Go Back   Cyber Tech Help Support Forums > Software > Malware Removal Forum

Notices

Reply
 
Topic Tools
  #1  
Old December 20th, 2011, 06:12 PM
Adderall464 Adderall464 is offline
New Member
 
Join Date: Dec 2011
Posts: 7
Tidserv Activity 2

My computer has "Tidserv Activity 2" popping up in my bottom right hand corner of my compputer. I saw there were a couple topics about this already on the site, but I wanted to make sure I got the right help for my system. I have:
Microsoft Windows XP
Professional
Version 2002
Service Pack 3

If someone wouldn't mind helping, please!
Reply With Quote


  #2  
Old December 20th, 2011, 09:31 PM
Aaflac's Avatar
Aaflac Aaflac is offline
Malware Removal Team
 
Join Date: May 2007
Location: Illinois, USA
Posts: 2,998
Let's take a look at what is going on...

Please do the following:


Download DDS from one of these locations:
Link 1
Link 2

Save it to your Desktop

Make sure you temporarily disable your AntiVirus, Firewall, and any other AntiSpyware applications. They may interfere with the programs we are about to run.

If you wish to look at information on how to disable these programs, please refer to the information available through this link

XP: Double-click the file downloaded to run the program
Vista/Windows 7: Right-click DDS and select: Run as Administrator

When done, DDS opens two logs:
-DDS.txt (Opens on the Desktop)
-Attach.txt (Is minimized - shows on the TaskBar)

Save the reports to your Desktop, and post both reports in your reply.




Also download aswMBR:
http://public.avast.com/~gmerek/aswMBR.exe

Save it to the Desktop.

XP: Double-click the file downloaded to run the program
Vista/Windows 7: Right-click the file and select: Run as Administrator

Click Scan

Upon completion of the scan, click ‘Save log’ and save it to the Desktop.
Note - Please do NOT attempt to fix anything!!

Also post the aswMBR log in your reply.


Also, you will notice that another file is created on the Desktop.
It is named MBR.dat.

Keep the file on the Desktop, and do not remove.

This is important, just in case we need to access the MBR information!!


However, do submit 'MBR.dat' for analysis to VirusTotal

Use the 'Browse' button to navigate to the location of the file.
Click on the file Then, click the 'Open' button.
The file is now displayed in the Submit Box.

Scroll down and click 'Send File', and wait for the results
If you get a message saying: 'File has already been analyzed', click 'Reanalyze file now'.

Once scanned, please provide the link to the results page in your reply.

Thanks.
Reply With Quote
  #3  
Old December 21st, 2011, 01:05 AM
Adderall464 Adderall464 is offline
New Member
 
Join Date: Dec 2011
Posts: 7
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_30
Run by Corey Padgitt at 17:25:01 on 2011-12-20
Microsoft Windows XP Professional 5.1.2600.3.936.86.1033.18.1022.95 [GMT -6:00]
.
AV: Norton 360 Premier Edition *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 Premier Edition *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\System32\ping.exe
C:\WINDOWS\system32\conime.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.myheritage.com
uSearch Page = hxxp://www.Google.com/
uSearchMigratedDefaultURL = hxxp://www.Google.com/
uSearch Bar = hxxp://www.Google.com/
uDefault_Search_URL = hxxp://www.Google.com/
mDefault_Search_URL = hxxp://www.Google.com/
mSearch Page = hxxp://www.Google.com/
mStart Page = hxxp://search.myheritage.com
mSearchMigratedDefaultURL = hxxp://www.Google.com/
mSearch Bar = hxxp://www.Google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.Google.com/
mSearchURL = hxxp://www.Google.com/
mSearchAssistant = hxxp://www.Google.com/
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: MHURLSearchHook Class: {1c4ab6a5-595f-4e86-b15f-f93cce2bbd48} - c:\program files\celebrity toolbar\tbhelper.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: MHTBPos00 Class: {0c37b053-fd68-456a-82e1-d788ee342e6f} - c:\program files\celebrity toolbar\tbcore3.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrow serrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360 premier edition\engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360 premier edition\engine\5.1.0.29\ips\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360 premier edition\engine\5.1.0.29\coIEPlg.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: Celebrity Toolbar: {fd2fd708-1f6f-4b68-b141-c5778f0c19bb} - c:\program files\celebrity toolbar\tbcore3.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [Veoh] "c:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
uRun: [<NO NAME>]
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
uRun: [auditpol] c:\documents and settings\corey padgitt\application data\auditpol.exe
uRun: [Microsoft?Windows Manager] c:\documents and settings\corey padgitt\m-1-25-5432-6437-5685\winmgr.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [auditpol] c:\documents and settings\corey padgitt\application data\auditpol.exe
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - hxxp://www.addonchat.com/404.html
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{51B9C071-5E57-4461-B83A-25157A002C79} : DhcpNameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: {d54f12f7-4d76-4c39-a096-e51ef5d33f2b}: displume
Hosts: 94.63.240.153 www.google.com
Hosts: 94.63.240.154 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\corey padgitt\application data\mozilla\firefox\profiles\7a5rw2tj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20111216052654935&tb_oid=16-12-2011&tb_mrud=16-12-2011
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=20111216052654935&tb_oid=16-12-2011&tb_mrud=16-12-2011&query=
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillapl ugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillapl ugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\corey padgitt\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\corey padgitt\application data\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\corey padgitt\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: AOL Messaging Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - %profile%\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
FF - Ext: Ask Toolbar for Firefox: {E9A1DEE0-C623-4439-8932-001E7D17607D} - %profile%\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
FF - Ext: Celebrity Toolbar: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - %profile%\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
FF - Ext: XUL Cache: {6f7caff4-de2f-4c0f-af6f-87777e874932} - %profile%\extensions\{6f7caff4-de2f-4c0f-af6f-87777e874932}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\E xt
FF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\coFFPlgn_2011_7_4_3
FF - Ext: Veoh Browser Plug-in: videofinder@veoh.com - c:\program files\veoh networks\veoh\plugins\noreg\videofinder4
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\corey padgitt\application data\Move Networks
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d \SymDS.sys [2011-6-4 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\050100 0.01d\SymEFA.sys [2011-6-4 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\2 0111210.003\BHDrvx86.sys [2011-12-10 819320]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01 d\Ironx86.sys [2011-6-4 136312]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-2-11 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-2-11 234888]
R2 N360;Norton 360;c:\program files\norton 360 premier edition\engine\5.1.0.29\ccSvcHst.exe [2011-6-4 130008]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-25 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-12-16 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20 111219.001\IDSXpx86.sys [2011-12-19 356280]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\ 20111220.002\NAVENG.SYS [2011-12-20 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\ 20111220.002\NAVEX15.SYS [2011-12-20 1576312]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-4 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-4 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system3 2\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
=============== Created Last 30 ================
.
2011-12-16 15:52:00 79872 ----a-w- c:\windows\system32\Pvdna.com_
2011-12-16 05:49:46 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-12-16 05:49:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-15 04:56:02 -------- d-sh--r- c:\documents and settings\corey padgitt\M-1-25-5432-6437-5685
2011-12-15 00:57:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-15 00:57:05 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-12-14 22:25:00 -------- d-----w- c:\documents and settings\corey padgitt\application data\Malwarebytes
2011-12-14 22:24:26 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-04 22:47:37 -------- d-sh--r- c:\documents and settings\corey padgitt\2397-5973-7874-8623
.
==================== Find3M ====================
.
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 09:27:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 23:43:21 832512 ----a-w- c:\windows\system32\wininet.dll
2011-10-31 23:43:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-10-31 23:43:21 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-10-31 23:43:20 17408 ------w- c:\windows\system32\corpol.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 17:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 17:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 17:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 17:26:41.12 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/5/2008 5:07:36 PM
System Uptime: 12/20/2011 5:00:34 PM (0 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | Microprocessor | 777/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 61.663 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: USB Device
Device ID: USB\VID_413C&PID_8140\5&11246E2F&0&2
Manufacturer:
Name: USB Device
PNP Device ID: USB\VID_413C&PID_8140\5&11246E2F&0&2
Service:
.
Class GUID:
Description: Modem Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2C06&SUBSYS_14F1000F& REV_1000\4&8F2C18F&0&0102
Manufacturer:
Name: Modem Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2C06&SUBSYS_14F1000F& REV_1000\4&8F2C18F&0&0102
Service:
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom NetXtreme 57xx Gigabit Controller
Device ID: PCI\VEN_14E4&DEV_1673&SUBSYS_01F91028&REV_02\4&1E9 3A591&0&00E5
Manufacturer: Broadcom
Name: Broadcom NetXtreme 57xx Gigabit Controller
PNP Device ID: PCI\VEN_14E4&DEV_1673&SUBSYS_01F91028&REV_02\4&1E9 3A591&0&00E5
Service: b57w2k
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_283E&SUBSYS_01F91028&REV_02\3&61A AA01&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_283E&SUBSYS_01F91028&REV_02\3&61A AA01&0&FB
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.3.1
Adobe Shockwave Player
AIM 6
AIM Toolbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Broadcom Gigabit Integrated Controller
Celebrity Toolbar
Critical Update for Windows Media Player 11 (KB959772)
Dell Resource CD
Dell Wireless WLAN Card
DimSum 0.7.9
DivX Converter
DivX Setup
DJ_AIO_06_F2400_SW_Min
Download Updater (AOL LLC)
Facebook Plug-In
ffdshow [rev 2033] [2008-07-05]
GearDrvs
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Deskjet F2400 All-in-One Driver 14.0 Rel. 6
iTunes
Java(TM) 6 Update 3
Java(TM) 6 Update 30
LastChaos
LimeWire 5.5.14
Logitech Harmony Remote Software 7
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Mojo
Move Media Player
Mozilla Firefox (3.6.24)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton 360 Premier Edition
NVIDIA Drivers
OGA Notifier 2.0.0048.0
PowerDVD
Project64 1.6
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Remote Control USB Driver
Rhapsody Player Engine
Rosetta Stone Version 3
Safari
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SigmaTel Audio
Skype Toolbars
Skype? 5.3
Symantec Technical Support Web Controls
Toolbox
ULRPG
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Outlook 2007 Junk Email Filter (KB2596560)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
VeohTV BETA
Viewpoint Media Player
Vuze
Vuze Toolbar
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Xvid Video Codec
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
12/19/2011 8:52:02 AM, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402
12/19/2011 7:52:01 AM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402
12/19/2011 6:52:00 AM, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402
12/19/2011 5:52:02 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: %%2147942402
12/19/2011 5:52:00 PM, error: Schedule [7901] - The At35.job command failed to start due to the following error: %%2147942402
12/19/2011 4:52:01 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: %%2147942402
12/19/2011 4:52:00 PM, error: Schedule [7901] - The At33.job command failed to start due to the following error: %%2147942402
12/19/2011 3:52:04 PM, error: Schedule [7901] - The At31.job command failed to start due to the following error: %%2147942402
12/19/2011 3:52:00 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: %%2147942402
12/19/2011 2:52:01 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: %%2147942402
12/19/2011 2:52:00 PM, error: Schedule [7901] - The At29.job command failed to start due to the following error: %%2147942402
12/19/2011 12:52:06 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402
12/19/2011 12:52:00 PM, error: Schedule [7901] - The At25.job command failed to start due to the following error: %%2147942402
12/19/2011 11:52:00 AM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402
12/19/2011 1:52:02 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: %%2147942402
12/18/2011 9:52:02 PM, error: Schedule [7901] - The At43.job command failed to start due to the following error: %%2147942402
12/18/2011 8:52:00 PM, error: Schedule [7901] - The At41.job command failed to start due to the following error: %%2147942402
12/18/2011 7:52:03 PM, error: Schedule [7901] - The At39.job command failed to start due to the following error: %%2147942402
12/18/2011 6:52:00 PM, error: Schedule [7901] - The At37.job command failed to start due to the following error: %%2147942402
12/18/2011 11:52:00 PM, error: Schedule [7901] - The At47.job command failed to start due to the following error: %%2147942402
12/18/2011 10:52:01 PM, error: Schedule [7901] - The At45.job command failed to start due to the following error: %%2147942402
12/18/2011 1:52:00 PM, error: Schedule [7901] - The At27.job command failed to start due to the following error: %%2147942402
12/17/2011 10:52:00 AM, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402
12/16/2011 9:52:00 AM, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402
12/16/2011 12:09:34 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
12/15/2011 11:55:59 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 805e1cc7, parameter3 f7a97c74, parameter4 00000000.
12/15/2011 1:58:15 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the N360 service.
12/13/2011 8:31:39 PM, error: HTTP [15005] - Unable to bind to the underlying transport for 0.0.0.0:2869. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number.
12/13/2011 7:51:06 PM, error: Dhcp [1002] - The IP address lease 192.168.2.3 for the Network Card with network address 001C26054B33 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-20 17:32:35
-----------------------------
17:32:35.218 OS Version: Windows 5.1.2600 Service Pack 3
17:32:35.218 Number of processors: 2 586 0xF0A
17:32:35.218 ComputerName: MIZZOU-09C0BCA8 UserName: Corey Padgitt
17:32:36.843 Initialize success
17:40:59.531 AVAST engine defs: 11122001
17:41:21.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
17:41:21.781 Disk 0 Vendor: TOSHIBA_MK1237GSX DL140D Size: 114473MB BusType: 3
17:41:23.843 Disk 0 MBR read successfully
17:41:23.843 Disk 0 MBR scan
17:41:23.937 Disk 0 Windows XP default MBR code
17:41:23.937 Disk 0 scanning sectors +234436545
17:41:24.031 Disk 0 scanning C:\WINDOWS\system32\drivers
17:41:30.718 File: C:\WINDOWS\system32\drivers\ipsec.sys **INFECTED** Win32:Alureon-AOT [Rtk]
17:41:40.500 Service scanning
17:41:42.171 Modules scanning
17:41:48.718 Module: C:\WINDOWS\system32\DRIVERS\ipsec.sys **SUSPICIOUS**
17:41:54.546 Disk 0 trace - called modules:
17:41:54.593 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8686ff10]<<
17:41:54.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f66030]
17:41:54.640 3 CLASSPNP.SYS[f7624fd7] -> nt!IofCallDriver -> [0x86c06030]
17:41:54.640 \Driver\00002210[0x86bc6b10] -> IRP_MJ_CREATE -> 0x8686ff10
17:41:56.093 AVAST engine scan C:\WINDOWS
17:42:14.484 AVAST engine scan C:\WINDOWS\system32
17:43:40.281 File: C:\WINDOWS\system32\Pvdna.com_ **INFECTED** Win32ropper-gen [Drp]
17:44:34.000 AVAST engine scan C:\WINDOWS\system32\drivers
17:44:40.359 File: C:\WINDOWS\system32\drivers\ipsec.sys **INFECTED** Win32:Alureon-AOT [Rtk]
17:44:51.234 AVAST engine scan C:\Documents and Settings\Corey Padgitt
17:49:08.234 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Corey Padgitt\Desktop\MBR.dat"
17:49:08.250 The log file has been saved successfully to "C:\Documents and Settings\Corey Padgitt\Desktop\aswMBR.txt"


http://www.virustotal.com/file-scan/...460-1324425216
Reply With Quote
  #4  
Old December 21st, 2011, 03:30 AM
Aaflac's Avatar
Aaflac Aaflac is offline
Malware Removal Team
 
Join Date: May 2007
Location: Illinois, USA
Posts: 2,998
Let’s run TDSSKiller…it is a specialized tool for this type of infection.

Please download its latest version:

Execute the downloaded file:
XP: Double-click tdsskiller.exe to run the program.

In the TDSSKiller Scan prompt, click on: Change parameters
Check the box besides: Detect TDLFS file system
Click: OK

Press the button: Start Scan

The tool scans and detects two object types:
Malicious (where the malware has been identified)
Suspicious (where the malware cannot be identified)

When the scan is over, the tool outputs a list of detected objects (Malicious or Suspicious) with their description.

It automatically selects an action (Cure or Delete) for Malicious objects. Leave the setting as it is.

It also prompts the User to select an action to apply to Suspicious objects (Skip, by default). Leave the setting as it is.

After clicking 'Next/Continue', the tool applies the selected actions.


A Reboot Required prompt may appear after a disinfection. Please reboot.


By default, the tool outputs its log to the system disk root folder (the disk with the Windows operating system, normally C:\).

Logs have a name like:
C:\TDSSKiller.2.4.7_20.12.2011_15.31.43_log.txt

Please post the TDSSKiller log in your reply.

Also need to know whether TDSSKiller needed a reboot.

Thanks.
Reply With Quote
  #5  
Old December 21st, 2011, 04:18 AM
Adderall464 Adderall464 is offline
New Member
 
Join Date: Dec 2011
Posts: 7
I had to Reboot.

21:06:55.0609 2852 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
21:06:56.0296 2852 ================================================== ==========
21:06:56.0296 2852 Current date / time: 2011/12/20 21:06:56.0296
21:06:56.0296 2852 SystemInfo:
21:06:56.0296 2852
21:06:56.0296 2852 OS Version: 5.1.2600 ServicePack: 3.0
21:06:56.0296 2852 Product type: Workstation
21:06:56.0296 2852 ComputerName: MIZZOU-09C0BCA8
21:06:56.0296 2852 UserName: Corey Padgitt
21:06:56.0296 2852 Windows directory: C:\WINDOWS
21:06:56.0296 2852 System windows directory: C:\WINDOWS
21:06:56.0296 2852 Processor architecture: Intel x86
21:06:56.0296 2852 Number of processors: 2
21:06:56.0296 2852 Page size: 0x1000
21:06:56.0296 2852 Boot type: Normal boot
21:06:56.0296 2852 ================================================== ==========
21:06:59.0875 2852 Initialize success
21:07:20.0718 2196 ================================================== ==========
21:07:20.0718 2196 Scan started
21:07:20.0718 2196 Mode: Manual; TDLFS;
21:07:20.0718 2196 ================================================== ==========
21:07:22.0687 2196 Abiosdsk - ok
21:07:22.0765 2196 abp480n5 - ok
21:07:22.0875 2196 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:07:22.0875 2196 ACPI - ok
21:07:22.0937 2196 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:07:22.0937 2196 ACPIEC - ok
21:07:22.0953 2196 adpu160m - ok
21:07:23.0031 2196 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:07:23.0031 2196 aec - ok
21:07:23.0093 2196 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:07:23.0093 2196 AFD - ok
21:07:23.0218 2196 Aha154x - ok
21:07:23.0234 2196 aic78u2 - ok
21:07:23.0265 2196 aic78xx - ok
21:07:23.0281 2196 AliIde - ok
21:07:23.0296 2196 amsint - ok
21:07:23.0359 2196 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:07:23.0359 2196 Arp1394 - ok
21:07:23.0375 2196 asc - ok
21:07:23.0390 2196 asc3350p - ok
21:07:23.0406 2196 asc3550 - ok
21:07:23.0468 2196 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:07:23.0484 2196 AsyncMac - ok
21:07:23.0515 2196 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:07:23.0515 2196 atapi - ok
21:07:23.0531 2196 Atdisk - ok
21:07:23.0562 2196 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:07:23.0562 2196 Atmarpc - ok
21:07:23.0625 2196 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:07:23.0625 2196 audstub - ok
21:07:23.0687 2196 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
21:07:23.0687 2196 b57w2k - ok
21:07:23.0859 2196 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
21:07:23.0875 2196 BCM43XX - ok
21:07:23.0906 2196 BCMWLNPF (8c31c9db77ed6143ad09dc5fd2c9d9cc) C:\WINDOWS\system32\drivers\bcmwlnpf.sys
21:07:23.0906 2196 BCMWLNPF - ok
21:07:23.0968 2196 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:07:23.0968 2196 Beep - ok
21:07:24.0203 2196 BHDrvx86 (9d14d76e4e7b9b2ead17149011db2b11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\2 0111210.003\BHDrvx86.sys
21:07:24.0218 2196 BHDrvx86 - ok
21:07:24.0390 2196 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:07:24.0390 2196 cbidf2k - ok
21:07:24.0390 2196 cd20xrnt - ok
21:07:24.0453 2196 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:07:24.0453 2196 Cdaudio - ok
21:07:24.0515 2196 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:07:24.0515 2196 Cdfs - ok
21:07:24.0578 2196 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:07:24.0578 2196 Cdrom - ok
21:07:24.0625 2196 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
21:07:24.0640 2196 cercsr6 - ok
21:07:24.0640 2196 Changer - ok
21:07:24.0687 2196 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:07:24.0687 2196 CmBatt - ok
21:07:24.0734 2196 CmdIde - ok
21:07:24.0828 2196 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:07:24.0828 2196 Compbatt - ok
21:07:24.0843 2196 Cpqarray - ok
21:07:24.0859 2196 dac2w2k - ok
21:07:24.0875 2196 dac960nt - ok
21:07:24.0906 2196 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:07:24.0906 2196 Disk - ok
21:07:24.0968 2196 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:07:24.0984 2196 dmboot - ok
21:07:25.0046 2196 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:07:25.0046 2196 dmio - ok
21:07:25.0093 2196 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:07:25.0093 2196 dmload - ok
21:07:25.0203 2196 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:07:25.0203 2196 DMusic - ok
21:07:25.0218 2196 dpti2o - ok
21:07:25.0234 2196 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:07:25.0234 2196 drmkaud - ok
21:07:25.0406 2196 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
21:07:25.0421 2196 eeCtrl - ok
21:07:25.0453 2196 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:07:25.0453 2196 EraserUtilRebootDrv - ok
21:07:25.0656 2196 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:07:25.0671 2196 Fastfat - ok
21:07:25.0750 2196 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
21:07:25.0750 2196 Fdc - ok
21:07:25.0765 2196 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:07:25.0765 2196 Fips - ok
21:07:25.0796 2196 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:07:25.0796 2196 Flpydisk - ok
21:07:25.0843 2196 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:07:25.0843 2196 FltMgr - ok
21:07:25.0921 2196 FsVga (455f778ee14368468560bd7cb8c854d0) C:\WINDOWS\system32\DRIVERS\fsvga.sys
21:07:25.0921 2196 FsVga - ok
21:07:26.0000 2196 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:07:26.0000 2196 Fs_Rec - ok
21:07:26.0046 2196 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:07:26.0046 2196 Ftdisk - ok
21:07:26.0062 2196 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
21:07:26.0062 2196 GEARAspiWDM - ok
21:07:26.0109 2196 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:07:26.0109 2196 Gpc - ok
21:07:26.0203 2196 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:07:26.0203 2196 HDAudBus - ok
21:07:26.0250 2196 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:07:26.0250 2196 HidUsb - ok
21:07:26.0265 2196 hpn - ok
21:07:26.0312 2196 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:07:26.0312 2196 HPZid412 - ok
21:07:26.0375 2196 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:07:26.0375 2196 HPZipr12 - ok
21:07:26.0421 2196 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:07:26.0421 2196 HPZius12 - ok
21:07:26.0484 2196 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:07:26.0484 2196 HTTP - ok
21:07:26.0546 2196 i2omgmt - ok
21:07:26.0562 2196 i2omp - ok
21:07:26.0609 2196 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:07:26.0609 2196 i8042prt - ok
21:07:26.0828 2196 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20 111219.001\IDSxpx86.sys
21:07:26.0828 2196 IDSxpx86 - ok
21:07:26.0937 2196 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:07:26.0937 2196 Imapi - ok
21:07:26.0984 2196 ini910u - ok
21:07:27.0031 2196 IntelIde - ok
21:07:27.0093 2196 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:07:27.0093 2196 intelppm - ok
21:07:27.0125 2196 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:07:27.0125 2196 Ip6Fw - ok
21:07:27.0187 2196 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:07:27.0187 2196 IpFilterDriver - ok
21:07:27.0203 2196 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:07:27.0203 2196 IpInIp - ok
21:07:27.0265 2196 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:07:27.0265 2196 IpNat - ok
21:07:27.0359 2196 IPSec (ba03c2a9ff77a94842346978fe2bfe74) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:07:27.0359 2196 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ipsec.sys. Real md5: ba03c2a9ff77a94842346978fe2bfe74, Fake md5: b29e222fd8798b61824bbcf15dbfa091
21:07:27.0359 2196 IPSec ( Rootkit.Win32.ZAccess.aml ) - infected
21:07:27.0359 2196 IPSec - detected Rootkit.Win32.ZAccess.aml (0)
21:07:27.0421 2196 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:07:27.0421 2196 IRENUM - ok
21:07:27.0468 2196 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:07:27.0468 2196 isapnp - ok
21:07:27.0515 2196 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:07:27.0515 2196 Kbdclass - ok
21:07:27.0562 2196 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:07:27.0562 2196 kmixer - ok
21:07:27.0609 2196 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:07:27.0609 2196 KSecDD - ok
21:07:27.0625 2196 lbrtfdc - ok
21:07:27.0640 2196 MBAMSwissArmy - ok
21:07:27.0671 2196 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:07:27.0687 2196 mnmdd - ok
21:07:27.0718 2196 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:07:27.0718 2196 Modem - ok
21:07:27.0781 2196 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:07:27.0781 2196 Mouclass - ok
21:07:27.0796 2196 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:07:27.0796 2196 MountMgr - ok
21:07:27.0812 2196 mraid35x - ok
21:07:27.0859 2196 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:07:27.0875 2196 MRxDAV - ok
21:07:27.0984 2196 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:07:27.0984 2196 MRxSmb - ok
21:07:28.0015 2196 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:07:28.0015 2196 Msfs - ok
21:07:28.0078 2196 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:07:28.0078 2196 MSKSSRV - ok
21:07:28.0109 2196 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:07:28.0109 2196 MSPCLOCK - ok
21:07:28.0140 2196 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:07:28.0140 2196 MSPQM - ok
21:07:28.0234 2196 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:07:28.0234 2196 mssmbios - ok
21:07:28.0296 2196 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:07:28.0296 2196 Mup - ok
21:07:28.0484 2196 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\ 20111220.002\NAVENG.SYS
21:07:28.0484 2196 NAVENG - ok
21:07:28.0625 2196 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\ 20111220.002\NAVEX15.SYS
21:07:28.0656 2196 NAVEX15 - ok
21:07:28.0812 2196 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:07:28.0812 2196 NDIS - ok
21:07:28.0859 2196 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:07:28.0859 2196 NdisTapi - ok
21:07:28.0890 2196 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:07:28.0890 2196 Ndisuio - ok
21:07:28.0906 2196 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:07:28.0906 2196 NdisWan - ok
21:07:28.0968 2196 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:07:28.0968 2196 NDProxy - ok
21:07:29.0015 2196 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:07:29.0015 2196 NetBIOS - ok
21:07:29.0062 2196 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:07:29.0062 2196 NetBT - ok
21:07:29.0109 2196 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:07:29.0109 2196 NIC1394 - ok
21:07:29.0281 2196 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:07:29.0281 2196 Npfs - ok
21:07:29.0343 2196 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:07:29.0343 2196 Ntfs - ok
21:07:29.0406 2196 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:07:29.0406 2196 Null - ok
21:07:29.0781 2196 nv (8129d762cc3e3c5ab9cf2eabc377fb73) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:07:30.0125 2196 nv - ok
21:07:30.0250 2196 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:07:30.0250 2196 NwlnkFlt - ok
21:07:30.0296 2196 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:07:30.0296 2196 NwlnkFwd - ok
21:07:30.0343 2196 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:07:30.0343 2196 ohci1394 - ok
21:07:30.0390 2196 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
21:07:30.0421 2196 Parport - ok
21:07:30.0437 2196 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:07:30.0437 2196 PartMgr - ok
21:07:30.0468 2196 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:07:30.0468 2196 ParVdm - ok
21:07:30.0484 2196 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:07:30.0484 2196 PCI - ok
21:07:30.0500 2196 PCIDump - ok
21:07:30.0531 2196 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:07:30.0531 2196 PCIIde - ok
21:07:30.0578 2196 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
21:07:30.0578 2196 Pcmcia - ok
21:07:30.0718 2196 PDCOMP - ok
21:07:30.0734 2196 PDFRAME - ok
21:07:30.0750 2196 PDRELI - ok
21:07:30.0765 2196 PDRFRAME - ok
21:07:30.0765 2196 perc2 - ok
21:07:30.0781 2196 perc2hib - ok
21:07:30.0859 2196 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:07:30.0859 2196 PptpMiniport - ok
21:07:30.0890 2196 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:07:30.0890 2196 PSched - ok
21:07:30.0906 2196 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:07:30.0906 2196 Ptilink - ok
21:07:30.0937 2196 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:07:30.0937 2196 PxHelp20 - ok
21:07:30.0953 2196 ql1080 - ok
21:07:30.0968 2196 Ql10wnt - ok
21:07:30.0984 2196 ql12160 - ok
21:07:31.0000 2196 ql1240 - ok
21:07:31.0015 2196 ql1280 - ok
21:07:31.0031 2196 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:07:31.0031 2196 RasAcd - ok
21:07:31.0062 2196 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:07:31.0062 2196 Rasl2tp - ok
21:07:31.0093 2196 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:07:31.0093 2196 RasPppoe - ok
21:07:31.0125 2196 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:07:31.0125 2196 Raspti - ok
21:07:31.0296 2196 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:07:31.0312 2196 Rdbss - ok
21:07:31.0312 2196 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:07:31.0312 2196 RDPCDD - ok
21:07:31.0375 2196 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:07:31.0375 2196 rdpdr - ok
21:07:31.0437 2196 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:07:31.0453 2196 RDPWD - ok
21:07:31.0468 2196 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:07:31.0468 2196 redbook - ok
21:07:31.0546 2196 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:07:31.0546 2196 Secdrv - ok
21:07:31.0593 2196 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:07:31.0593 2196 serenum - ok
21:07:31.0625 2196 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:07:31.0625 2196 Serial - ok
21:07:31.0781 2196 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:07:31.0781 2196 Sfloppy - ok
21:07:31.0796 2196 Simbad - ok
21:07:31.0812 2196 Sparrow - ok
21:07:31.0843 2196 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:07:31.0843 2196 splitter - ok
21:07:31.0906 2196 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:07:31.0906 2196 sr - ok
21:07:32.0000 2196 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP .SYS
21:07:32.0015 2196 SRTSP - ok
21:07:32.0046 2196 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSP X.SYS
21:07:32.0046 2196 SRTSPX - ok
21:07:32.0218 2196 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:07:32.0218 2196 Srv - ok
21:07:32.0343 2196 STHDA (31ba85e1cff39a57f702a2a0877bb8e1) C:\WINDOWS\system32\drivers\sthda.sys
21:07:32.0375 2196 STHDA - ok
21:07:32.0421 2196 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:07:32.0421 2196 swenum - ok
21:07:32.0562 2196 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:07:32.0562 2196 swmidi - ok
21:07:32.0593 2196 symc810 - ok
21:07:32.0593 2196 symc8xx - ok
21:07:32.0687 2196 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS .SYS
21:07:32.0703 2196 SymDS - ok
21:07:32.0796 2196 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEF A.SYS
21:07:32.0812 2196 SymEFA - ok
21:07:32.0968 2196 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
21:07:32.0968 2196 SymEvent - ok
21:07:33.0000 2196 SYMFW - ok
21:07:33.0015 2196 SYMIDS - ok
21:07:33.0078 2196 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx 86.SYS
21:07:33.0093 2196 SymIRON - ok
21:07:33.0109 2196 SYMNDIS - ok
21:07:33.0140 2196 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTD I.SYS
21:07:33.0140 2196 SYMTDI - ok
21:07:33.0156 2196 sym_hi - ok
21:07:33.0171 2196 sym_u3 - ok
21:07:33.0234 2196 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:07:33.0234 2196 sysaudio - ok
21:07:33.0406 2196 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:07:33.0421 2196 Tcpip - ok
21:07:33.0453 2196 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:07:33.0453 2196 TDPIPE - ok
21:07:33.0468 2196 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:07:33.0468 2196 TDTCP - ok
21:07:33.0515 2196 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:07:33.0515 2196 TermDD - ok
21:07:33.0531 2196 TosIde - ok
21:07:33.0562 2196 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:07:33.0578 2196 Udfs - ok
21:07:33.0593 2196 ultra - ok
21:07:33.0671 2196 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:07:33.0687 2196 Update - ok
21:07:33.0734 2196 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
21:07:33.0734 2196 USBAAPL - ok
21:07:33.0906 2196 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
21:07:33.0906 2196 usbaudio - ok
21:07:33.0953 2196 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:07:33.0953 2196 usbccgp - ok
21:07:34.0015 2196 USBCCID (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\WINDOWS\system32\DRIVERS\usbccid.sys
21:07:34.0015 2196 USBCCID - ok
21:07:34.0078 2196 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:07:34.0078 2196 usbehci - ok
21:07:34.0140 2196 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:07:34.0140 2196 usbhub - ok
21:07:34.0218 2196 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:07:34.0218 2196 usbprint - ok
21:07:34.0343 2196 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:07:34.0343 2196 usbscan - ok
21:07:34.0437 2196 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:07:34.0437 2196 USBSTOR - ok
21:07:34.0484 2196 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:07:34.0484 2196 usbuhci - ok
21:07:35.0031 2196 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:07:35.0031 2196 VgaSave - ok
21:07:35.0046 2196 ViaIde - ok
21:07:35.0109 2196 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:07:35.0109 2196 VolSnap - ok
21:07:35.0203 2196 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:07:35.0203 2196 Wanarp - ok
21:07:35.0218 2196 WDICA - ok
21:07:35.0250 2196 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:07:35.0250 2196 wdmaud - ok
21:07:35.0390 2196 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
21:07:35.0390 2196 WmiAcpi - ok
21:07:35.0453 2196 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:07:35.0468 2196 WudfPf - ok
21:07:35.0500 2196 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:07:35.0718 2196 \Device\Harddisk0\DR0 - ok
21:07:35.0718 2196 Boot (0x1200) (cce4d2568d4b7fbb762f24a79b296483) \Device\Harddisk0\DR0\Partition0
21:07:35.0718 2196 \Device\Harddisk0\DR0\Partition0 - ok
21:07:35.0718 2196 ================================================== ==========
21:07:35.0718 2196 Scan finished
21:07:35.0718 2196 ================================================== ==========
21:07:35.0750 1780 Detected object count: 1
21:07:35.0750 1780 Actual detected object count: 1
21:08:11.0281 1780 Backup copy found, using it..
21:08:11.0609 1780 C:\WINDOWS\system32\DRIVERS\ipsec.sys - will be cured on reboot
21:08:16.0234 1780 IPSec ( Rootkit.Win32.ZAccess.aml ) - User select action: Cure
21:08:52.0453 3888 Deinitialize success
Reply With Quote
  #6  
Old December 21st, 2011, 05:04 AM
Aaflac's Avatar
Aaflac Aaflac is offline
Malware Removal Team
 
Join Date: May 2007
Location: Illinois, USA
Posts: 2,998
Good work!

Please download an updated version of ComboFix

Save ComboFix.exe to your Desktop!!

Make sure you temporarily disable your AntiVirus, Firewall, and any other AntiSpyware applications. They may interfere with the running of CF.


Info on how to Disable Security Programs:
http://www.bleepingcomputer.com/forums/topic114351.html

Execute the file.
XP: Double-click on ComboFix.exe to run the program.

When given the option, DO install the Recovery Console . This program can come in very handy in certain circumstances.

Click on Yes, to continue scanning for malware.

When finished, CF produces a report.

Please provide a copy of the C:\ComboFix.txt in your reply.


Notes:

1. Do not mouse-click the ComboFix window while it is running.
This action may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.

3. CF disconnects your machine from the Internet. However, the connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your computer.


(Edited typing error)

Last edited by Aaflac; December 22nd, 2011 at 01:33 AM.
Reply With Quote
  #7  
Old December 21st, 2011, 06:52 AM
Adderall464 Adderall464 is offline
New Member
 
Join Date: Dec 2011
Posts: 7
For some reason it ran with Chinese and part of the log is in Chinese.

ComboFix 11-12-20.04 - Corey Padgitt 0/2011 Tue 22:53:20.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.936.86.1033.18.1022.670 [GMT -6:00]
执行位置: c:\documents and settings\Corey Padgitt\Desktop\ComboFix.exe
AV: Norton 360 Premier Edition *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 Premier Edition *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Corey Padgitt\Application Data\411A.8E1
c:\documents and settings\Corey Padgitt\Application Data\Local
c:\documents and settings\Corey Padgitt\Application Data\Local\Temp\DDM\Settings\1738189489073_46503.m p4.ddr
c:\documents and settings\Corey Padgitt\Application Data\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_e n.divx.ddr
c:\documents and settings\Corey Padgitt\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\1738189489073_46503.mp4
c:\documents and settings\Corey Padgitt\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en.divx
c:\documents and settings\Corey Padgitt\Application Data\Mozilla\Firefox\Profiles\7a5rw2tj.default\ext ensions\{6f7caff4-de2f-4c0f-af6f-87777e874932}
c:\documents and settings\Corey Padgitt\Application Data\Mozilla\Firefox\Profiles\7a5rw2tj.default\ext ensions\{6f7caff4-de2f-4c0f-af6f-87777e874932}\chrome.manifest
c:\documents and settings\Corey Padgitt\Application Data\Mozilla\Firefox\Profiles\7a5rw2tj.default\ext ensions\{6f7caff4-de2f-4c0f-af6f-87777e874932}\chrome\xulcache.jar
c:\documents and settings\Corey Padgitt\Application Data\Mozilla\Firefox\Profiles\7a5rw2tj.default\ext ensions\{6f7caff4-de2f-4c0f-af6f-87777e874932}\defaults\preferences\xulcache.js
c:\documents and settings\Corey Padgitt\Application Data\Mozilla\Firefox\Profiles\7a5rw2tj.default\ext ensions\{6f7caff4-de2f-4c0f-af6f-87777e874932}\install.rdf
c:\documents and settings\Corey Padgitt\jpuzukpobq.tmp
c:\windows\$NtUninstallKB26106$
c:\windows\$NtUninstallKB26106$\1708131836
c:\windows\$NtUninstallKB26106$\3083457075\@
c:\windows\$NtUninstallKB26106$\3083457075\bckfg.t mp
c:\windows\$NtUninstallKB26106$\3083457075\cfg.ini
c:\windows\$NtUninstallKB26106$\3083457075\Desktop .ini
c:\windows\$NtUninstallKB26106$\3083457075\keyword s
c:\windows\$NtUninstallKB26106$\3083457075\kwrd.dl l
c:\windows\$NtUninstallKB26106$\3083457075\L\daacn iwo
c:\windows\$NtUninstallKB26106$\3083457075\lsflt7. ver
c:\windows\$NtUninstallKB26106$\3083457075\U\00000 001.@
c:\windows\$NtUninstallKB26106$\3083457075\U\00000 002.@
c:\windows\$NtUninstallKB26106$\3083457075\U\00000 004.@
c:\windows\$NtUninstallKB26106$\3083457075\U\80000 000.@
c:\windows\$NtUninstallKB26106$\3083457075\U\80000 004.@
c:\windows\$NtUninstallKB26106$\3083457075\U\80000 032.@
c:\windows\EventSystem.log
c:\windows\system32\SET2B3.tmp
c:\windows\system32\SET2B8.tmp
.
.
((((((((((((((((((((((((( 2011-11-21 至 2011-12-21 的新的档案 )))))))))))))))))))))))))))))))
.
.
2011-12-20 23:59 . 2011-12-20 23:59 -------- d-----w- c:\documents and settings\Corey Padgitt\Application Data\FreeFileViewer
2011-12-20 23:58 . 2011-12-20 23:58 -------- d-----w- c:\program files\File Type Assistant
2011-12-20 23:58 . 2011-12-20 23:58 -------- d-----w- c:\program files\FreeFileViewer
2011-12-16 15:52 . 2011-12-16 15:45 79872 ----a-w- c:\windows\system32\Pvdna.com_
2011-12-16 05:49 . 2011-11-10 11:54 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-12-16 05:49 . 2011-11-10 11:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-15 04:56 . 2011-12-15 04:56 -------- d-sh--r- c:\documents and settings\Corey Padgitt\M-1-25-5432-6437-5685
2011-12-15 00:57 . 2011-12-20 16:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-15 00:57 . 2011-12-20 16:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-12-14 22:25 . 2011-12-14 22:25 -------- d-----w- c:\documents and settings\Corey Padgitt\Application Data\Malwarebytes
2011-12-14 22:24 . 2011-12-14 22:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-04 22:47 . 2011-12-19 02:52 -------- d-sh--r- c:\documents and settings\Corey Padgitt\2397-5973-7874-8623
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-12-21 03:09 . 2004-08-04 10:00 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2011-11-23 13:25 . 2004-08-04 10:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 09:27 . 2008-02-29 23:07 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-01 16:07 . 2004-08-04 10:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 23:43 . 2006-03-04 03:33 832512 ----a-w- c:\windows\system32\wininet.dll
2011-10-31 23:43 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-10-31 23:43 . 2004-08-04 10:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-10-31 23:43 . 2004-08-04 10:00 17408 ------w- c:\windows\system32\corpol.dll
2011-10-28 05:31 . 2004-08-04 10:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2005-03-30 01:21 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2005-03-30 01:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2004-08-04 10:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2008-02-05 23:01 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-04 10:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 17:41 . 2008-07-30 01:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 17:41 . 2004-08-04 10:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 17:41 . 2004-08-04 10:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2008-06-30 19:44 . 2008-11-06 01:33 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Celebrity Toolbar\tbhelper.dll" [2009-05-07 355840]
.
[HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46 2642432 ----a-w- c:\program files\Celebrity Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-12-10 00:40 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-10 333192]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Celebrity Toolbar\tbcore3.dll" [2009-05-07 2642432]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Celebrity Toolbar\tbcore3.dll" [2009-05-07 2642432]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-10 333192]
.
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Microsoft?Windows Manager"="c:\documents and settings\Corey Padgitt\M-1-25-5432-6437-5685\winmgr.exe" [?]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-17 1392640]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-29 8429568]
"nwiz"="nwiz.exe" [2007-04-29 1626112]
"NVHotkey"="nvHotkey.dll" [2007-04-29 67584]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2007-04-29 81920]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScI nst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT \TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TIN TSETP.EXE" [2004-08-04 455168]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-05-05 273544]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe" =
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Corey Padgitt\\M-1-25-5432-6437-5685\\winmgr.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D \SymDS.sys [6/4/2011 1:02 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\050100 0.01D\SymEFA.sys [6/4/2011 1:02 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\2 0111210.003\BHDrvx86.sys [12/10/2011 2:24 AM 819320]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01 D\Ironx86.sys [6/4/2011 1:02 PM 136312]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2/11/2009 4:31 PM 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2/11/2009 4:31 PM 234888]
R2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe [6/4/2011 1:02 PM 130008]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/25/2009 7:31 AM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/16/2011 6:21 PM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20 111219.001\IDSXpx86.sys [12/19/2011 5:48 PM 356280]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/4/2011 11:34 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/4/2011 11:34 PM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system3 2\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
‘计划任务’ 文件夹 里的内容
.
2011-11-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2011-12-21 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2011-12-20 21:24]
.
2011-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-05 05:33]
.
2011-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-05 05:33]
.
2011-12-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-1409082233-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 16:47]
.
2011-12-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-1409082233-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 16:47]
.
.
------- 而外的扫描 -------
.
uStart Page = hxxp://search.myheritage.com
uSearchMigratedDefaultURL = hxxp://www.Google.com/
uDefault_Search_URL = hxxp://www.Google.com/
mStart Page = hxxp://search.myheritage.com
mSearchMigratedDefaultURL = hxxp://www.Google.com/
mSearch Bar = hxxp://www.Google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.Google.com/
mSearchURL = hxxp://www.Google.com/
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Corey Padgitt\Application Data\Mozilla\Firefox\Profiles\7a5rw2tj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20111216052654935&tb_oid=16-12-2011&tb_mrud=16-12-2011
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=20111216052654935&tb_oid=16-12-2011&tb_mrud=16-12-2011&query=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: AOL Messaging Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - %profile%\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
FF - Ext: Ask Toolbar for Firefox: {E9A1DEE0-C623-4439-8932-001E7D17607D} - %profile%\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
FF - Ext: Celebrity Toolbar: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - %profile%\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\E xt
FF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_4_3
FF - Ext: Veoh Browser Plug-in: videofinder@veoh.com - c:\program files\Veoh Networks\Veoh\Plugins\noreg\videofinder4
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Corey Padgitt\Application Data\Move Networks
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-auditpol - c:\documents and settings\Corey Padgitt\Application Data\auditpol.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
HKLM-Run-auditpol - c:\documents and settings\Corey Padgitt\Application Data\auditpol.exe
SafeBoot-40207515.sys
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-20 23:41
Windows 5.1.2600 Service Pack 3 NTFS
.
扫描被隐藏的进程 。。。
.
扫描被隐藏的启动组 。。。
.
扫描被隐藏的文件 。。。
.
扫描完成
被隐藏的档案: 0
.
************************************************** ************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N 360]
"ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- 运行进程下的动态链接库 ---------------------
.
- - - - - - - > 'explorer.exe'(3004)
c:\windows\system32\WININET.dll
c:\program files\NORTON 360 PREMIER EDITION\ENGINE\5.1.0.29\Microsoft.VC90.CRT\MSVCR90 .dll
c:\program files\NORTON 360 PREMIER EDITION\ENGINE\5.1.0.29\Microsoft.VC90.CRT\MSVCP90 .dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Celebrity Toolbar\tbhelper.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ 其他运行进程 ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\SigmaTel\C-Major Audio\WDM\StacSV.exe
c:\windows\system32\conime.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\stsystra.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\program files\AIM6\aolsoftware.exe
.
************************************************** ************************
.
完成时间: 2011-12-20 23:49:26 - 电脑已重新启动
ComboFix-quarantined-files.txt 2011-12-21 05:49
.
Pre-Run: 68,009,795,584 bytes free
Post-Run: 68,597,161,984 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CHS.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - E3A99F51F7A4CBCB1BE8D154F8989EB4
Reply With Quote
  #8  
Old December 21st, 2011, 10:05 PM
Aaflac's Avatar
Aaflac Aaflac is offline
Malware Removal Team
 
Join Date: May 2007
Location: Illinois, USA
Posts: 2,998
Is Tidserv Activity 2 still appearing?
Reply With Quote
  #9  
Old December 22nd, 2011, 12:45 AM
Adderall464 Adderall464 is offline
New Member
 
Join Date: Dec 2011
Posts: 7
The note from Norton is not appearing at the bottom right hand corner of my screen anymore.
Reply With Quote
  #10  
Old December 22nd, 2011, 02:09 AM
Aaflac's Avatar
Aaflac Aaflac is offline
Malware Removal Team
 
Join Date: May 2007
Location: Illinois, USA
Posts: 2,998
Good!


Please do the following:

Double-click aswMBR.exe to start the tool once again.
Click Scan

Upon completion of the scan, click ‘Save log’ and save it to the Desktop,

Please post the aswMBR log in your reply.


~~~~
Next, please download FoxScan:
http://fradesch.perso.cegetel.net/transf/FoxScan.exe

XP: Double-click on FoxScan.exe to start the scan

A window opens and gives you an option for what language to use.
Press 2 for English.
Press: Enter

The scan will take few minutes.
When the tool is done, it displays:

Search completed.
Press any key to continue...

Press any key.

A Notepad window titled Rapport-FS.txt opens.
(The log is also saved as C:\Rapport-FS.txt)

Please provide the Rapport-FS.txt in your reply.


~~~~
Now, enable the viewing of hidden files in XP:
http://www.bleepingcomputer.com/tuto...windows/#winxp


Then, submit the following files for analysis to VirusTotal (one at a time):

c:\windows\system32\Pvdna.com_
c:\Documents and Settings\Corey Padgitt\M-1-25-5432-6437-5685\winmgr.exe


Use the 'Browse' button to navigate to the location of the file.
Click on the file Then, click the 'Open' button.
The file is now displayed in the Submit Box.

Scroll down and click 'Send File', and wait for the results
If you get a message saying: 'File has already been analyzed', click 'Reanalyze file now'

Once scanned, please provide the link to each of the results pages in your reply.
Reply With Quote
  #11  
Old February 12th, 2012, 03:55 AM
Adderall464 Adderall464 is offline
New Member
 
Join Date: Dec 2011
Posts: 7
When I searched for both of the files to put on Virustotal.com They were not there. Even after allowing hidden files to be seen. After allowing the hidden files to be seen, should I have restarted my computer for everything to start working correctly?

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2012-02-11 20:31:17
-----------------------------
20:31:17.850 OS Version: Windows 5.1.2600 Service Pack 3
20:31:17.850 Number of processors: 2 586 0xF0A
20:31:17.850 ComputerName: MIZZOU-09C0BCA8 UserName: Corey Padgitt
20:31:18.616 Initialize success
20:32:32.116 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
20:32:32.116 Disk 0 Vendor: TOSHIBA_MK1237GSX DL140D Size: 114473MB BusType: 3
20:32:34.132 Disk 0 MBR read successfully
20:32:34.147 Disk 0 MBR scan
20:32:34.147 Disk 0 Windows XP default MBR code
20:32:34.147 Disk 0 scanning sectors +234436545
20:32:34.225 Disk 0 scanning C:\WINDOWS\system32\drivers
20:32:43.196 Service scanning
20:32:44.431 Modules scanning
20:32:53.714 Disk 0 trace - called modules:
20:32:53.745 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
20:32:53.761 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86e8a030]
20:32:53.761 3 CLASSPNP.SYS[f7624fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x86fe7828]
20:32:53.776 Scan finished successfully
20:33:11.171 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Corey Padgitt\Desktop\MBR.dat"
20:33:11.171 The log file has been saved successfully to "C:\Documents and Settings\Corey Padgitt\Desktop\aswMBR2.txt"


FoxScan Version 1.1.1
By Loup blanc - Zebulon.fr
Scan started 02/11/2012 Sat at 20:34

Microsoft Windows XP Professional Service Pack 3 [Version 5.1.2600]

Mozilla Firefox version : 9.0.1 (en-US)
Installation folder : C:\Program Files\Mozilla Firefox


================================================== ===============================
---------- User account : Corey Padgitt [Current session]
================================================== ===============================


Profile name : default
Profile folder : C:\Documents and Settings\Corey Padgitt\Application Data\mozilla\firefox\Profiles\7a5rw2tj.default\


//////////// Setting \\\\\\\\\\\\\
======= Profile name : default =======

Firefox update : Activated
Add-on update : Activated
Search engines update : Activated
Java : Activated
Javascript : Activated
Proxy : Manual configuration




//////////// Add-on \\\\\\\\\\\\\

======= Profile name : default =======

Installation notification for Add-on is enabled




//////////// Search plugins \\\\\\\\\\\\\

======= Profile name : default =======

Search in "prefs.js" :

browser.search.defaultenginename : "AOL Search"
browser.search.defaulturl : "http://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20111216052654935&tb_oid=16-12-2011&tb_mrud=16-12-2011"
browser.search.selectedEngine :
keyword.URL : "http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=20111216052654935&tb_oid=16-12-2011&tb_mrud=16-12-2011&query="
keyword.enable :


--------- Search engines found ------------
+ Search form configured for the engine


C:\Documents and Settings\Corey Padgitt\Application Data\mozilla\firefox\Profiles\7a5rw2tj.default\sea rchplugins\aim-search.xml
Template : http://aim.search.aol.com/search/search?query


C:\Documents and Settings\Corey Padgitt\Application Data\mozilla\firefox\Profiles\7a5rw2tj.default\sea rchplugins\aol-search.xml
Template : http://slirsredirect.search.aol.com/.../sredir?sredir


C:\Documents and Settings\Corey Padgitt\Application Data\mozilla\firefox\Profiles\7a5rw2tj.default\sea rchplugins\search.xml
Template : http://www.asearchservice.com/index.php?t





================================================== ===============================
---------- Common section
================================================== ===============================

//////////// DLL found in C:\Program Files\Mozilla Firefox\components \\\\\\\\\\\\\

browsercomps.dll
coFFPlgn.dll


------------------------------------------------------

//////////// Search plugins \\\\\\\\\\\\\

--------- Search engines found ------------
+ Search form configured for the engine


C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
Template : http://www.amazon.com/exec/obidos/external-search/


C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
Template : http://www.bing.com/search


C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
Template : http://rover.ebay.com/rover/1/711-47294-18009-3/4


C:\Program Files\Mozilla Firefox\searchplugins\google.xml
Template : http://www.google.com/search


C:\Program Files\Mozilla Firefox\searchplugins\MyHeritage.xml
Template : http://search.myheritage.com


C:\Program Files\Mozilla Firefox\searchplugins\SafeSearch.xml
Template : http://www.ask.com/web?q


C:\Program Files\Mozilla Firefox\searchplugins\twitter.xml
Template : https://twitter.com/search/{searchTerms}


C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
Template : http://en.wikipedia.org/wiki/Special:Search


C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml
Template : http://search.yahoo.com/search



------------------------------------------------------

//////////// Plugins set in registry \\\\\\\\\\\\\


[HKEY_LOCAL_MACHINE\software\mozillaplugins\@adobe. com/FlashPlayer]
"Description"="Adobe? Flash? Player 10.1 Plugin"
"Vendor"="Adobe Systems Incorporated"
"Path"="C:\WINDOWS\system32\Macromed\Flash\NPSWF32 .dll"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@Apple. com/iTunes,version=]
"Description"="iTunes Detector Plug-in"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@Apple. com/iTunes,version=1.0]
"Vendor"="Apple Inc."
"Path"="C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@divx.c om/DivX Browser Plugin,version=1.0.0]
"Description"="DivX Plus Web Player"
"Vendor"="DivX,Inc."
"Path"="C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@divx.c om/DivX Content Upload Plugin,version=1.0.0]
"Description"="DivX? Content Upload Plugin"
"Vendor"="DivX,Inc."
"Path"="C:\Program Files\DivX\DivX Content Uploader\npUpload.dll"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@divx.c om/DivX OVS Helper,version=1.0.0]
"Description"="DivX OVS Helper Plug-in"
"Vendor"="DivX, LLC."
"Path"="C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@divx.c om/DivX Player Plugin,version=1.0.0]
"Description"="DivX?Player Plugin for VOD Content"
"Vendor"="DivX,Inc."
"Path"="C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@java.c om/JavaPlugin]
"Description"="Oracle?Next Generation Java?Plug-In"
"Vendor"="Oracle Corp."
"Path"="C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@messen ger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3]
"Description"="Yahoo Messenger State Plugin"
"Vendor"="Yahoo"
"Path"="C:\Program Files\Yahoo!\Shared\npYState.dll"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@Micros oft.com/NpCtrl,version=1.0]
"Description"="Ag Player Plugin"
"Vendor"="Microsoft"
"Path"="c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@micros oft.com/WPF,version=3.5]
"Description"="Windows Presentation Foundation plug-in for Mozilla browsers"
"Vendor"="Microsoft Corp."
"Path"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Wi ndows Presentation Foundation\NPWPF.dll"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@movene tworks.com/Quantum Media Player]
"Description"="npmnqmp"
"Vendor"="Move Networks"
"Path"="C:\Documents and Settings\Corey Padgitt\Application Data\Move Networks\plugins\npqmp071503000010.dll"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@real.c om/nppl3260;version=12.0.1.647]
"Description"="RealPlayer(tm) LiveConnect-Enabled Plug-In"
"Vendor"="RealNetworks"
"Path"="c:\program files\real\realplayer\Netscape6\nppl3260.dll"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@real.c om/nprjplug;version=12.0.1.647]
"Description"="RealJukebox Netscape Plugin"
"Vendor"="RealNetworks"
"Path"="c:\program files\real\realplayer\Netscape6\nprjplug.dll"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@real.c om/nprpchromebrowserrecordext;version=12.0.1.647]
"Description"="RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In"
"Vendor"="RealNetworks"
"Path"="C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPl ugins\nprpchromebrowserrecordext.dll"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@real.c om/nprphtml5videoshim;version=12.0.1.647]
"Description"="RealPlayer(tm) HTML5VideoShim Plug-In"
"Vendor"="RealNetworks"
"Path"="C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPl ugins\nprphtml5videoshim.dll"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@real.c om/nprpjplug;version=12.0.1.647]
"Description"="12.0.1.647"
"Vendor"="RealNetworks"
"Path"="c:\program files\real\realplayer\Netscape6\nprpjplug.dll"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@real.c om/nsJSRealPlayerPlugin;version=]

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@real.c om/RhapsodyPlayerEngine,version=1.1]
"Description"="Rhapsody Control"
"Vendor"="RealNetworks"
"Path"="C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@tools. google.com/Google Update;version=3]
"Description"="Google Update"
"Vendor"="Google Inc."
"Path"="C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@tools. google.com/Google Update;version=9]
"Description"="Google Update"
"Vendor"="Google Inc."
"Path"="C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@veoh.c om/VeohPlayer]
"Description"="Veoh Player"
"Vendor"="Veoh Networks Inc"
"Path"="C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@viewpo int.com/VMP]
"Description"="Viewpoint Media Player for Mozilla"
"Vendor"="Viewpoint Corporation"
"Path"="C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll"

[HKEY_CURRENT_USER\software\mozillaplugins\@adobe.c om/FlashPlayer]
"Description"="Adobe Flash Player 9.0"
"Vendor"="Adobe Systems Inc."
"Path"="C:\WINDOWS\system32\Macromed\Flash\NPSWF32 .dll"

[HKEY_CURRENT_USER\software\mozillaplugins\@faceboo k.com/FBPlugin,version=1.0.3]
"Description"="Facebook's Mighty Plug-In"
"Vendor"="Facebook, Inc."
"Path"="C:\Documents and Settings\Corey Padgitt\Application Data\Facebook\npfbplugin_1_0_3.dll"

[HKEY_CURRENT_USER\software\mozillaplugins\@movenet works.com/Quantum Media Player]
"Description"="npmnqmp"
"Vendor"="Move Networks"
"Path"="C:\Documents and Settings\Corey Padgitt\Application Data\Move Networks\plugins\npqmp071503000010.dll"


------------------------------------------------------

//////////// Additional search... \\\\\\\\\\\\\

==== Additional extension ====


[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extens ions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework \v3.5\Windows Presentation Foundation\DotNetAssistantExtension\"

"{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}"="C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\"

"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"="C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video"

"{6904342A-8307-11DF-A508-4AE2DFD72085}"="C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa"

"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\E xt"

"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\"

"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_5_2"

"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"


[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 9.0.1\extensions]


=========================== End of report ===========================
Reply With Quote
  #12  
Old February 12th, 2012, 04:36 AM
Aaflac's Avatar
Aaflac Aaflac is offline
Malware Removal Team
 
Join Date: May 2007
Location: Illinois, USA
Posts: 2,998
It has been 52 days since we last heard from you.

The information/reports posted is good for 3 to 5 days, and that depends on the use given to the computer. After 52 days, all is basically obsolete.

If you are still having malware problems, please do the following:


There was a recent update to a program we already used: aswMBR

Please remove the current program installed on your Desktop, and
download a new copy of: aswMBR

Save it to the Desktop.

XP: Double-click the downloaded file to run the program.

When promped with: This Application can use the Avast! Free AntiVirus for scanning...etc....Select: Yes

The last line of the run in progress provides the status of the Avast! scan.
It says: Downloading Avast! virus definition database, etc.
When the Avast! scan is done, the last line changes to:
Avast Engine definitions #####

Click the Scan button on the lower left of the aswMBR screen.

The last line will now say "Scanning" while in progress.

Upon completion of the scan, click Save log and save it to the Desktop.
Note: Please do NOT attempt to fix anything!!

Exit the program.

Please post the new aswMBR log in your reply.


Now, please run the following diagnostic for us to see what is currently going on with the system:

Download DDS from one of these locations:
Link 1
Link 2

Save it to the Desktop

Make sure you temporarily disable your AntiVirus, Firewall, and any other AntiSpyware applications. They may interfere with the programs we are about to run.

If you wish to look at information on how to disable these programs, please refer to the information available through this link

XP: Double-click the downloaded file to run the program
Vista/Windows 7: Right-click DDS and select 'Run as Administrator'

When done, DDS opens two logs:
-DDS.txt (Opens on the Desktop)
-Attach.txt (Minimized on the TaskBar)

Save the reports to your Desktop, and post both reports in your reply.
Reply With Quote
  #13  
Old February 12th, 2012, 10:57 PM
Adderall464 Adderall464 is offline
New Member
 
Join Date: Dec 2011
Posts: 7
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-12 15:33:34
-----------------------------
15:33:34.437 OS Version: Windows 5.1.2600 Service Pack 3
15:33:34.437 Number of processors: 2 586 0xF0A
15:33:34.437 ComputerName: MIZZOU-09C0BCA8 UserName: Corey Padgitt
15:33:34.953 Initialize success
15:35:52.515 AVAST engine defs: 12021201
15:36:09.937 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
15:36:09.953 Disk 0 Vendor: TOSHIBA_MK1237GSX DL140D Size: 114473MB BusType: 3
15:36:09.984 Disk 0 MBR read successfully
15:36:09.984 Disk 0 MBR scan
15:36:10.046 Disk 0 Windows XP default MBR code
15:36:10.062 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
15:36:10.078 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 114408 MB offset 128520
15:36:10.093 Disk 0 scanning sectors +234436545
15:36:10.250 Disk 0 scanning C:\WINDOWS\system32\drivers
15:36:23.140 Service scanning
15:36:24.593 Modules scanning
15:36:34.359 Disk 0 trace - called modules:
15:36:34.390 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
15:36:34.406 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86e8a030]
15:36:34.406 3 CLASSPNP.SYS[f7624fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x86fe7828]
15:36:35.203 AVAST engine scan C:\WINDOWS
15:36:54.500 AVAST engine scan C:\WINDOWS\system32
15:45:28.406 AVAST engine scan C:\WINDOWS\system32\drivers
15:45:59.843 AVAST engine scan C:\Documents and Settings\Corey Padgitt
15:46:07.953 File: C:\Documents and Settings\Corey Padgitt\Application Data\Adobe\Flash Player\NativeCache\DD5E5C56C2D07791AB0353A7840086B E\2e0b99f9\adobecp-200489-1.dll **INFECTED** Win32:Malware-gen
15:49:45.703 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Corey Padgitt\Desktop\MBR.dat"
15:49:45.750 The log file has been saved successfully to "C:\Documents and Settings\Corey Padgitt\Desktop\aswMBR3.txt"

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_30
Run by Corey Padgitt at 15:53:24 on 2012-02-12
Microsoft Windows XP Professional 5.1.2600.3.936.86.1033.18.1022.457 [GMT -6:00]
.
AV: Norton 360 Premier Edition *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 Premier Edition *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360 Premier Edition\Engine\5.2.0.13\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Norton 360 Premier Edition\Engine\5.2.0.13\ccSvcHst.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\conime.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.myheritage.com
uSearchMigratedDefaultURL = hxxp://www.Google.com/
uDefault_Search_URL = hxxp://www.Google.com/
mStart Page = hxxp://search.myheritage.com
mSearchMigratedDefaultURL = hxxp://www.Google.com/
mSearch Bar = hxxp://www.Google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.Google.com/
mSearchURL = hxxp://www.Google.com/
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: MHURLSearchHook Class: {1c4ab6a5-595f-4e86-b15f-f93cce2bbd48} - c:\program files\celebrity toolbar\tbhelper.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: MHTBPos00 Class: {0c37b053-fd68-456a-82e1-d788ee342e6f} - c:\program files\celebrity toolbar\tbcore3.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrow serrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360 premier edition\engine\5.2.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360 premier edition\engine\5.2.0.13\ips\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360 premier edition\engine\5.2.0.13\coIEPlg.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: Celebrity Toolbar: {fd2fd708-1f6f-4b68-b141-c5778f0c19bb} - c:\program files\celebrity toolbar\tbcore3.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [Veoh] "c:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mca fee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - hxxp://www.addonchat.com/404.html
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{51B9C071-5E57-4461-B83A-25157A002C79} : DhcpNameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\corey padgitt\application data\mozilla\firefox\profiles\7a5rw2tj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20111216052654935&tb_oid=16-12-2011&tb_mrud=16-12-2011
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=20111216052654935&tb_oid=16-12-2011&tb_mrud=16-12-2011&query=
FF - prefs.js: network.proxy.type - 1
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\coffplgn_2011_7_4_3\co mponents\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\ipsffplgn\components\I PSFFPl.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\e xt\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\e xt\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\documents and settings\corey padgitt\application data\mozilla\firefox\profiles\7a5rw2tj.default\ext ensions\{c2f863cd-0429-48c7-bb54-db756a951760}\components\MailUtil.dll
FF - component: c:\documents and settings\corey padgitt\application data\mozilla\firefox\profiles\7a5rw2tj.default\ext ensions\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}\components\mhxpcom2.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillapl ugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillapl ugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\corey padgitt\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\corey padgitt\application data\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\corey padgitt\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502000.00d \symds.sys [2012-1-30 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\050200 0.00d\symefa.sys [2012-1-30 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\2 0120207.003\BHDrvx86.sys [2012-2-8 820344]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502000.00 d\ironx86.sys [2012-1-30 136312]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-2-11 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-2-11 234888]
R2 N360;Norton 360;c:\program files\norton 360 premier edition\engine\5.2.0.13\ccsvchst.exe [2012-1-30 130008]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-25 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-11 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20 120210.002\IDSXpx86.sys [2012-2-10 356280]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\ 20120211.006\NAVENG.SYS [2012-2-11 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\ 20120211.006\NAVEX15.SYS [2012-2-11 1576312]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-4 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-4 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system3 2\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
.
=============== Created Last 30 ================
.
2012-02-09 22:23:47 -------- d-----w- c:\documents and settings\all users\application data\McAfee Security Scan
2012-02-09 22:23:39 -------- d-----w- c:\program files\McAfee Security Scan
2012-01-31 03:49:58 331384 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symtd iv.sys
2012-01-31 03:49:57 369784 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symtd i.sys
2012-01-31 03:49:56 299640 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symne ts.sys
2012-01-31 03:49:54 744568 ----a-r- c:\windows\system32\drivers\n360\0502000.00d\symef a.sys
2012-01-31 03:49:54 340088 ----a-r- c:\windows\system32\drivers\n360\0502000.00d\symds .sys
2012-01-31 03:49:53 50168 ----a-r- c:\windows\system32\drivers\n360\0502000.00d\srtsp x.sys
2012-01-31 03:49:52 516216 ----a-r- c:\windows\system32\drivers\n360\0502000.00d\srtsp .sys
2012-01-31 03:49:51 136312 ----a-r- c:\windows\system32\drivers\n360\0502000.00d\ironx 86.sys
2012-01-31 03:47:20 -------- d-----w- c:\windows\system32\drivers\n360\0502000.00D
.
==================== Find3M ====================
.
2012-02-09 22:23:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-21 03:09:42 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
.
============= FINISH: 15:54:27.14 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/5/2008 5:07:36 PM
System Uptime: 2/12/2012 2:35:59 PM (1 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | Microprocessor | 1994/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 60.101 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: USB Device
Device ID: USB\VID_413C&PID_8140\5&11246E2F&0&2
Manufacturer:
Name: USB Device
PNP Device ID: USB\VID_413C&PID_8140\5&11246E2F&0&2
Service:
.
Class GUID:
Description: Modem Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2C06&SUBSYS_14F1000F& REV_1000\4&8F2C18F&0&0102
Manufacturer:
Name: Modem Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2C06&SUBSYS_14F1000F& REV_1000\4&8F2C18F&0&0102
Service:
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom NetXtreme 57xx Gigabit Controller
Device ID: PCI\VEN_14E4&DEV_1673&SUBSYS_01F91028&REV_02\4&1E9 3A591&0&00E5
Manufacturer: Broadcom
Name: Broadcom NetXtreme 57xx Gigabit Controller
PNP Device ID: PCI\VEN_14E4&DEV_1673&SUBSYS_01F91028&REV_02\4&1E9 3A591&0&00E5
Service: b57w2k
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_283E&SUBSYS_01F91028&REV_02\3&61A AA01&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_283E&SUBSYS_01F91028&REV_02\3&61A AA01&0&FB
Service:
.
==== System Restore Points ===================
.
RP1: 12/20/2011 10:38:28 PM - System Checkpoint
RP2: 1/3/2012 8:50:11 AM - Software Distribution Service 3.0
RP3: 1/11/2012 5:00:16 PM - Software Distribution Service 3.0
RP4: 1/14/2012 7:05:37 PM - System Checkpoint
RP5: 1/23/2012 5:11:44 AM - Software Distribution Service 3.0
RP6: 1/25/2012 12:34:57 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 8.3.1
Adobe Shockwave Player
AIM 6
AIM Toolbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Broadcom Gigabit Integrated Controller
Celebrity Toolbar
Critical Update for Windows Media Player 11 (KB959772)
Dell Resource CD
Dell Wireless WLAN Card
DimSum 0.7.9
DivX Converter
DivX Setup
DJ_AIO_06_F2400_SW_Min
Download Updater (AOL LLC)
Facebook Plug-In
ffdshow [rev 2033] [2008-07-05]
File Type Assistant
Free File Viewer 2011
GearDrvs
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Deskjet F2400 All-in-One Driver 14.0 Rel. 6
iTunes
Java(TM) 6 Update 3
Java(TM) 6 Update 30
LastChaos
LimeWire 5.5.14
Logitech Harmony Remote Software 7
McAfee Security Scan Plus
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Mojo
Move Media Player
Mozilla Firefox 9.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton 360 Premier Edition
NVIDIA Drivers
OGA Notifier 2.0.0048.0
PowerDVD
Project64 1.6
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Remote Control USB Driver
Rhapsody Player Engine
Rosetta Stone Version 3
Safari
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SigmaTel Audio
Skype Toolbars
Skype? 5.3
Symantec Technical Support Web Controls
Toolbox
ULRPG
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
VeohTV BETA
Viewpoint Media Player
Vuze
Vuze Toolbar
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Xvid Video Codec
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
2/8/2012 9:52:25 AM, error: Dhcp [1002] - The IP address lease 192.168.2.3 for the Network Card with network address 001C26054B33 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
2/7/2012 10:09:55 AM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 001C26054B33 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
2/11/2012 8:11:30 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bf15aa87, parameter3 9adfcb40, parameter4 00000000.
.
==== End Of File ===========================
Reply With Quote
  #14  
Old February 23rd, 2012, 12:06 AM
Aaflac's Avatar
Aaflac Aaflac is offline
Malware Removal Team
 
Join Date: May 2007
Location: Illinois, USA
Posts: 2,998
My apology!!!

Do not remember seeing a notification that you had posted.

Are you still getting Tidserv Activity 2 notifications?
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 10:28 PM.