 | 000,976,872 | ---- | M] (AsusTek Computer Inc.) -- C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe
PRC - [2010/06/09 23:57:18 | 000,548,744 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe
PRC - [2010/06/09 13:26:34 | 000,412,600 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
PRC - [2010/05/28 15:41:36 | 000,445,344 | ---- | M] (ASUS) -- C:\Program Files\EeePC\CapsHook\CapsHook.exe
PRC - [2010/05/21 13:42:48 | 000,652,576 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2010/04/06 21:16:52 | 001,599,880 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe
PRC - [2009/09/11 10:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
PRC - [2009/08/18 16:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/11 18:11:56 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.VisualBas#\dd759df05fad8dc6d3404e8e02b40819 \Microsoft.VisualBasic.ni.dll
MOD - [2011/10/15 04:37:33 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.EnterpriseSe#\dfe859829abd7f108aa5d82382251690 \System.EnterpriseServices.ni.dll
MOD - [2011/10/15 04:37:31 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Transactions\f5659a792c1f6832d9a45c1509d03497\ System.Transactions.ni.dll
MOD - [2011/10/15 04:37:28 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Data\f8196c3588c2229e84516af4b6a0ee60\System.D ata.ni.dll
MOD - [2011/10/15 04:35:58 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db \System.Windows.Forms.ni.dll
MOD - [2011/10/15 04:35:32 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Drawing\3b2cfd85528a27eb71dc41d8067359a1\Syste m.Drawing.ni.dll
MOD - [2011/10/14 20:06:26 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Xml\130ad4d9719e566ca933ac7158a04203\System.Xm l.ni.dll
MOD - [2011/10/14 20:06:13 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Configuration\2d5bcbeb9475ef62189f605bcca1cec6 \System.Configuration.ni.dll
MOD - [2011/10/14 20:06:10 | 007,963,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/14 20:05:53 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\msc orlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni .dll
MOD - [2011/10/10 17:15:08 | 000,936,960 | ---- | M] () -- C:\Program Files\Enigma Software Group\SpyHunter\ExecutionGuard.dll
MOD - [2010/11/04 17:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b7 7a5c561934e089\System.Data.dll
MOD - [2010/09/02 13:55:39 | 000,030,032 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\SqliteShared\2.2.0.26 258__0d0f4b69e50e559b\SqliteShared.dll
MOD - [2010/09/02 13:55:35 | 000,839,680 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data.SQLite\1.0. 60.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2010/06/14 23:24:18 | 000,124,240 | ---- | M] () -- C:\Program Files\ASUS\ASUS WebStorage\2.2.32.76\AsusWSShellExt.dll
MOD - [2009/06/10 13:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0 .0.0__b77a5c561934e089\System.Transactions.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/16 16:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2010/05/21 13:42:48 | 000,652,576 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/08/18 16:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/11/30 18:25:03 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\ 20111223.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/09 02:22:35 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/09 02:22:35 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/22 23:17:32 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\2 0120113.002\IDSvix86.sys -- (IDSVix86)
DRV - [2011/08/04 22:50:58 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/08/04 00:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs \20120113.025\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/04 00:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs \20120113.025\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/08 16:44:30 | 000,299,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\System32\Drivers\N360\0501000.01D\SYMNE TS.SYS -- (SymNetS)
DRV - [2011/05/06 15:57:10 | 000,013,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2011/03/30 19:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\windows\System32\Drivers\N360\0501000.01D\SRTSP .SYS -- (SRTSP)
DRV - [2011/03/30 19:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\system32\drivers\N360\0501000.01D\SRTSP X.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/14 18:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\windows\system32\drivers\N360\0501000.01D\SYMEF A.SYS -- (SymEFA)
DRV - [2011/01/26 22:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\N360\0501000.01D\SYMDS .SYS -- (SymDS)
DRV - [2010/11/20 02:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/15 17:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\system32\drivers\N360\0501000.01D\Ironx 86.SYS -- (SymIRON)
DRV - [2010/07/27 09:57:00 | 010,325,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/06/22 02:37:38 | 000,105,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010/05/10 01:28:15 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/03/30 17:40:20 | 000,011,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2009/07/20 01:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2009/07/13 14:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/06/08 09:25:02 | 000,130,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SRS_PremSoundMon_i386. sys -- (SRS_PremSoundMon)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1279027443-2274798117-2798656859-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKU\S-1-5-21-1279027443-2274798117-2798656859-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-1279027443-2274798117-2798656859-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1279027443-2274798117-2798656859-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://news.google.com"
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.67
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.0.8

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/02/20 19:45:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/02/20 19:45:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/08/06 09:59:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_0_8 [2012/01/14 15:31:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/14 15:20:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/03/14 17:32:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eph Fane\AppData\Roaming\Mozilla\Extensions
[2012/01/07 01:56:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eph Fane\AppData\Roaming\Mozilla\Firefox\Profiles\vrx2 3xef.default\extensions
[2011/07/17 16:53:04 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Eph Fane\AppData\Roaming\Mozilla\Firefox\Profiles\vrx2 3xef.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011/08/19 21:33:10 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Users\Eph Fane\AppData\Roaming\Mozilla\Firefox\Profiles\vrx2 3xef.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2011/08/05 14:05:25 | 000,002,468 | ---- | M] () -- C:\Users\Eph Fane\AppData\Roaming\Mozilla\Firefox\Profiles\vrx2 3xef.default\searchplugins\safesearch.xml
[2011/09/01 22:00:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\EPH FANE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VRX2 3XEF.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/01/14 15:20:03 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/02 21:36:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/08 21:47:56 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/08/02 15:11:50 | 000,000,822 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1279027443-2274798117-2798656859-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\aprp.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\2.2.32.76\ASUSWSDashBoard.exe (eCareme)
O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [EeeSplendidAgent] C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe File not found
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - HKLM..\Run: [GraphicsSwitch] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1279027443-2274798117-2798656859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Programs\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Eph Fane\AppData\Roaming\DVDVideoSoftIEHelpers\freeyou tubetomp3converter.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programs\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{42D8B9DB-96DC-4C50-93E3-CD2173CBBAA7}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.ex e (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{25d521e5-6d43-11e0-a8f8-20cf30683989}\Shell - "" = AutoRun
O33 - MountPoints2\{25d521e5-6d43-11e0-a8f8-20cf30683989}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2030/01/02 03:00:59 | 000,000,000 | -HSD | C] -- C:\Boot
[2012/01/11 15:28:26 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\packager.dll
[2012/01/11 15:28:23 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\quartz.dll
[2012/01/11 15:28:22 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qdvd.dll
[2010/07/28 23:43:10 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys
[4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/14 17:28:36 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/01/14 15:38:39 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/14 15:38:39 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/14 15:31:36 | 000,001,858 | ---- | M] () -- C:\Users\Eph Fane\Desktop\MySyncFolder.lnk
[2012/01/14 15:31:01 | 1609,916,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/14 15:20:27 | 000,002,002 | ---- | M] () -- C:\Users\Eph Fane\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/11 17:49:55 | 000,624,178 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/01/11 17:49:55 | 000,106,522 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/01/07 01:07:14 | 000,113,132 | ---- | M] () -- C:\Users\Eph Fane\Desktop\Chen_Resume_2011.pdf
[4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2030/01/02 03:01:00 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2012/01/07 03:41:16 | 000,113,132 | ---- | C] () -- C:\Users\Eph Fane\Desktop\Chen_Resume_2011.pdf
[2011/05/18 15:09:12 | 000,001,940 | ---- | C] () -- C:\Users\Eph Fane\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/03/29 17:35:08 | 000,130,472 | ---- | C] () -- C:\windows\System32\drivers\SRS_PremSoundMon_i386. sys
[2011/03/27 01:25:56 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll
[2011/02/23 21:55:55 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2011/02/19 18:18:53 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2011/02/19 01:29:54 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2011/02/19 01:25:39 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2011/02/19 01:25:39 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2010/09/02 13:48:30 | 000,219,136 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2010/09/02 13:48:30 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2010/09/02 13:44:20 | 000,011,520 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys
[2010/09/02 13:43:20 | 000,000,399 | ---- | C] () -- C:\windows\Reboot.ini
[2010/09/02 13:39:46 | 000,014,051 | ---- | C] () -- C:\windows\System32\RaCoInst.dat
[2009/07/13 20:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 20:33:53 | 000,284,672 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/13 18:05:48 | 000,624,178 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/13 18:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/13 18:05:48 | 000,106,522 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/13 18:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/13 18:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/13 18:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/13 15:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 15:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2009/02/25 22:50:32 | 000,000,176 | ---- | C] () -- C:\windows\explorer.exe.config

< End of report >

Last edited by ephie; January 15th, 2012 at 05:00 AM.
Reply With Quote
  #4  
Old January 15th, 2012, 04:56 AM
ephie ephie is offline
Member
 
Join Date: Jun 2011
Posts: 51
Here's the Extras.txt output:

OTL logfile created on: 1/14/2012 6:31:50 PM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Eph Fane\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 62.07% Memory free
4.00 Gb Paging File | 3.17 Gb Available in Paging File | 79.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 75.18 Gb Free Space | 75.18% Space Free | Partition Type: NTFS
Drive D: | 117.87 Gb Total Space | 42.29 Gb Free Space | 35.88% Space Free | Partition Type: NTFS

Computer Name: EPHFANE | User Name: Eph Fane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/14 01:20:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Eph Fane\Downloads\OTL(1).exe
PRC - [2011/10/10 17:30:48 | 004,712,864 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
PRC - [2011/06/23 20:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/04/16 16:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe
PRC - [2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 04:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/09/02 13:46:16 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010/08/09 14:04:58 | 001,244,592 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
PRC - [2010/06/11 20:56:42 | 000,976,872 | ---- | M] (AsusTek Computer Inc.) -- C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe
PRC - [2010/06/09 23:57:18 | 000,548,744 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe
PRC - [2010/06/09 13:26:34 | 000,412,600 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
PRC - [2010/05/28 15:41:36 | 000,445,344 | ---- | M] (ASUS) -- C:\Program Files\EeePC\CapsHook\CapsHook.exe
PRC - [2010/05/21 13:42:48 | 000,652,576 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2010/04/06 21:16:52 | 001,599,880 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe
PRC - [2009/09/11 10:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
PRC - [2009/08/18 16:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/11 18:11:56 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.VisualBas#\dd759df05fad8dc6d3404e8e02b40819 \Microsoft.VisualBasic.ni.dll
MOD - [2011/10/15 04:37:33 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.EnterpriseSe#\dfe859829abd7f108aa5d82382251690 \System.EnterpriseServices.ni.dll
MOD - [2011/10/15 04:37:31 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Transactions\f5659a792c1f6832d9a45c1509d03497\ System.Transactions.ni.dll
MOD - [2011/10/15 04:37:28 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Data\f8196c3588c2229e84516af4b6a0ee60\System.D ata.ni.dll
MOD - [2011/10/15 04:35:58 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db \System.Windows.Forms.ni.dll
MOD - [2011/10/15 04:35:32 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Drawing\3b2cfd85528a27eb71dc41d8067359a1\Syste m.Drawing.ni.dll
MOD - [2011/10/14 20:06:26 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Xml\130ad4d9719e566ca933ac7158a04203\System.Xm l.ni.dll
MOD - [2011/10/14 20:06:13 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Configuration\2d5bcbeb9475ef62189f605bcca1cec6 \System.Configuration.ni.dll
MOD - [2011/10/14 20:06:10 | 007,963,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/14 20:05:53 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\msc orlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni .dll
MOD - [2011/10/10 17:15:08 | 000,936,960 | ---- | M] () -- C:\Program Files\Enigma Software Group\SpyHunter\ExecutionGuard.dll
MOD - [2010/11/04 17:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b7 7a5c561934e089\System.Data.dll
MOD - [2010/09/02 13:55:39 | 000,030,032 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\SqliteShared\2.2.0.26 258__0d0f4b69e50e559b\SqliteShared.dll
MOD - [2010/09/02 13:55:35 | 000,839,680 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data.SQLite\1.0. 60.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2010/06/14 23:24:18 | 000,124,240 | ---- | M] () -- C:\Program Files\ASUS\ASUS WebStorage\2.2.32.76\AsusWSShellExt.dll
MOD - [2009/06/10 13:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0 .0.0__b77a5c561934e089\System.Transactions.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/16 16:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2010/05/21 13:42:48 | 000,652,576 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/08/18 16:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/11/30 18:25:03 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\ 20111223.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/09 02:22:35 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/09 02:22:35 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/22 23:17:32 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\2 0120113.002\IDSvix86.sys -- (IDSVix86)
DRV - [2011/08/04 22:50:58 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/08/04 00:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs \20120113.025\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/04 00:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs \20120113.025\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/08 16:44:30 | 000,299,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\System32\Drivers\N360\0501000.01D\SYMNE TS.SYS -- (SymNetS)
DRV - [2011/05/06 15:57:10 | 000,013,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2011/03/30 19:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\windows\System32\Drivers\N360\0501000.01D\SRTSP .SYS -- (SRTSP)
DRV - [2011/03/30 19:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\system32\drivers\N360\0501000.01D\SRTSP X.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/14 18:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\windows\system32\drivers\N360\0501000.01D\SYMEF A.SYS -- (SymEFA)
DRV - [2011/01/26 22:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\N360\0501000.01D\SYMDS .SYS -- (SymDS)
DRV - [2010/11/20 02:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/15 17:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\system32\drivers\N360\0501000.01D\Ironx 86.SYS -- (SymIRON)
DRV - [2010/07/27 09:57:00 | 010,325,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/06/22 02:37:38 | 000,105,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010/05/10 01:28:15 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/03/30 17:40:20 | 000,011,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2009/07/20 01:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2009/07/13 14:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/06/08 09:25:02 | 000,130,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SRS_PremSoundMon_i386. sys -- (SRS_PremSoundMon)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1279027443-2274798117-2798656859-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKU\S-1-5-21-1279027443-2274798117-2798656859-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-1279027443-2274798117-2798656859-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1279027443-2274798117-2798656859-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://news.google.com"
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.67
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.0.8

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/02/20 19:45:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/02/20 19:45:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/08/06 09:59:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_0_8 [2012/01/14 15:31:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/14 15:20:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/03/14 17:32:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eph Fane\AppData\Roaming\Mozilla\Extensions
[2012/01/07 01:56:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eph Fane\AppData\Roaming\Mozilla\Firefox\Profiles\vrx2 3xef.default\extensions
[2011/07/17 16:53:04 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Eph Fane\AppData\Roaming\Mozilla\Firefox\Profiles\vrx2 3xef.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011/08/19 21:33:10 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Users\Eph Fane\AppData\Roaming\Mozilla\Firefox\Profiles\vrx2 3xef.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2011/08/05 14:05:25 | 000,002,468 | ---- | M] () -- C:\Users\Eph Fane\AppData\Roaming\Mozilla\Firefox\Profiles\vrx2 3xef.default\searchplugins\safesearch.xml
[2011/09/01 22:00:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\EPH FANE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VRX2 3XEF.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/01/14 15:20:03 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/02 21:36:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/08 21:47:56 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/08/02 15:11:50 | 000,000,822 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1279027443-2274798117-2798656859-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\aprp.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\2.2.32.76\ASUSWSDashBoard.exe (eCareme)
O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [EeeSplendidAgent] C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe File not found
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - HKLM..\Run: [GraphicsSwitch] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1279027443-2274798117-2798656859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Programs\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Eph Fane\AppData\Roaming\DVDVideoSoftIEHelpers\freeyou tubetomp3converter.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programs\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{42D8B9DB-96DC-4C50-93E3-CD2173CBBAA7}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.ex e (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{25d521e5-6d43-11e0-a8f8-20cf30683989}\Shell - "" = AutoRun
O33 - MountPoints2\{25d521e5-6d43-11e0-a8f8-20cf30683989}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2030/01/02 03:00:59 | 000,000,000 | -HSD | C] -- C:\Boot
[2012/01/11 15:28:26 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\packager.dll
[2012/01/11 15:28:23 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\quartz.dll
[2012/01/11 15:28:22 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qdvd.dll
[2010/07/28 23:43:10 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys
[4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/14 17:28:36 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/01/14 15:38:39 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/14 15:38:39 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/14 15:31:36 | 000,001,858 | ---- | M] () -- C:\Users\Eph Fane\Desktop\MySyncFolder.lnk
[2012/01/14 15:31:01 | 1609,916,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/14 15:20:27 | 000,002,002 | ---- | M] () -- C:\Users\Eph Fane\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/11 17:49:55 | 000,624,178 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/01/11 17:49:55 | 000,106,522 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/01/07 01:07:14 | 000,113,132 | ---- | M] () -- C:\Users\Eph Fane\Desktop\Chen_Resume_2011.pdf
[4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2030/01/02 03:01:00 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2012/01/07 03:41:16 | 000,113,132 | ---- | C] () -- C:\Users\Eph Fane\Desktop\Chen_Resume_2011.pdf
[2011/05/18 15:09:12 | 000,001,940 | ---- | C] () -- C:\Users\Eph Fane\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/03/29 17:35:08 | 000,130,472 | ---- | C] () -- C:\windows\System32\drivers\SRS_PremSoundMon_i386. sys
[2011/03/27 01:25:56 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll
[2011/02/23 21:55:55 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2011/02/19 18:18:53 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2011/02/19 01:29:54 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2011/02/19 01:25:39 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2011/02/19 01:25:39 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2010/09/02 13:48:30 | 000,219,136 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2010/09/02 13:48:30 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2010/09/02 13:44:20 | 000,011,520 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys
[2010/09/02 13:43:20 | 000,000,399 | ---- | C] () -- C:\windows\Reboot.ini
[2010/09/02 13:39:46 | 000,014,051 | ---- | C] () -- C:\windows\System32\RaCoInst.dat
[2009/07/13 20:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 20:33:53 | 000,284,672 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/13 18:05:48 | 000,624,178 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/13 18:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/13 18:05:48 | 000,106,522 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/13 18:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/13 18:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/13 18:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/13 15:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 15:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2009/02/25 22:50:32 | 000,000,176 | ---- | C] () -- C:\windows\explorer.exe.config

< End of report >
Reply With Quote
  #5  
Old January 15th, 2012, 04:58 AM
ephie ephie is offline
Member
 
Join Date: Jun 2011
Posts: 51
The initial Gmer scan found something -- and here's the copy paste of the output:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-01-14 19:03:48
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEVT-80A23T0 rev.01.01A01
Running: tg01ztl5.exe; Driver: C:\Users\EPHFAN~1\AppData\Local\Temp\uxddapob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
Reply With Quote
  #6  
Old January 15th, 2012, 04:58 AM
ephie ephie is offline
Member
 
Join Date: Jun 2011
Posts: 51
Here's the aswMBR.txt output:

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-14 19:06:34
-----------------------------
19:06:34.786 OS Version: Windows 6.1.7601 Service Pack 1
19:06:34.786 Number of processors: 4 586 0x1C0A
19:06:34.801 ComputerName: EPHFANE UserName:
19:06:36.486 Initialize success
19:07:11.882 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:07:11.897 Disk 0 Vendor: WDC_WD2500BEVT-80A23T0 01.01A01 Size: 238475MB BusType: 11
19:07:11.944 Disk 0 MBR read successfully
19:07:11.944 Disk 0 MBR scan
19:07:11.960 Disk 0 Windows 7 default MBR code
19:07:11.991 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 102400 MB offset 2048
19:07:12.022 Disk 0 Partition 2 00 1B Hidd FAT32 MSDOS5.0 15360 MB offset 209717248
19:07:12.038 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 120694 MB offset 241174528
19:07:12.085 Disk 0 Partition 4 00 EF EFI FAT 20 MB offset 488355840
19:07:12.100 Disk 0 scanning sectors +488397168
19:07:12.646 Disk 0 scanning C:\windows\system32\drivers
19:07:20.821 Service scanning
19:07:23.083 Modules scanning
19:07:42.458 Disk 0 trace - called modules:
19:07:42.520 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
19:07:42.551 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x854dc350]
19:07:42.583 3 CLASSPNP.SYS[892d459e] -> nt!IofCallDriver -> [0x8538f918]
19:07:42.614 5 ACPI.sys[88a883d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85382908]
19:07:42.645 Scan finished successfully
19:34:07.459 Disk 0 MBR has been saved successfully to "C:\Users\Eph Fane\Documents\pulire\New folder\MBR.dat"
19:34:07.490 The log file has been saved successfully to "C:\Users\Eph Fane\Documents\pulire\New folder\aswMBR.txt"
Reply With Quote
  #7  
Old January 15th, 2012, 11:56 PM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 50,520
SpyHunter - Last I read on that it was considered a rogue software, but either way, it is not recommended to have installed. And likely the problem source there. But you posted the main OTL.log twice, and that second one would show the installed software. If OTL did not create a second Extras.txt, please do the following (though just post the Extras.txt if it's there):

Download HijackThis from Here. Then click on the downloaded file, and install HijackThis.

In HijackThis, click Config - Misc Tools - Open Uninstall Manager.

Click on Save List, then save that to a location you can locate again (such as the desktop). Copy/paste the contents of that back here please.
Reply With Quote
  #8  
Old January 20th, 2012, 06:23 AM
ephie ephie is offline
Member
 
Join Date: Jun 2011
Posts: 51
I couldn't find the Extras.txt file so I've posted the HijackThis output below.

By the way, that weird update I mentioned above happened again... I noticed the night before, my netbook notified me that I needed to restart or shutdown with new updates, presumably from Microsoft. When I started my computer today, the computer automatically went to a black screen with one line saying, "Applying Update 417 of 417........" with a partial file address in parantheses, something with "registry\" in it. I didn't catch it in time...

My online surfing and streaming video have been lagging and skipping and it's awful and not normal.

Thanks!
---
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1 MUI
ASUS WebStorage
AsusScreensaver
ASUSUpdate for Eee PC
Atheros Client Installation Program
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Broadcom Wireless Network Adapter
CapsHook
CyberLink YouCam
CyberLink YouCam
DivX Setup
EeeSplendid
ETDWare PS/2-x86 7.0.5.13_WHQL
Free YouTube to MP3 Converter version 3.10.9.908
GraphicsSwitch
HijackThis 2.0.2
Hotkey Service
Intel(R) Graphics Media Accelerator Driver
LiveUpdate
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 9.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser (KB973685)
Norton Security Suite
NVIDIA Display Control Panel
NVIDIA Drivers
OOBERegBackup
PDFCreator
Ralink RT2860 Wireless LAN Card
Realtek High Definition Audio Driver
ScreenSaverPatch
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
SpyHunter
SRS Premium Sound for Monitors
Super Hybrid Engine
Trend Micro Titanium
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VC80CRTRedist - 8.0.50727.4053
ViewSonic Windows 7 Signed Files
WIDCOMM Bluetooth Software
Reply With Quote
  #9  
Old January 21st, 2012, 01:22 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 50,520
Quote:
Applying Update 417 of 417
You would have to be very seriously behind in Windows updates to hit such a high number. Even on raw systems I see maybe 108 or so, tops. I wonder if these are Asus updates, since Asus has more and more ventured into adding it's own softwares to it's systems. N malware trick I am aware of, and none showing here except for unwanted software we are about to address.

So only SpyHunter showing, which truly may be causing the problems there.

Temp disable all security programs.


Go to Start - Control Panel - Programs - Programs and Features, then click on each of the following programs, if they show there, and click "Uninstall/Change".

SpyHunter

--------

Remember - right click/Run as administrator all installs.


Download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup-1.60.01800.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

----------

Disable your antivirus program and click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file to run the scanner.

If you accept the Terms of Use, check the box and click Start. It will take a couple minutes for the scanner to get ready. When the Computer scan settings display shows, check the following boxes:

Remove found threats
Scan unwanted applications


Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

Then click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

Click Start. This scan may take a while, so please be patient.

If infection is found, at the end of the scan click "List of found threats".

In that display, at the bottom, select the option to save the results as a text file, and save that to your desktop. Post that back here please.

Post that log and the Malwarebytes log please.
Reply With Quote
  #10  
Old February 20th, 2012, 05:34 AM
ephie ephie is offline
Member
 
Join Date: Jun 2011
Posts: 51
Hi, Sorry it's taken me so long to do the scans but I'm still trying to figure out what's going on with my netbook. I've uninstalled SpyHunter but the de-installation didn't go smoothly and I don't know how to make sure it was clean.

I ran the two scans you told me to and they came up empty...

mbam log:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.18.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Eph Fane :: EPHFANE [administrator]

2/18/2012 12:06:58 AM
mbam-log-2012-02-18 (00-06-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 166159
Time elapsed: 6 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

--

Eset came up with nothing as well...

But everything on my netbook is sluggish and windows/programs are always "not responding"... so are there any other scans we can do to try and figure this out? Also, is there another security program that scans for spyware and other malware that you can recommend since SpyHunter isn't recommended?

Thanks,
Eph
Reply With Quote
  #11  
Old February 21st, 2012, 12:09 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 50,520
SpyHunter, if it was worth a hoot, would have just supplemented your existing Norton antivirus, which you can now use Malwarebytes for.

Reboot to Safe Mode, and see if things run better then, when most of Norton will be disabled. May be that Norton has become corrupted, though it tends to bring slowness with it anyway.

At startup tap the F8 key about once per half-second, then select Safe Mode with Networking from the menu that will appear.

If things are okay then, may need to save any Norton registration keys for a reinstall, and temporarily uninstall it. But check first please.
Reply With Quote
  #12  
Old February 21st, 2012, 12:11 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 50,520
While in Safe Mode with Networking, go ahead and run this scan - see if something is sneaking past us here.

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


Download ComboFix.exe from here to your desktop, then click that to run that scan. Agree to any warnings you might receive.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.
Reply With Quote
  #13  
Old March 6th, 2012, 02:11 AM
ephie ephie is offline
Member
 
Join Date: Jun 2011
Posts: 51
Hi - It's been a while and I just haven't had the time to do those scans you suggested -- but right when I was going to do them, something really really weird happened. I had left my netbook on (with two Internet windows open - one Chrome streaming video and one Firefox with some static pages) for less than an hour and I came back only to press play on the netflix page -- which started fine but then the whole screen froze and I couldn't move my cursor -- but then the windows started flickering and I tried shift+alt+del to get to the task manager or to shut it down but that didn't work (the screen went towards being locked but then went directly back to the two internet windows without any prompting so I repeated that a few times -- and then I just tried moving the cursor to the start menu to get to the shut down but the "pull-down" menu/side menu wouldn't stay put for long enough (flickered in and out or rather slide in and then disappeared) for me to actually click on shut down... and then after a few minutes of this, the computer just shut down by itself. ... After that, I started up the computer after a few minutes in safe mode to run a full system scan in norton and that didn't turn up anything... I decided to re-run the scans you had me do in the beginning of this post. Mostly because I hadn't copied down your most recent instructions and because I wanted to see if there was anything new that could be causing this weirdness to happen. I did uninstall SpyHunter and I did install Chrome recently.

Hopefully me doing those scans again didn't mess anything up and be helpful in diagnosing this problem... especially since I have SpyHunter uninstalled now - so here is all the output:

OTL -
OTL logfile created on: 3/4/2012 11:36:11 PM - Run 6
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Eph Fane\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 68.77% Memory free
4.00 Gb Paging File | 3.24 Gb Available in Paging File | 80.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 75.16 Gb Free Space | 75.16% Space Free | Partition Type: NTFS
Drive D: | 117.87 Gb Total Space | 31.39 Gb Free Space | 26.63% Space Free | Partition Type: NTFS

Computer Name: EPHFANE | User Name: Eph Fane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/14 01:20:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Eph Fane\Downloads\OTL(1).exe
PRC - [2011/06/23 20:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/04/16 16:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccsvchst.exe
PRC - [2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 04:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/09/02 13:46:16 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010/08/09 14:04:58 | 001,244,592 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
PRC - [2010/06/11 20:56:42 | 000,976,872 | ---- | M] (AsusTek Computer Inc.) -- C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe
PRC - [2010/06/09 23:57:18 | 000,548,744 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe
PRC - [2010/06/09 13:26:34 | 000,412,600 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
PRC - [2010/05/28 15:41:36 | 000,445,344 | ---- | M] (ASUS) -- C:\Program Files\EeePC\CapsHook\CapsHook.exe
PRC - [2010/05/21 13:42:48 | 000,652,576 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2010/04/06 21:16:52 | 001,599,880 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe
PRC - [2009/09/11 10:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
PRC - [2009/08/18 16:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/20 20:38:29 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.VisualBas#\659bc287f3b51e5e604208ce93d983ec \Microsoft.VisualBasic.ni.dll
MOD - [2012/02/19 20:19:06 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.EnterpriseSe#\3fccda0d4dd150a217c2798e39e97a48 \System.EnterpriseServices.ni.dll
MOD - [2012/02/19 20:19:04 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Transactions\9e8dfbd1334d30a08ce1f2df29ca9aff\ System.Transactions.ni.dll
MOD - [2012/02/19 20:19:01 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Data\eedf95f16a7e81ca43dd8accf11498a3\System.D ata.ni.dll
MOD - [2012/02/19 20:12:10 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9 \System.Windows.Forms.ni.dll
MOD - [2012/02/19 20:11:27 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\Syste m.Drawing.ni.dll
MOD - [2012/02/19 20:09:51 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xm l.ni.dll
MOD - [2012/02/19 20:09:27 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Configuration\e620323cacb5b6bfd93fd28d263440e4 \System.Configuration.ni.dll
MOD - [2012/02/19 20:09:20 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/10/14 20:05:53 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\msc orlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni .dll
MOD - [2010/11/04 17:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b7 7a5c561934e089\System.Data.dll
MOD - [2010/09/02 13:55:39 | 000,030,032 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\SqliteShared\2.2.0.26 258__0d0f4b69e50e559b\SqliteShared.dll
MOD - [2010/09/02 13:55:35 | 000,839,680 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data.SQLite\1.0. 60.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2010/06/14 23:24:18 | 000,124,240 | ---- | M] () -- C:\Program Files\ASUS\ASUS WebStorage\2.2.32.76\AsusWSShellExt.dll
MOD - [2009/06/10 13:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0 .0.0__b77a5c561934e089\System.Transactions.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/16 16:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe -- (N360)
SRV - [2010/05/21 13:42:48 | 000,652,576 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/08/18 16:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2012/02/23 17:40:27 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs \20120304.006\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/02/23 17:40:27 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/23 17:40:27 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs \20120304.006\NAVENG.SYS -- (NAVENG)
DRV - [2012/02/20 18:40:16 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/02/20 18:39:22 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/02/17 16:28:52 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\2 0120303.003\IDSvix86.sys -- (IDSVix86)
DRV - [2012/02/15 21:50:02 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\ 20120215.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/04/20 17:37:49 | 000,299,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\System32\Drivers\N360\0502000.00D\SYMNE TS.SYS -- (SymNetS)
DRV - [2011/03/30 19:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\windows\System32\Drivers\N360\0502000.00D\SRTSP .SYS -- (SRTSP)
DRV - [2011/03/30 19:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\system32\drivers\N360\0502000.00D\SRTSP X.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/14 18:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\windows\system32\drivers\N360\0502000.00D\SYMEF A.SYS -- (SymEFA)
DRV - [2011/01/26 22:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\N360\0502000.00D\SYMDS .SYS -- (SymDS)
DRV - [2010/11/20 02:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/15 17:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\system32\drivers\N360\0502000.00D\Ironx 86.SYS -- (SymIRON)
DRV - [2010/07/27 09:57:00 | 010,325,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/06/22 02:37:38 | 000,105,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010/05/10 01:28:15 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/03/30 17:40:20 | 000,011,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2009/07/20 01:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2009/07/13 14:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/06/08 09:25:02 | 000,130,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SRS_PremSoundMon_i386. sys -- (SRS_PremSoundMon)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1279027443-2274798117-2798656859-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKU\S-1-5-21-1279027443-2274798117-2798656859-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-1279027443-2274798117-2798656859-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1279027443-2274798117-2798656859-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://news.google.com"
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.67
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.0.8

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Eph Fane\AppData\Local\Google\Update\1.3.21.99\npGoogl eUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Eph Fane\AppData\Local\Google\Update\1.3.21.99\npGoogl eUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/02/20 19:45:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/02/20 19:45:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/20 18:55:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_5_2 [2012/03/04 23:31:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/22 17:46:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/03/14 17:32:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eph Fane\AppData\Roaming\Mozilla\Extensions
[2012/01/21 15:51:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eph Fane\AppData\Roaming\Mozilla\Firefox\Profiles\vrx2 3xef.default\extensions
[2011/07/17 16:53:04 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Eph Fane\AppData\Roaming\Mozilla\Firefox\Profiles\vrx2 3xef.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2012/02/22 17:51:01 | 000,002,468 | ---- | M] () -- C:\Users\Eph Fane\AppData\Roaming\Mozilla\Firefox\Profiles\vrx2 3xef.default\searchplugins\safesearch.xml
[2011/09/01 22:00:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/04 23:31:36 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\COFFPLGN_2011_7_5_2
[2012/02/20 18:55:54 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPLGN
() (No name found) -- C:\USERS\EPH FANE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VRX2 3XEF.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\EPH FANE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VRX2 3XEF.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2012/02/22 17:46:55 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/22 17:46:47 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/22 17:46:46 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:accepte dSuggestion}{google:originalQueryForSuggestion}{go ogle:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEnco ding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldt rialParameter}{google:instantFieldTrialGroupParame ter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Eph Fane\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Eph Fane\AppData\Local\Google\Chrome\Application\17.0. 963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Eph Fane\AppData\Local\Google\Chrome\Application\17.0. 963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Eph Fane\AppData\Local\Google\Chrome\Application\17.0. 963.56\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Eph Fane\AppData\Local\Google\Update\1.3.21.99\npGoogl eUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Eph Fane\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Eph Fane\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddi lifddb\1.2_0\
CHR - Extension: Google Search = C:\Users\Eph Fane\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.17_0\
CHR - Extension: DivX HiQ = C:\Users\Eph Fane\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkood mkgbae\2.1.1.94_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Eph Fane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacok ifdkhm\2.1.1.94_0\
CHR - Extension: Gmail = C:\Users\Eph Fane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_0\

O1 HOSTS File: ([2011/08/02 15:11:50 | 000,000,822 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1279027443-2274798117-2798656859-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\aprp.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\2.2.32.76\ASUSWSDashBoard.exe (eCareme)
O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [EeeSplendidAgent] C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe File not found
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - HKLM..\Run: [GraphicsSwitch] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1279027443-2274798117-2798656859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Programs\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Eph Fane\AppData\Roaming\DVDVideoSoftIEHelpers\freeyou tubetomp3converter.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programs\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{42D8B9DB-96DC-4C50-93E3-CD2173CBBAA7}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.ex e (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{25d521e5-6d43-11e0-a8f8-20cf30683989}\Shell - "" = AutoRun
O33 - MountPoints2\{25d521e5-6d43-11e0-a8f8-20cf30683989}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2030/01/02 03:00:59 | 000,000,000 | -HSD | C] -- C:\Boot
[2012/02/25 17:52:11 | 000,000,000 | ---D | C] -- C:\Users\Eph Fane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/02/20 18:52:18 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\N360\0502000.00D\symef a.sys
[2012/02/20 18:52:18 | 000,340,088 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\N360\0502000.00D\symds .sys
[2012/02/20 18:52:18 | 000,299,640 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\N360\0502000.00D\symne ts.sys
[2012/02/20 18:52:18 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\N360\0502000.00D\srtsp x.sys
[2012/02/20 18:52:17 | 000,516,216 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\N360\0502000.00D\srtsp .sys
[2012/02/20 18:52:17 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\N360\0502000.00D\ironx 86.sys
[2012/02/20 18:51:43 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\N360\0502000.00D
[2012/02/20 18:31:17 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\SYMEVENT.SYS
[2012/02/20 18:31:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/02/20 18:31:17 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/02/20 18:30:45 | 000,106,928 | ---- | C] (GEAR Software Inc.) -- C:\windows\System32\GEARAspi.dll
[2012/02/20 18:30:30 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\N360
[2012/02/20 18:30:26 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
[2012/02/20 18:30:26 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Suite
[2012/02/20 18:30:08 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012/02/17 21:24:51 | 000,000,000 | ---D | C] -- C:\Users\Eph Fane\AppData\Roaming\Malwarebytes
[2012/02/17 21:23:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/17 21:23:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/17 21:23:41 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/02/17 21:23:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/17 17:35:08 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\timedate.cpl
[2012/02/17 17:34:43 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2010/07/28 23:43:10 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys
[4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/04 23:39:22 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/04 23:39:22 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/04 23:32:17 | 000,001,858 | ---- | M] () -- C:\Users\Eph Fane\Desktop\MySyncFolder.lnk
[2012/03/04 23:31:22 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/03/04 23:31:10 | 1609,916,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/04 22:56:00 | 000,000,920 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1279027443-2274798117-2798656859-1000UA.job
[2012/03/04 17:56:02 | 000,000,868 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1279027443-2274798117-2798656859-1000Core.job
[2012/02/25 17:52:15 | 000,002,293 | ---- | M] () -- C:\Users\Eph Fane\Desktop\Google Chrome.lnk
[2012/02/20 18:55:09 | 000,002,443 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2012/02/20 18:54:40 | 001,482,020 | ---- | M] () -- C:\windows\System32\drivers\N360\0502000.00D\Cat.D B
[2012/02/20 18:40:16 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\windows\System32\drivers\SYMEVENT.SYS
[2012/02/20 18:40:16 | 000,007,468 | ---- | M] () -- C:\windows\System32\drivers\SYMEVENT.CAT
[2012/02/20 18:40:16 | 000,000,806 | ---- | M] () -- C:\windows\System32\drivers\SYMEVENT.INF
[2012/02/20 18:29:54 | 000,001,329 | ---- | M] () -- C:\Users\Eph Fane\Desktop\Norton Installation Files.lnk
[2012/02/19 21:07:29 | 000,624,178 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/02/19 21:07:29 | 000,106,522 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/02/19 20:07:18 | 000,284,672 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/02/04 15:05:01 | 000,001,994 | ---- | M] () -- C:\Users\Eph Fane\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2030/01/02 03:01:00 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2012/02/25 17:52:15 | 000,002,293 | ---- | C] () -- C:\Users\Eph Fane\Desktop\Google Chrome.lnk
[2012/02/25 17:51:11 | 000,000,920 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1279027443-2274798117-2798656859-1000UA.job
[2012/02/25 17:51:10 | 000,000,868 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1279027443-2274798117-2798656859-1000Core.job
[2012/02/20 18:53:51 | 001,482,020 | ---- | C] () -- C:\windows\System32\drivers\N360\0502000.00D\Cat.D B
[2012/02/20 18:52:18 | 000,007,458 | ---- | C] () -- C:\windows\System32\drivers\N360\0502000.00D\symne t.cat
[2012/02/20 18:52:18 | 000,007,456 | ---- | C] () -- C:\windows\System32\drivers\N360\0502000.00D\symef a.cat
[2012/02/20 18:52:18 | 000,003,373 | ---- | C] () -- C:\windows\System32\drivers\N360\0502000.00D\symef a.inf
[2012/02/20 18:52:18 | 000,002,792 | ---- | C] () -- C:\windows\System32\drivers\N360\0502000.00D\symds .inf
[2012/02/20 18:52:18 | 000,001,445 | ---- | C] () -- C:\windows\System32\drivers\N360\0502000.00D\symne t.inf
[2012/02/20 18:52:17 | 000,007,528 | R--- | C] () -- C:\windows\System32\drivers\N360\0502000.00D\iron. cat
[2012/02/20 18:52:17 | 000,007,454 | ---- | C] () -- C:\windows\System32\drivers\N360\0502000.00D\srtsp x.cat
[2012/02/20 18:52:17 | 000,007,450 | ---- | C] () -- C:\windows\System32\drivers\N360\0502000.00D\srtsp .cat
[2012/02/20 18:52:17 | 000,001,389 | ---- | C] () -- C:\windows\System32\drivers\N360\0502000.00D\srtsp x.inf
[2012/02/20 18:52:17 | 000,001,383 | ---- | C] () -- C:\windows\System32\drivers\N360\0502000.00D\srtsp .inf
[2012/02/20 18:52:17 | 000,000,742 | R--- | C] () -- C:\windows\System32\drivers\N360\0502000.00D\iron. inf
[2012/02/20 18:51:48 | 000,000,000 | ---- | C] () -- C:\windows\System32\drivers\N360\0502000.00D\symds .cat
[2012/02/20 18:51:43 | 000,000,172 | ---- | C] () -- C:\windows\System32\drivers\N360\0502000.00D\isola te.ini
[2012/02/20 18:31:17 | 000,007,468 | ---- | C] () -- C:\windows\System32\drivers\SYMEVENT.CAT
[2012/02/20 18:31:17 | 000,000,806 | ---- | C] () -- C:\windows\System32\drivers\SYMEVENT.INF
[2012/02/20 18:31:07 | 000,002,443 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2011/05/18 15:09:12 | 000,001,940 | ---- | C] () -- C:\Users\Eph Fane\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/03/29 17:35:08 | 000,130,472 | ---- | C] () -- C:\windows\System32\drivers\SRS_PremSoundMon_i386. sys
[2011/03/27 01:25:56 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll
[2011/02/23 21:55:55 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2011/02/19 18:18:53 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2011/02/19 01:29:54 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2011/02/19 01:25:39 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2011/02/19 01:25:39 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2010/09/02 13:48:30 | 000,219,136 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2010/09/02 13:48:30 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2010/09/02 13:44:20 | 000,011,520 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys
[2010/09/02 13:43:20 | 000,000,399 | ---- | C] () -- C:\windows\Reboot.ini
[2010/09/02 13:39:46 | 000,014,051 | ---- | C] () -- C:\windows\System32\RaCoInst.dat
[2009/07/13 20:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 20:33:53 | 000,284,672 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/13 18:05:48 | 000,624,178 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/13 18:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/13 18:05:48 | 000,106,522 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/13 18:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/13 18:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/13 18:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/13 15:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 15:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2009/02/25 22:50:32 | 000,000,176 | ---- | C] () -- C:\windows\explorer.exe.config

< End of report >
Reply With Quote
  #14  
Old March 6th, 2012, 02:14 AM
ephie ephie is offline
Member
 
Join Date: Jun 2011
Posts: 51
There was no Extras.txt output from the OTL scan.

here is the Gmer initial scan that came up with something so I didn't continue with the rest of the scan, per your original instructions:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-03-04 23:46:41
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEVT-80A23T0 rev.01.01A01
Running: tg01ztl5.exe; Driver: C:\Users\EPHFAN~1\AppData\Local\Temp\uxddapob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

the aswMBR scan:
aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-03-04 23:47:40
-----------------------------
23:47:40.287 OS Version: Windows 6.1.7601 Service Pack 1
23:47:40.287 Number of processors: 4 586 0x1C0A
23:47:40.287 ComputerName: EPHFANE UserName:
23:47:41.348 Initialize success
23:47:55.681 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:47:55.681 Disk 0 Vendor: WDC_WD2500BEVT-80A23T0 01.01A01 Size: 238475MB BusType: 11
23:47:55.728 Disk 0 MBR read successfully
23:47:55.728 Disk 0 MBR scan
23:47:55.743 Disk 0 Windows 7 default MBR code
23:47:55.759 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 102400 MB offset 2048
23:47:55.790 Disk 0 Partition 2 00 1B Hidd FAT32 MSDOS5.0 15360 MB offset 209717248
23:47:55.821 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 120694 MB offset 241174528
23:47:55.852 Disk 0 Partition 4 00 EF EFI FAT 20 MB offset 488355840
23:47:55.868 Disk 0 scanning sectors +488397168
23:47:56.398 Disk 0 scanning C:\windows\system32\drivers
23:48:03.808 Service scanning
23:48:05.665 Modules scanning
23:48:20.126 Disk 0 trace - called modules:
23:48:20.173 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
23:48:20.188 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x854e6648]
23:48:20.220 3 CLASSPNP.SYS[892aa59e] -> nt!IofCallDriver -> [0x85384918]
23:48:20.251 5 ACPI.sys[88aa43d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8538f908]
23:48:20.266 Scan finished successfully
23:48:38.799 Disk 0 MBR has been saved successfully to "C:\Users\Eph Fane\Documents\pulire\New folder\New folder\MBR.dat"
23:48:38.815 The log file has been saved successfully to "C:\Users\Eph Fane\Documents\pulire\New folder\New folder\aswMBR.txt"


the uninstall_list from HJT:
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1 MUI
ASUS WebStorage
AsusScreensaver
ASUSUpdate for Eee PC
Atheros Client Installation Program
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Broadcom Wireless Network Adapter
CapsHook
CyberLink YouCam
CyberLink YouCam
DivX Setup
EeeSplendid
ETDWare PS/2-x86 7.0.5.13_WHQL
Free YouTube to MP3 Converter version 3.10.9.908
GraphicsSwitch
HijackThis 2.0.2
Hotkey Service
Intel(R) Graphics Media Accelerator Driver
LiveUpdate
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 10.0.2 (x86 en-US)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser (KB973685)
Norton Security Suite
NVIDIA Display Control Panel
NVIDIA Drivers
OOBERegBackup
PDFCreator
Ralink RT2860 Wireless LAN Card
Realtek High Definition Audio Driver
ScreenSaverPatch
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
SRS Premium Sound for Monitors
Super Hybrid Engine
Trend Micro Titanium
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VC80CRTRedist - 8.0.50727.4053
ViewSonic Windows 7 Signed Files
WIDCOMM Bluetooth Software

the mbam log:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.05.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Eph Fane :: EPHFANE [administrator]

3/4/2012 11:52:34 PM
mbam-log-2012-03-04 (23-52-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 169731
Time elapsed: 4 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

and the last one - the Eset scan came up with nothing.
Reply With Quote
  #15  
Old March 6th, 2012, 02:16 AM
ephie ephie is offline
Member
 
Join Date: Jun 2011
Posts: 51
Please let me know if there was anything new that came out of those scans and what I should do next.... or if I should just do what you recommended on 2/20 with the Safe Mode with Networking (does that mean I just surf online and watch video to see if there is any weirdness?) and then the ComboFix scan?

Thank you so much for your patience and your help!!!
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 03:34 AM.