GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

backdoorTidserv!inf - Please - Need help removing on Windows7 Machine

View previous topic View next topic Go down

backdoorTidserv!inf - Please - Need help removing on Windows7 Machine

Post by cbxlr8r on Wed Apr 21, 2010 11:34 pm

Hello all. I recently picked up this nasty little bugger. I am not sure where from but I have my suspicions.
I have tried to get rid of this but to no avail. Any assistance would be greatly appreciated.
I am pasting my OTL exports (OTL.txt in this post and extras.txt in the reply to this post).

OTL logfile created on: 4/21/2010 7:17:22 PM - Run 2
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Users\John\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.41 Gb Total Space | 903.69 Gb Free Space | 97.02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 291.83 Gb Total Space | 169.09 Gb Free Space | 57.94% Space Free | Partition Type: NTFS
Drive F: | 6.26 Gb Total Space | 0.88 Gb Free Space | 14.11% Space Free | Partition Type: NTFS
Drive G: | 298.09 Gb Total Space | 170.96 Gb Free Space | 57.35% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 1.89 Gb Total Space | 0.01 Gb Free Space | 0.30% Space Free | Partition Type: FAT

Computer Name: JOHN-PC
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/21 17:28:22 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
PRC - [2010/01/14 00:37:23 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/08/22 04:14:09 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (SafeList) ==========

MOD - [2010/04/21 17:28:22 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
MOD - [2009/07/13 21:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 21:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 21:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 21:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 21:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 21:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 21:15:21 | 000,093,696 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
MOD - [2009/07/13 21:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 21:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 21:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 21:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009/07/13 21:03:50 | 001,624,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/19 10:36:11 | 002,504,280 | ---- | M] () [Auto | Running] -- C:/Program Files/Common Files/Akamai/rswin_3653.dll -- (Akamai)
SRV - [2010/03/02 22:16:36 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/08/22 04:14:09 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2009/07/13 21:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 21:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 21:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 21:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 21:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 21:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 21:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 21:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 21:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 21:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 21:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 21:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 21:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)


========== Driver Services (SafeList) ==========

DRV - [2010/03/01 22:33:34 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100421.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/03/01 22:33:34 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100421.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/01/14 01:01:10 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/01/13 05:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/01/13 05:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/12/30 22:48:18 | 000,343,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100415.001\IDSvix86.sys -- (IDSVix86)
DRV - [2009/10/07 09:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) QuickCam for Notebooks Deluxe(UVC)
DRV - [2009/10/07 09:47:56 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 09:46:14 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009/10/07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/09/28 00:12:22 | 009,509,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/08/22 04:14:09 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\ccHPx86.sys -- (ccHP)
DRV - [2009/08/22 04:14:09 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0308000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2009/08/22 04:14:09 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SRTSP.SYS -- (SRTSP)
DRV - [2009/08/22 04:14:09 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/08/22 04:14:09 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/08/22 04:14:09 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - [2009/08/22 04:14:09 | 000,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/08/22 04:14:09 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0308000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/08/22 04:13:59 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/08/04 10:48:20 | 002,744,800 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/07/29 10:18:20 | 000,553,472 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009/07/13 21:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 21:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 21:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 21:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 21:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 21:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 21:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 21:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 21:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 21:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 21:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 21:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 21:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 21:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 21:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/13 21:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 21:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 21:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 21:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 21:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 21:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 21:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 21:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 21:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 21:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 21:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 21:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 21:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 21:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 21:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 21:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 21:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 21:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 21:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 21:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 20:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 20:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 20:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 19:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 19:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 19:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 19:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 19:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 19:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 19:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 19:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/07/13 19:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 19:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 19:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 19:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 19:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 19:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 19:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 19:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 19:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 18:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 18:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 18:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 18:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 18:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 18:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 18:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 18:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2007/10/26 19:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2004/04/27 00:31:04 | 000,474,304 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvcd.sys -- (QCDonner) Logitech QuickCam Express(PID_0840)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 00 22 FF CF 94 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:4.51

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/14 22:41:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/21 10:30:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/12 15:54:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/13 22:37:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/01/21 21:13:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/01/14 16:38:43 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Extensions
[2010/01/14 16:38:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/01/14 00:41:44 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\4uohfpiu.default\extensions
[2010/04/21 10:30:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} [You must be registered and logged in to see this link.] (GpcContainer Class)
O16 - DPF: Garmin Communicator Plug-In [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/12/09 16:23:40 | 000,000,074 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/21 18:39:24 | 005,918,776 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\John\Desktop\mbam-setup.exe
[2010/04/21 17:48:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/04/21 17:41:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/04/21 17:28:17 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2010/04/21 17:13:01 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\John\Desktop\HiJackThis.exe
[2010/04/21 17:11:57 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/19 10:36:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
[2010/04/13 19:27:36 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/04/13 19:27:36 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/04/13 19:27:35 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/04/13 13:20:22 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\Good food
[2010/04/12 21:44:50 | 000,000,000 | ---D | C] -- C:\ProgramData\WebEx
[2010/04/09 15:13:35 | 000,000,000 | ---D | C] -- C:\MetaCreations
[2010/04/08 09:17:33 | 000,000,000 | ---D | C] -- C:\Windows\MetaCreations
[2010/04/05 22:22:12 | 000,000,000 | ---D | C] -- C:\Windows\OCCACHE
[2010/04/05 22:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2010/04/05 22:22:01 | 000,609,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COMCTL32.OCX
[2010/04/05 22:22:01 | 000,495,616 | ---- | C] (Autodesk, Inc.) -- C:\Windows\System32\HEIDIW.DLL
[2010/04/05 22:22:01 | 000,393,216 | ---- | C] (Autodesk, Inc.) -- C:\Windows\System32\STYLEMAN.CPL
[2010/04/05 22:22:01 | 000,393,216 | ---- | C] (Autodesk, Inc.) -- C:\Windows\System32\PLOTMAN.CPL
[2010/04/05 22:22:01 | 000,278,528 | ---- | C] (Autodesk, Inc.) -- C:\Windows\System32\SZBW.HDI
[2010/04/05 22:22:01 | 000,237,568 | ---- | C] (Autodesk, Inc.) -- C:\Windows\System32\WHIPTKW.DLL
[2010/04/05 22:22:01 | 000,140,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COMDLG32.OCX
[2010/04/05 22:22:01 | 000,106,496 | ---- | C] (Autodesk, Inc.) -- C:\Windows\System32\DLLONGW.DLL
[2010/04/05 22:22:01 | 000,090,112 | ---- | C] (Autodesk, Inc.) -- C:\Windows\System32\GDIFONTW.HDI
[2010/04/05 22:22:01 | 000,061,440 | ---- | C] (Autodesk, Inc.) -- C:\Windows\System32\GDIW.HDI
[2010/04/05 22:22:01 | 000,040,960 | ---- | C] (Autodesk, Inc.) -- C:\Windows\System32\RBLASTW.HDI
[2010/04/05 22:22:01 | 000,028,672 | ---- | C] (Autodesk, Inc.) -- C:\Windows\System32\MTLW.DLL
[2010/04/05 22:22:01 | 000,024,576 | ---- | C] (Autodesk, Inc.) -- C:\Windows\System32\TEXTUREW.DLL
[2010/04/05 22:22:01 | 000,024,576 | ---- | C] (Autodesk, Inc.) -- C:\Windows\System32\HDIMON.DLL
[2010/04/05 22:22:00 | 000,299,008 | ---- | C] (Autodesk, Inc.) -- C:\Windows\System32\ACLTFICN.DLL
[2010/04/05 22:22:00 | 000,028,672 | ---- | C] (Autodesk, Inc.) -- C:\Windows\System32\ADRESC.DLL
[2010/04/05 22:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\AutoCAD LT 2000
[2010/04/05 22:19:38 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\Windows\uninst.exe
[2010/04/05 12:07:38 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\GARMIN
[2010/03/31 11:46:11 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\2010 Honda Odyssey
[2010/03/31 07:07:55 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/03/31 07:07:55 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/03/31 07:07:55 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

========== Files - Modified Within 30 Days ==========

[2010/04/21 19:17:29 | 001,310,720 | -HS- | M] () -- C:\Users\John\NTUSER.DAT
[2010/04/21 18:39:30 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\John\Desktop\mbam-setup.exe
[2010/04/21 18:39:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/21 17:47:12 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/04/21 17:28:22 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2010/04/21 17:13:03 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\John\Desktop\HiJackThis.exe
[2010/04/21 17:11:57 | 000,002,039 | ---- | M] () -- C:\Users\John\Desktop\HijackThis.lnk
[2010/04/21 10:38:02 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/21 10:38:02 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/21 10:35:12 | 000,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/21 10:35:12 | 000,615,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/21 10:35:12 | 000,103,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/21 10:31:05 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/21 10:30:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/21 10:30:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/21 10:30:18 | 2716,770,304 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/20 23:44:15 | 002,535,602 | -H-- | M] () -- C:\Users\John\AppData\Local\IconCache.db
[2010/04/13 22:37:09 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/08 11:06:44 | 000,092,472 | ---- | M] () -- C:\Users\John\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/07 19:27:01 | 000,000,000 | ---- | M] () -- C:\Windows\MTSTACK.INI
[2010/04/07 19:26:01 | 000,357,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/05 22:22:08 | 000,000,990 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD LT 2000.lnk
[2010/04/05 22:19:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/04/05 22:19:33 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/04/05 17:35:58 | 000,000,039 | ---- | M] () -- C:\Windows\vbaddin.ini

========== Files Created - No Company Name ==========

[2010/04/21 17:41:12 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/04/21 17:41:12 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/04/21 17:11:57 | 000,002,039 | ---- | C] () -- C:\Users\John\Desktop\HijackThis.lnk
[2010/04/13 22:37:09 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/07 19:27:01 | 000,000,000 | ---- | C] () -- C:\Windows\MTSTACK.INI
[2010/04/05 22:22:08 | 000,000,990 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD LT 2000.lnk
[2010/04/05 22:22:01 | 000,040,094 | ---- | C] () -- C:\Windows\System32\WHIPCRAK.WAV
[2010/04/05 22:22:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\MTSTACK.EXE
[2010/04/05 22:19:33 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/04/05 22:19:33 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/01/14 22:37:13 | 000,000,802 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/01/13 23:50:50 | 000,524,288 | -HS- | C] () -- C:\Users\John\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/01/13 23:50:50 | 000,524,288 | -HS- | C] () -- C:\Users\John\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/01/13 23:50:50 | 000,262,144 | -HS- | C] () -- C:\Users\John\ntuser.dat.LOG1
[2010/01/13 23:50:50 | 000,065,536 | -HS- | C] () -- C:\Users\John\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/01/13 23:50:50 | 000,000,020 | -HS- | C] () -- C:\Users\John\ntuser.ini
[2010/01/13 23:50:50 | 000,000,000 | -HS- | C] () -- C:\Users\John\ntuser.dat.LOG2
[2010/01/13 23:50:49 | 001,310,720 | -HS- | C] () -- C:\Users\John\NTUSER.DAT
[2009/10/07 02:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/10/07 02:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2004/03/26 10:56:40 | 000,017,191 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.sys >
[2009/07/13 17:40:41 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
[2009/07/13 21:26:21 | 000,249,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2009/07/13 17:40:44 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
[2009/07/13 17:40:40 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
[2009/07/13 17:40:43 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
[2009/07/13 17:40:43 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
[2009/07/13 17:40:23 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
[2009/07/13 17:40:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
[2009/07/13 17:40:35 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS
[2009/07/13 17:40:39 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS
[2009/07/13 17:40:27 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS
[2009/07/13 17:40:11 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS
[2009/07/13 17:40:15 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS
[2009/07/13 17:40:17 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS
[2009/07/13 17:40:19 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS
[2009/07/13 17:40:13 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS
[2009/07/13 19:26:52 | 002,326,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\system32\drivers\*.dll >
[2009/10/07 02:23:08 | 000,013,584 | ---- | M] () -- C:\Windows\System32\drivers\iKeyLFT2.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2009/06/10 17:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/06/10 17:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/04/21 10:30:18 | 2716,770,304 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/05 22:19:33 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/04/05 22:19:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/04/21 10:30:18 | 3622,363,136 | -HS- | M] () -- C:\pagefile.sys

< %PROGRAMFILES%\*. >
[2010/01/17 22:11:29 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/01/14 12:52:38 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/04/09 09:00:21 | 000,000,000 | ---D | M] -- C:\Program Files\AutoCAD LT 2000
[2010/01/14 12:53:01 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/04/21 17:44:32 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/07/14 03:50:43 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
[2010/01/14 00:37:24 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/01/14 22:40:28 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2010/04/01 03:15:59 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/01/14 12:53:39 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/01/14 12:53:53 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/03/22 10:41:46 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/03/22 11:03:01 | 000,000,000 | ---D | M] -- C:\Program Files\JRE
[2010/03/13 11:22:45 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2010/04/05 17:35:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/01/25 22:48:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/04/20 22:57:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/04/21 17:20:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Thunderbird
[2009/07/14 00:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/03/15 11:28:22 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2010/01/16 00:34:29 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/01/14 00:49:59 | 000,000,000 | ---D | M] -- C:\Program Files\Norton 360
[2010/01/14 00:48:17 | 000,000,000 | ---D | M] -- C:\Program Files\NortonInstaller
[2010/03/22 11:05:24 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2010/01/14 12:52:56 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/01/21 14:53:23 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/07/14 00:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/01/14 01:01:10 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2010/04/21 17:11:57 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2009/07/14 00:53:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/07/14 00:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/07/14 03:50:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2009/07/14 00:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/01/14 09:37:47 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/07/14 00:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/07/14 00:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
[2009/07/14 00:52:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009/07/14 00:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2010/01/14 22:41:21 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %appdata%\*.* >


< MD5 for: AGP440.SYS >
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/07/13 21:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\drivers\disk.sys
[2009/07/13 21:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_x86_neutral_b431b61a11f8df6c\disk.sys
[2009/07/13 21:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_f99cd807d58018cb\disk.sys

< MD5 for: IASTORV.SYS >
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVRD32.SYS >
[2007/10/26 19:51:26 | 000,131,616 | ---- | M] (NVIDIA Corporation) MD5=049E81B6FB41C73619ED3FE4DF7D8638 -- C:\Windows\System32\drivers\nvrd32.sys
[2007/10/26 19:51:26 | 000,131,616 | ---- | M] (NVIDIA Corporation) MD5=049E81B6FB41C73619ED3FE4DF7D8638 -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_x86_neutral_cdb69d95ece5b4d2\nvrd32.sys

< MD5 for: NVSTOR.SYS >
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: NVSTOR32.SYS >
[2007/10/26 19:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=7EBA6C9A0A295B1559EFB9062E701218 -- C:\Windows\System32\drivers\nvstor32.sys
[2007/10/26 19:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=7EBA6C9A0A295B1559EFB9062E701218 -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_x86_neutral_cdb69d95ece5b4d2\nvstor32.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< MD5 for: USBSTOR.SYS >
[2009/07/13 19:51:19 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=D8889D56E0D27E57ED4591837FE71D27 -- C:\Windows\System32\drivers\USBSTOR.SYS
[2009/07/13 19:51:19 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=D8889D56E0D27E57ED4591837FE71D27 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_x86_neutral_83027f5d5b2468d3\USBSTOR.SYS
[2009/07/13 19:51:19 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=D8889D56E0D27E57ED4591837FE71D27 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.1.7600.16385_none_485ca4d9f926b0b4\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-04-14 02:41:47
< End of report >


Last edited by cbxlr8r on Thu Apr 22, 2010 1:50 pm; edited 1 time in total

cbxlr8r
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2010-04-21
OS : Windows7
Points : 24248
# Likes : 0

View user profile

Back to top Go down

backdoorTidserv!inf - Need help removing on Windows7 Machine

Post by cbxlr8r on Wed Apr 21, 2010 11:36 pm

Here is the extras.txt export.

OTL Extras logfile created on: 4/21/2010 7:17:22 PM - Run 2
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Users\John\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.41 Gb Total Space | 903.69 Gb Free Space | 97.02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 291.83 Gb Total Space | 169.09 Gb Free Space | 57.94% Space Free | Partition Type: NTFS
Drive F: | 6.26 Gb Total Space | 0.88 Gb Free Space | 14.11% Space Free | Partition Type: NTFS
Drive G: | 298.09 Gb Total Space | 170.96 Gb Free Space | 57.35% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 1.89 Gb Total Space | 0.01 Gb Free Space | 0.30% Space Free | Partition Type: FAT

Computer Name: JOHN-PC
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{17271AB7-D7EC-4a95-9861-FAFE5A4664AD}" = 6300Trb
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90510409-6D54-11D4-BEE3-00C04F990354}" = Microsoft Visio Professional 2002 [English]
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{BC39DBA4-D1B7-483C-BA0D-9EB0BB0B6DCF}" = 6300
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BDEDBDD9-C97B-4333-B7BE-6979A34F6F74}" = 6300_Help
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Akamai" = Akamai NetSession Interface
"AutoCAD LT 2000 Uninstall" = AutoCAD LT 2000
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Mozilla Thunderbird (3.0.1)" = Mozilla Thunderbird (3.0.1)
"N360" = Norton 360
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"Yahoo! Companion" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/7/2010 9:29:55 PM | Computer Name = John-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 714 Start
Time: 01cad6ad8957cf40 Termination Time: 16 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: 35fe3499-42ae-11df-9eb2-cb1d5401827f

Error - 4/8/2010 9:35:00 AM | Computer Name = John-PC | Source = Application Hang | ID = 1002
Description = The program Poser.exe version 4.0.0.88 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 10e4 Start Time:
01cad71f096776b0 Termination Time: 16 Application Path: D:\Program Files\MetaCreations\Poser
4\Poser.exe Report Id:

Error - 4/9/2010 9:00:13 AM | Computer Name = John-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1290 Start
Time: 01cad7e2d6c4e890 Termination Time: 16 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: d02da471-43d7-11df-ad21-e57fc22206e7

Error - 4/10/2010 12:58:35 AM | Computer Name = John-PC | Source = Application Hang | ID = 1002
Description = The program Poser.exe version 4.0.0.88 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 4a4 Start Time:
01cad86a225f6aa0 Termination Time: 52 Application Path: C:\MetaCreations\Poser 4\Poser.exe

Report
Id:

Error - 4/10/2010 1:29:17 AM | Computer Name = John-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: a20 Start
Time: 01cad86c2c1798e0 Termination Time: 0 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 4/12/2010 11:40:14 PM | Computer Name = John-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1434 Start
Time: 01cadaa901f5ab30 Termination Time: 16 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: 3e2247a1-46ae-11df-9623-f184813f97ed

Error - 4/15/2010 10:03:26 PM | Computer Name = John-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: e28 Start
Time: 01cadcb4c61db0b8 Termination Time: 15 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: 37f5d749-48fc-11df-8b9c-bb0a3ff08615

Error - 4/19/2010 11:37:43 AM | Computer Name = John-PC | Source = VSS | ID = 8194
Description =

Error - 4/20/2010 4:59:50 PM | Computer Name = John-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 16d0 Start
Time: 01cae0cba07445f0 Termination Time: 0 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: a2d2e171-4cbf-11df-960b-9aad98d1c5e9

Error - 4/21/2010 5:39:34 PM | Computer Name = John-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1348 Start
Time: 01cae18ca48ef600 Termination Time: 16 Application Path: c:\program files\internet
explorer\iexplore.exe Report Id: 5aa01e71-4d8e-11df-9782-db1a0bc984d0

[ System Events ]
Error - 4/19/2010 5:23:31 PM | Computer Name = John-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR5.

Error - 4/19/2010 5:23:31 PM | Computer Name = John-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR5.

Error - 4/19/2010 5:23:32 PM | Computer Name = John-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR5.

Error - 4/19/2010 9:57:26 PM | Computer Name = John-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 4/19/2010 9:57:37 PM | Computer Name = John-PC | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 4/19/2010 9:57:44 PM | Computer Name = John-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 4/20/2010 11:44:20 PM | Computer Name = John-PC | Source = Service Control Manager | ID = 7016
Description = The NVIDIA Display Driver Service service has reported an invalid
current state 32.

Error - 4/21/2010 5:41:12 PM | Computer Name = John-PC | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/21/2010 5:41:38 PM | Computer Name = John-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 4/21/2010 5:47:09 PM | Computer Name = John-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.


< End of report >

cbxlr8r
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2010-04-21
OS : Windows7
Points : 24248
# Likes : 0

View user profile

Back to top Go down

Re: backdoorTidserv!inf - Please - Need help removing on Windows7 Machine

Post by Belahzur on Thu Apr 22, 2010 6:50 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: backdoorTidserv!inf - Please - Need help removing on Windows7 Machine

Post by cbxlr8r on Fri Apr 23, 2010 3:05 am

Here is the log file from MBAM. What is interesting is that it found nothing. I ran the scan 3 times. 2 quick scans and 1 full system scan that included every drive. I posted the latter here.

When I ran Norton, it repeatedly found the Backdoor.Tidserv!inf and stated that I needed to manually remove it. It provided a path for the file...e:\Users\John\AppData\Local\Temp\H8SRTe8d.TMP. I deleted this file and rescanned with Norton. Norton then found it in my recycle bin as this is where I put it. I then deleted the file from my computer altogether, rebooted then re-ran Norton on all drives. It came up clean. I hope that the issue has been resolved but I will be watching it closely.

For what it is worth, I downloaded a "Loader" for a game called Shaiya. This Loader automatically downloaded the program file and installed it on my PC. This was a braindead move on my part as I NEVER do that...except this 1 time. Every other time, I download a game file and then scan it with Norton before I install it...I got lazy this time. I have no idea where the "Loader" downloaded the executable file from. I suspect that this is when it happened.

Anyway, here is the log file. Thank you for your assistance.

Malwarebytes' Anti-Malware 1.45
[You must be registered and logged in to see this link.]

Database version: 4023

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

4/22/2010 8:26:31 PM
mbam-log-2010-04-22 (20-26-31).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 340946
Time elapsed: 1 hour(s), 24 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

cbxlr8r
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2010-04-21
OS : Windows7
Points : 24248
# Likes : 0

View user profile

Back to top Go down

Re: backdoorTidserv!inf - Please - Need help removing on Windows7 Machine

Post by Belahzur on Fri Apr 23, 2010 3:30 pm

Please download [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Right-click on SpiderKill.zip and click Extract All. Follow the prompts and read carefully, to save it to your Desktop.
  • Double-click on the SpiderKill folder, and then double-click on SpiderKill.bat and follow all the prompts in the program.
  • Within a minute, it will save its log titled SpiderKill.txt. Please post that in your next reply. You may have to use two or three posts to be able to fit the information in.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: backdoorTidserv!inf - Please - Need help removing on Windows7 Machine

Post by cbxlr8r on Fri Apr 23, 2010 6:26 pm

Here is the export from SpiderKill.

SpiderKill by DragonMaster Jay ( Oct 2009 )


Microsoft Windows [Version 6.1.7600]

********************Drivers list********************


Volume in drive C has no label.
Volume Serial Number is 40CE-63B3

Directory of C:\Windows\System32\Drivers

04/22/2010 03:55 PM .
04/22/2010 03:55 PM ..
07/13/2009 07:51 PM 54,784 1394bus.sys
07/13/2009 07:52 PM 163,328 1394ohci.sys
07/13/2009 09:26 PM 274,496 acpi.sys
07/13/2009 07:16 PM 9,728 acpipmi.sys
07/13/2009 09:26 PM 422,976 adp94xx.sys
07/13/2009 09:26 PM 297,552 adpahci.sys
07/13/2009 09:26 PM 146,512 adpu320.sys
07/13/2009 07:12 PM 338,944 afd.sys
07/13/2009 07:55 PM 49,152 agilevpn.sys
07/13/2009 09:26 PM 53,312 AGP440.sys
07/13/2009 09:26 PM 14,400 aliide.sys
07/13/2009 09:26 PM 53,312 AMDAGP.SYS
07/13/2009 09:26 PM 14,912 amdide.sys
07/13/2009 07:11 PM 55,296 amdk8.sys
07/13/2009 07:11 PM 52,736 amdppm.sys
07/13/2009 09:26 PM 79,952 amdsata.sys
07/13/2009 09:26 PM 159,312 amdsbs.sys
07/13/2009 09:26 PM 23,616 amdxata.sys
07/13/2009 07:36 PM 50,176 appid.sys
07/13/2009 09:26 PM 76,368 arc.sys
07/13/2009 09:26 PM 86,608 arcsas.sys
07/13/2009 07:54 PM 17,920 asyncmac.sys
07/13/2009 09:26 PM 21,584 atapi.sys
07/13/2009 09:26 PM 133,200 ataport.sys
07/13/2009 06:02 PM 229,888 b57nd60x.sys
07/13/2009 09:26 PM 25,168 battc.sys
07/13/2009 07:45 PM 6,144 beep.sys
07/13/2009 07:23 PM 35,328 blbdrive.sys
07/13/2009 07:14 PM 69,632 bowser.sys
07/13/2009 06:53 PM 13,568 BrFiltLo.sys
07/13/2009 06:53 PM 5,248 BrFiltUp.sys
07/13/2009 08:41 PM 78,336 bridge.sys
07/13/2009 08:57 PM 272,128 BrSerId.sys
07/13/2009 06:53 PM 62,336 BrSerWdm.sys
07/13/2009 06:53 PM 12,160 BrUsbMdm.sys
07/13/2009 06:53 PM 11,904 BrUsbSer.sys
07/13/2009 07:51 PM 56,320 bthmodem.sys
07/13/2009 06:02 PM 430,080 bxvbdx.sys
07/13/2009 07:11 PM 70,656 cdfs.sys
07/13/2009 07:11 PM 108,544 cdrom.sys
07/13/2009 07:51 PM 37,888 circlass.sys
07/13/2009 09:26 PM 140,864 Classpnp.sys
07/13/2009 07:19 PM 14,080 CmBatt.sys
07/13/2009 09:26 PM 15,952 cmdide.sys
07/13/2009 09:17 PM 369,568 cng.sys
07/13/2009 09:26 PM 19,024 compbatt.sys
07/13/2009 07:45 PM 31,232 CompositeBus.sys
07/13/2009 09:20 PM 35,408 crashdmp.sys
07/13/2009 09:20 PM 22,096 crcdisk.sys
07/13/2009 07:15 PM 387,584 csc.sys
07/13/2009 07:14 PM 78,336 dfsc.sys
07/13/2009 07:24 PM 32,256 discache.sys
07/13/2009 09:20 PM 57,424 disk.sys
07/13/2009 09:20 PM 26,688 Diskdump.sys
07/13/2009 09:20 PM 70,720 djsvs.sys
07/13/2009 08:41 PM 80,896 drmk.sys
07/13/2009 07:50 PM 5,120 drmkaud.sys
07/13/2009 09:20 PM 26,704 Dumpata.sys
07/13/2009 09:17 PM 55,584 dumpfve.sys
07/13/2009 07:25 PM 13,312 dxapi.sys
07/13/2009 07:25 PM 76,288 dxg.sys
10/02/2009 12:06 AM 728,648 dxgkrnl.sys
07/13/2009 07:25 PM 211,968 dxgmms1.sys
07/13/2009 09:20 PM 453,712 elxstor.sys
07/14/2009 12:56 AM en-US
07/13/2009 07:19 PM 7,168 errdev.sys
07/13/2009 10:37 PM etc
07/13/2009 06:02 PM 3,100,160 evbdx.sys
07/13/2009 07:14 PM 142,336 exfat.sys
07/13/2009 07:14 PM 148,480 fastfat.sys
07/13/2009 07:45 PM 25,088 fdc.sys
07/13/2009 09:20 PM 58,448 fileinfo.sys
07/13/2009 07:15 PM 28,160 filetrace.sys
07/13/2009 07:45 PM 19,968 flpydisk.sys
07/13/2009 09:20 PM 198,208 fltMgr.sys
07/13/2009 09:20 PM 46,160 fsdepends.sys
07/13/2009 09:20 PM 19,536 fs_rec.sys
07/13/2009 09:17 PM 194,488 fvevol.sys
07/13/2009 09:20 PM 187,472 FWPKCLNT.SYS
07/13/2009 09:20 PM 57,936 GAGP30KX.SYS
01/14/2010 01:00 AM 26,600 GEARAspiWDM.sys
06/10/2009 05:14 PM 3,440,660 gm.dls
06/10/2009 05:14 PM 646 gmreadme.txt
07/13/2009 06:54 PM 26,624 hcw85cir.sys
07/13/2009 07:50 PM 108,544 hdaudbus.sys
07/13/2009 07:51 PM 304,128 HdAudio.sys
07/13/2009 07:19 PM 21,504 hidbatt.sys
07/13/2009 07:51 PM 91,136 hidbth.sys
07/13/2009 07:51 PM 55,808 hidclass.sys
07/13/2009 07:51 PM 37,888 hidir.sys
07/13/2009 07:51 PM 25,728 hidparse.sys
07/13/2009 07:51 PM 24,064 hidusb.sys
07/13/2009 09:20 PM 67,152 HpSAMD.sys
07/13/2009 07:12 PM 513,024 http.sys
07/13/2009 09:20 PM 13,904 hwpolicy.sys
07/13/2009 07:11 PM 80,896 i8042prt.sys
07/13/2009 09:20 PM 332,352 iaStorV.sys
07/13/2009 09:20 PM 41,040 iirsp.sys
10/07/2009 02:23 AM 13,584 iKeyLFT2.dll
07/13/2009 09:20 PM 15,424 intelide.sys
07/13/2009 07:11 PM 53,760 intelppm.sys
07/13/2009 07:54 PM 58,880 ipfltdrv.sys
07/13/2009 07:30 PM 65,536 IPMIDrv.sys
07/13/2009 07:54 PM 101,888 ipnat.sys
07/13/2009 07:53 PM 96,768 irda.sys
07/13/2009 07:53 PM 13,824 irenum.sys
07/13/2009 09:20 PM 46,656 isapnp.sys
07/13/2009 09:20 PM 42,576 kbdclass.sys
07/13/2009 07:45 PM 28,160 kbdhid.sys
07/13/2009 07:45 PM 190,976 ks.sys
07/13/2009 09:20 PM 67,664 ksecdd.sys
07/13/2009 09:20 PM 133,200 ksecpkg.sys
07/13/2009 07:53 PM 48,128 lltdio.sys
07/13/2009 09:20 PM 95,824 lsi_fc.sys
07/13/2009 09:20 PM 89,168 lsi_sas.sys
07/13/2009 09:20 PM 54,864 lsi_sas2.sys
07/13/2009 09:20 PM 96,848 lsi_scsi.sys
07/13/2009 07:15 PM 86,528 luafv.sys
10/07/2009 09:25 AM 266,828 LVAFT.cfg
04/27/2004 12:31 AM 474,304 lvcd.sys
10/07/2009 02:25 AM 69,592 LVFaL100.cfg
10/07/2009 02:25 AM 227,172 LVFeL100.cfg
10/07/2009 02:25 AM 146,680 LVFeL101.cfg
10/07/2009 02:25 AM 85,302 LVFeL102.cfg
10/07/2009 09:46 AM 114,712 lvpopflt.sys
10/07/2009 02:46 AM 25,752 LVPr2Mon.sys
10/07/2009 09:47 AM 266,008 lvrs.sys
04/27/2004 12:28 AM 12,112 LVUSBSta.sys
03/22/2010 08:23 AM 0 lvuvc.hs
10/07/2009 09:49 AM 6,756,632 lvuvc.sys
03/30/2010 12:45 AM 20,824 mbam.sys
03/30/2010 12:46 AM 38,224 mbamswissarmy.sys
07/13/2009 07:45 PM 18,432 mcd.sys
07/13/2009 09:20 PM 30,800 megasas.sys
07/13/2009 09:20 PM 235,584 MegaSR.sys
07/13/2009 07:55 PM 31,744 modem.sys
07/13/2009 07:25 PM 23,552 monitor.sys
07/13/2009 09:20 PM 41,552 mouclass.sys
07/13/2009 07:45 PM 26,112 mouhid.sys
07/13/2009 09:20 PM 78,416 mountmgr.sys
07/13/2009 09:20 PM 130,624 mpio.sys
07/13/2009 07:52 PM 60,416 mpsdrv.sys
07/13/2009 07:14 PM 115,712 mrxdav.sys
02/27/2010 03:32 AM 123,392 mrxsmb.sys
02/27/2010 03:32 AM 221,696 mrxsmb10.sys
02/27/2010 03:32 AM 95,744 mrxsmb20.sys
07/13/2009 09:20 PM 27,712 msahci.sys
07/13/2009 09:20 PM 115,792 msdsm.sys
07/13/2009 07:11 PM 22,528 msfs.sys
06/10/2009 05:27 PM 3 MsftWdf_Kernel_01009_Inbox_Critical.Wdf
07/13/2009 07:51 PM 4,096 mshidkmdf.sys
07/13/2009 09:20 PM 13,888 msisadrv.sys
07/13/2009 09:20 PM 186,960 msiscsi.sys
07/13/2009 07:45 PM 8,320 mskssrv.sys
07/13/2009 07:45 PM 5,888 mspclock.sys
07/13/2009 07:45 PM 5,504 mspqm.sys
07/13/2009 09:20 PM 162,896 msrpc.sys
07/13/2009 09:20 PM 28,240 mssmbios.sys
07/13/2009 07:45 PM 6,144 mstee.sys
07/13/2009 07:46 PM 12,288 MTConfig.sys
07/13/2009 09:20 PM 49,728 mup.sys
02/05/2010 04:44 PM N360
07/13/2009 09:20 PM 710,720 ndis.sys
07/13/2009 07:52 PM 27,136 ndiscap.sys
07/13/2009 07:54 PM 20,992 ndistapi.sys
07/13/2009 07:53 PM 45,568 ndisuio.sys
07/13/2009 07:54 PM 118,784 ndiswan.sys
07/13/2009 07:54 PM 48,128 ndproxy.sys
07/13/2009 07:53 PM 36,352 netbios.sys
07/13/2009 07:12 PM 187,904 netbt.sys
07/13/2009 09:20 PM 240,208 netio.sys
07/29/2009 10:18 AM 553,472 netr73.sys
07/13/2009 09:20 PM 44,624 nfrd960.sys
07/13/2009 07:11 PM 35,328 npfs.sys
07/13/2009 07:12 PM 16,896 nsiproxy.sys
07/13/2009 09:20 PM 1,210,432 ntfs.sys
07/13/2009 07:11 PM 4,608 null.sys
09/28/2009 12:12 AM 10,984 nvBridge.kmd
09/28/2009 12:12 AM 9,509,832 nvlddmkm.sys
07/13/2009 09:20 PM 117,312 nvraid.sys
10/26/2007 07:51 PM 131,616 nvrd32.sys
07/13/2009 09:20 PM 142,416 nvstor.sys
10/26/2007 07:51 PM 110,624 nvstor32.sys
07/13/2009 09:20 PM 105,024 NV_AGP.SYS
07/13/2009 07:52 PM 267,264 nwifi.sys
07/13/2009 07:51 PM 62,464 ohci1394.sys
07/13/2009 07:53 PM 104,448 pacer.sys
07/13/2009 07:45 PM 79,360 parport.sys
07/13/2009 09:20 PM 56,912 partmgr.sys
07/13/2009 07:45 PM 8,704 parvdm.sys
07/13/2009 09:20 PM 153,680 pci.sys
07/13/2009 09:20 PM 12,368 pciide.sys
07/13/2009 09:19 PM 42,560 pciidex.sys
07/13/2009 09:19 PM 180,288 pcmcia.sys
07/13/2009 09:19 PM 43,088 pcw.sys
07/13/2009 08:41 PM 586,752 PEAuth.sys
07/13/2009 07:51 PM 177,152 portcls.sys
07/13/2009 07:11 PM 52,224 processr.sys
07/13/2009 09:19 PM 1,383,488 ql2300.sys
07/13/2009 09:19 PM 106,064 ql40xx.sys
07/13/2009 07:54 PM 31,744 qwavedrv.sys
07/13/2009 07:54 PM 11,776 rasacd.sys
07/13/2009 07:54 PM 78,848 rasl2tp.sys
07/13/2009 07:54 PM 77,824 raspppoe.sys
07/13/2009 07:54 PM 73,728 raspptp.sys
07/13/2009 07:54 PM 75,264 rassstp.sys
07/13/2009 07:14 PM 241,664 rdbss.sys
07/13/2009 08:02 PM 18,944 rdpbus.sys
07/13/2009 08:01 PM 6,656 RDPCDD.sys
07/13/2009 08:02 PM 133,120 rdpdr.sys
07/13/2009 08:01 PM 6,656 RDPENCDD.sys
07/13/2009 08:01 PM 7,168 RDPREFMP.sys
07/13/2009 08:01 PM 177,152 rdpwd.sys
07/13/2009 09:19 PM 173,648 rdyboost.sys
07/13/2009 07:53 PM 117,248 rmcast.sys
07/13/2009 07:54 PM 33,280 RNDISMP.sys
07/13/2009 07:55 PM 8,192 rootmdm.sys
07/13/2009 07:53 PM 60,928 rspndr.sys
08/04/2009 10:48 AM 2,744,800 RTKVHDA.sys
07/13/2009 09:19 PM 85,568 sbp2port.sys
07/13/2009 07:33 PM 26,624 scfilter.sys
07/13/2009 09:19 PM 140,368 scsiport.sys
07/13/2009 04:50 PM 20,480 secdrv.sys
07/13/2009 07:45 PM 17,920 serenum.sys
07/13/2009 07:45 PM 83,456 serial.sys
07/13/2009 07:45 PM 19,968 sermouse.sys
07/13/2009 08:14 PM 9,216 serscan.sys
07/13/2009 07:45 PM 11,264 sffdisk.sys
07/13/2009 07:45 PM 12,288 sffp_mmc.sys
07/13/2009 07:45 PM 12,800 sffp_sd.sys
07/13/2009 07:45 PM 13,824 sfloppy.sys
07/13/2009 09:19 PM 52,304 SISAGP.SYS
07/13/2009 09:19 PM 40,016 sisraid2.sys
07/13/2009 09:19 PM 77,888 sisraid4.sys
07/13/2009 07:53 PM 71,168 smb.sys
07/13/2009 07:45 PM 17,408 smclib.sys
07/13/2009 09:19 PM 17,472 spldr.sys
07/13/2009 04:34 PM 405,504 spsys.sys
12/08/2009 04:05 AM 310,784 srv.sys
07/13/2009 07:14 PM 306,688 srv2.sys
12/08/2009 04:05 AM 113,664 srvnet.sys
07/13/2009 09:19 PM 21,072 stexstor.sys
07/13/2009 09:19 PM 144,960 storport.sys
07/13/2009 09:19 PM 28,224 storvsc.sys
07/13/2009 07:50 PM 53,632 stream.sys
07/13/2009 09:19 PM 12,240 swenum.sys
01/14/2010 01:01 AM 7,456 SYMEVENT.CAT
01/14/2010 01:01 AM 806 SYMEVENT.INF
01/14/2010 01:01 AM 124,976 SYMEVENT.SYS
08/22/2009 04:13 AM 25,648 SymIMV.sys
07/13/2009 07:45 PM 24,576 tape.sys
07/13/2009 09:19 PM 1,285,712 tcpip.sys
07/13/2009 07:54 PM 34,816 tcpipreg.sys
07/13/2009 07:12 PM 20,992 tdi.sys
07/13/2009 08:01 PM 17,920 tdpipe.sys
07/13/2009 08:01 PM 24,064 tdtcp.sys
07/13/2009 07:12 PM 74,240 tdx.sys
07/13/2009 09:19 PM 51,776 termdd.sys
07/13/2009 08:01 PM 30,208 tssecsrv.sys
07/13/2009 07:54 PM 108,544 tunnel.sys
07/13/2009 09:19 PM 55,888 UAGP35.SYS
07/13/2009 07:14 PM 246,784 udfs.sys
07/13/2009 09:19 PM 57,424 ULIAGPKX.SYS
07/13/2009 07:51 PM 39,936 umbus.sys
01/14/2010 01:53 AM UMDF
07/13/2009 07:51 PM 8,192 umpass.sys
07/13/2009 07:54 PM 15,872 usb8023.sys
08/28/2009 08:42 PM 40,448 usbaapl.sys
07/13/2009 07:51 PM 80,640 USBAUDIO.sys
07/13/2009 07:51 PM 25,856 USBCAMD.sys
07/13/2009 07:51 PM 25,856 USBCAMD2.sys
07/13/2009 07:51 PM 75,264 usbccgp.sys
07/13/2009 07:51 PM 86,016 usbcir.sys
07/13/2009 07:51 PM 5,888 usbd.sys
10/23/2009 11:58 PM 41,984 usbehci.sys
10/24/2009 12:00 AM 258,560 usbhub.sys
07/13/2009 07:51 PM 20,480 usbohci.sys
07/13/2009 07:51 PM 284,160 usbport.sys
07/13/2009 08:17 PM 19,968 usbprint.sys
07/13/2009 08:14 PM 26,112 usbrpm.sys
07/13/2009 07:51 PM 74,752 USBSTOR.SYS
07/13/2009 07:51 PM 24,064 usbuhci.sys
07/13/2009 09:19 PM 32,832 vdrvroot.sys
07/13/2009 07:25 PM 25,088 vga.sys
07/13/2009 07:25 PM 26,112 vgapnp.sys
07/13/2009 09:19 PM 159,824 vhdmp.sys
07/13/2009 09:19 PM 53,328 VIAAGP.SYS
07/13/2009 07:11 PM 52,736 viac7.sys
07/13/2009 09:19 PM 16,976 viaide.sys
07/13/2009 07:25 PM 111,616 videoprt.sys
07/13/2009 09:19 PM 175,824 vmbus.sys
07/13/2009 07:28 PM 17,920 VMBusHID.sys
07/13/2009 07:28 PM 5,632 vms3cap.sys
07/13/2009 09:19 PM 40,896 vmstorfl.sys
07/13/2009 09:19 PM 53,312 volmgr.sys
07/13/2009 09:19 PM 297,040 volmgrx.sys
07/13/2009 09:19 PM 245,328 volsnap.sys
07/13/2009 09:19 PM 141,904 vsmraid.sys
07/13/2009 07:52 PM 19,968 vwifibus.sys
07/13/2009 07:52 PM 48,128 vwififlt.sys
07/13/2009 07:52 PM 14,336 vwifimp.sys
07/13/2009 07:46 PM 21,632 wacompen.sys
07/13/2009 07:55 PM 63,488 wanarp.sys
07/13/2009 07:24 PM 35,328 watchdog.sys
07/13/2009 09:19 PM 19,024 wd.sys
07/13/2009 09:19 PM 445,008 Wdf01000.sys
07/13/2009 09:19 PM 38,480 WdfLdr.sys
07/13/2009 07:53 PM 9,728 wfplwf.sys
07/13/2009 09:19 PM 19,008 wimmount.sys
07/13/2009 09:20 PM 43,600 winhv.sys
07/13/2009 07:19 PM 11,264 wmiacpi.sys
07/13/2009 09:19 PM 14,912 wmilib.sys
07/13/2009 07:55 PM 16,384 ws2ifsl.sys
07/13/2009 07:50 PM 92,672 WUDFPf.sys
07/13/2009 07:50 PM 132,224 WUDFRd.sys
311 File(s) 57,161,081 bytes

Directory of C:\Windows\System32\Drivers\en-US

07/14/2009 12:56 AM .
07/14/2009 12:56 AM ..
07/13/2009 10:09 PM 11,776 1394ohci.sys.mui
07/13/2009 10:06 PM 9,216 acpi.sys.mui
07/13/2009 10:08 PM 14,848 afd.sys.mui
07/13/2009 10:07 PM 2,560 AGP440.sys.mui
07/13/2009 10:03 PM 2,560 AMDAGP.SYS.mui
07/13/2009 10:07 PM 2,048 amdide.sys.mui
07/13/2009 10:07 PM 14,336 amdk8.sys.mui
07/13/2009 10:07 PM 14,336 amdppm.sys.mui
07/13/2009 10:06 PM 3,072 ataport.sys.mui
07/13/2009 10:05 PM 3,072 atikmdag.sys.mui
07/13/2009 10:04 PM 9,728 b57nd60x.sys.mui
07/13/2009 10:04 PM 7,168 battc.sys.mui
07/13/2009 10:08 PM 5,120 bcm4sbxp.sys.mui
07/13/2009 10:09 PM 25,600 bfe.dll.mui
07/13/2009 10:02 PM 2,560 BrParwdm.sys.mui
07/13/2009 10:04 PM 10,240 BrSerIb.sys.mui
07/13/2009 10:09 PM 10,240 BrSerId.sys.mui
07/13/2009 10:09 PM 2,048 bthenum.sys.mui
07/13/2009 10:02 PM 4,608 bthpan.sys.mui
07/13/2009 10:07 PM 7,680 bthport.sys.mui
07/13/2009 10:09 PM 2,560 BTHUSB.SYS.mui
07/13/2009 10:06 PM 2,048 cdrom.sys.mui
07/13/2009 10:08 PM 2,048 disk.sys.mui
07/13/2009 10:06 PM 2,560 Dot4usb.sys.mui
07/13/2009 10:03 PM 5,120 e100b325.sys.mui
07/13/2009 10:06 PM 19,968 e1e6032.sys.mui
07/13/2009 10:09 PM 16,896 E1G60I32.sys.mui
07/13/2009 10:02 PM 10,240 e1k6032.sys.mui
07/13/2009 10:09 PM 10,752 e1q6032.sys.mui
07/13/2009 10:08 PM 19,968 e1y6032.sys.mui
07/13/2009 10:03 PM 5,120 fltmgr.sys.mui
07/13/2009 10:04 PM 14,336 fvevol.sys.mui
07/13/2009 10:04 PM 2,560 GAGP30KX.SYS.mui
07/13/2009 10:07 PM 3,072 getn62.sys.mui
07/13/2009 10:06 PM 4,096 hdaudbus.sys.mui
07/13/2009 10:09 PM 3,072 HdAudio.sys.mui
07/13/2009 10:07 PM 3,072 hidbth.sys.mui
07/13/2009 10:07 PM 32,256 http.sys.mui
07/13/2009 10:04 PM 10,240 i8042prt.sys.mui
07/13/2009 10:05 PM 14,336 intelppm.sys.mui
07/13/2009 10:07 PM 5,632 IPMIDrv.sys.mui
07/13/2009 10:03 PM 3,584 ipnat.sys.mui
07/13/2009 10:05 PM 3,584 isapnp.sys.mui
07/13/2009 10:10 PM 9,728 k57nd60x.sys.mui
07/13/2009 10:04 PM 4,096 kbdclass.sys.mui
07/13/2009 10:09 PM 2,560 kbdhid.sys.mui
07/13/2009 10:07 PM 9,728 ltmdmnt.sys.mui
07/13/2009 10:08 PM 6,144 luafv.sys.mui
07/13/2009 10:06 PM 3,584 modem.sys.mui
07/13/2009 10:08 PM 4,096 mouclass.sys.mui
07/13/2009 10:06 PM 2,560 mouhid.sys.mui
07/13/2009 10:07 PM 2,560 mountmgr.sys.mui
07/13/2009 10:07 PM 26,624 mpio.sys.mui
07/13/2009 10:10 PM 5,632 msdsm.sys.mui
07/13/2009 10:01 PM 3,072 mssmbios.sys.mui
07/13/2009 10:04 PM 2,560 MTConfig.sys.mui
07/13/2009 10:01 PM 35,328 ndis.sys.mui
07/13/2009 10:09 PM 5,632 ndiscap.sys.mui
07/13/2009 10:01 PM 3,072 ndisuio.sys.mui
07/13/2009 10:08 PM 59,904 ntfs.sys.mui
07/13/2009 10:02 PM 2,560 NV_AGP.SYS.mui
07/13/2009 10:06 PM 13,824 nwifi.sys.mui
07/13/2009 10:09 PM 11,776 ohci1394.sys.mui
07/13/2009 10:07 PM 15,360 pacer.sys.mui
07/13/2009 10:01 PM 3,584 parport.sys.mui
07/13/2009 10:08 PM 2,560 partmgr.sys.mui
07/13/2009 10:04 PM 2,560 parvdm.sys.mui
07/13/2009 10:04 PM 8,192 pci.sys.mui
07/13/2009 10:02 PM 4,096 pcmcia.sys.mui
07/13/2009 10:04 PM 2,560 pnpmem.sys.mui
07/13/2009 10:02 PM 3,584 portcls.sys.mui
07/13/2009 10:02 PM 14,336 processr.sys.mui
07/13/2009 10:03 PM 3,584 pscr.sys.mui
07/13/2009 10:04 PM 2,560 qwavedrv.sys.mui
07/13/2009 10:02 PM 4,608 rdbss.sys.mui
07/13/2009 10:07 PM 3,072 RNDISMP.sys.mui
07/13/2009 10:02 PM 3,072 rndismp6.sys.mui
07/13/2009 10:07 PM 3,072 rndismpx.sys.mui
07/13/2009 10:05 PM 2,560 scfilter.sys.mui
07/13/2009 10:04 PM 3,072 scsiport.sys.mui
07/13/2009 10:09 PM 10,240 serial.sys.mui
07/13/2009 10:04 PM 5,120 sermouse.sys.mui
07/13/2009 10:08 PM 2,560 serscan.sys.mui
07/13/2009 10:08 PM 2,560 SISAGP.SYS.mui
07/13/2009 10:08 PM 2,560 srv.sys.mui
07/13/2009 10:08 PM 44,032 tcpip.sys.mui
07/13/2009 10:06 PM 4,096 tpm.sys.mui
07/13/2009 10:03 PM 7,680 tunnel.sys.mui
07/13/2009 10:04 PM 2,560 UAGP35.SYS.mui
07/13/2009 10:04 PM 2,560 ULIAGPKX.SYS.mui
07/13/2009 10:07 PM 3,072 umbus.sys.mui
07/13/2009 10:04 PM 11,776 usbhub.sys.mui
07/13/2009 10:02 PM 24,576 usbport.sys.mui
07/13/2009 10:03 PM 2,048 usbrpm.sys.mui
07/13/2009 10:02 PM 3,584 vdrvroot.sys.mui
07/13/2009 10:05 PM 3,584 vhdmp.sys.mui
07/13/2009 10:07 PM 2,560 VIAAGP.SYS.mui
07/13/2009 10:09 PM 14,336 viac7.sys.mui
07/13/2009 10:09 PM 2,560 volmgrx.sys.mui
07/13/2009 10:03 PM 23,552 volsnap.sys.mui
07/13/2009 10:06 PM 2,048 vwifibus.sys.mui
07/13/2009 10:10 PM 4,096 wacompen.sys.mui
07/13/2009 10:09 PM 2,048 wd.sys.mui
07/13/2009 10:07 PM 2,560 wdf01000.sys.mui
07/13/2009 10:04 PM 2,048 ws2ifsl.sys.mui
07/13/2009 10:03 PM 32,256 yk62x86.sys.mui
106 File(s) 878,080 bytes

Directory of C:\Windows\System32\Drivers\etc

07/13/2009 10:37 PM .
07/13/2009 10:37 PM ..
06/10/2009 05:39 PM 824 hosts
06/10/2009 05:39 PM 3,683 lmhosts.sam
06/10/2009 05:39 PM 407 networks
06/10/2009 05:39 PM 1,358 protocol
06/10/2009 05:39 PM 17,463 services
5 File(s) 23,735 bytes

Directory of C:\Windows\System32\Drivers\N360

02/05/2010 04:44 PM .
02/05/2010 04:44 PM ..
02/04/2010 11:18 PM 0308000.029
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\N360\0308000.029

02/04/2010 11:18 PM .
02/04/2010 11:18 PM ..
08/22/2009 04:14 AM 7,400 BHDrvx86.CAT
08/22/2009 04:14 AM 640 BHDrvx86.inf
08/22/2009 04:14 AM 259,632 BHDrvx86.sys
04/23/2010 11:59 AM 934,396 Cat.DB
08/22/2009 04:14 AM 7,383 ccHPx86.cat
08/22/2009 04:14 AM 1,752 ccHPx86.inf
08/22/2009 04:14 AM 482,432 cchpx86.sys
02/03/2010 06:01 PM 172 isolate.ini
08/22/2009 04:14 AM 7,425 srtsp.cat
08/22/2009 04:14 AM 1,382 srtsp.inf
08/22/2009 04:14 AM 308,272 srtsp.sys
08/22/2009 04:14 AM 7,429 srtspx.cat
08/22/2009 04:14 AM 1,388 srtspx.inf
08/22/2009 04:14 AM 43,696 srtspx.sys
08/22/2009 04:14 AM 7,431 SymEFA.cat
08/22/2009 04:14 AM 3,373 SymEFA.inf
08/22/2009 04:14 AM 310,320 SymEFA.sys
08/22/2009 04:14 AM 89,904 symfw.sys
08/22/2009 04:14 AM 33,072 symids.sys
08/22/2009 04:14 AM 36,400 symndis.sys
08/22/2009 04:14 AM 48,688 symndisv.sys
08/22/2009 04:14 AM 9,402 SymNet.cat
08/22/2009 04:14 AM 1,561 SymNet.inf
01/14/2010 01:00 AM 9,412 symnetv.cat
01/14/2010 01:00 AM 1,562 SymNetV.inf
08/22/2009 04:14 AM 217,136 symtdi.sys
26 File(s) 2,831,660 bytes

Directory of C:\Windows\System32\Drivers\UMDF

01/14/2010 01:53 AM .
01/14/2010 01:53 AM ..
07/14/2009 12:56 AM en-US
07/13/2009 09:16 PM 226,816 WpdFs.dll
1 File(s) 226,816 bytes

Directory of C:\Windows\System32\Drivers\UMDF\en-US

07/14/2009 12:56 AM .
07/14/2009 12:56 AM ..
07/13/2009 10:04 PM 2,560 WpdMtpDr.dll.mui
07/13/2009 10:09 PM 6,144 WUDFUsbccidDriver.dll.mui
2 File(s) 8,704 bytes

Total Files Listed:
451 File(s) 61,130,076 bytes
20 Dir(s) 970,125,484,032 bytes free


***********************Hidden Drivers********************
Volume in drive C has no label.
Volume Serial Number is 40CE-63B3

Directory of C:\Windows\System32\Drivers

01/14/2010 01:53 AM 0 Msft_User_WpdFs_01_09_00.Wdf
1 File(s) 0 bytes
0 Dir(s) 970,125,488,128 bytes free


*********************Processes*******************


PROCESS PID PRIO PATH
smss.exe 288 Normal C:\Windows\System32\smss.exe
csrss.exe 432 Normal C:\Windows\system32\csrss.exe
wininit.exe 500 High C:\Windows\system32\wininit.exe
csrss.exe 516 Normal C:\Windows\system32\csrss.exe
services.exe 560 Normal C:\Windows\system32\services.exe
lsass.exe 576 Normal C:\Windows\system32\lsass.exe
lsm.exe 584 Normal C:\Windows\system32\lsm.exe
winlogon.exe 640 High C:\Windows\system32\winlogon.exe
svchost.exe 720 Normal C:\Windows\system32\svchost.exe
nvvsvc.exe 784 Normal C:\Windows\system32\nvvsvc.exe
svchost.exe 828 Normal C:\Windows\system32\svchost.exe
svchost.exe 876 Normal C:\Windows\System32\svchost.exe
svchost.exe 976 Normal C:\Windows\System32\svchost.exe
svchost.exe 1012 Normal C:\Windows\system32\svchost.exe
svchost.exe 1164 Normal C:\Windows\system32\svchost.exe
nvvsvc.exe 1240 Normal C:\Windows\system32\nvvsvc.exe
svchost.exe 1348 Normal C:\Windows\system32\svchost.exe
spoolsv.exe 1532 Normal C:\Windows\System32\spoolsv.exe
svchost.exe 1568 Normal C:\Windows\system32\svchost.exe
svchost.exe 1632 Normal C:\Windows\System32\svchost.exe
AppleMobileDeviceService.exe 1660 Normal C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
mDNSResponder.exe 1696 Normal C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe 1768 Normal C:\Windows\system32\svchost.exe
LVPrcSrv.exe 1808 Normal C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
ccSvcHst.exe 1864 Normal C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
svchost.exe 1952 Normal C:\Windows\System32\svchost.exe
svchost.exe 2020 Normal C:\Windows\System32\svchost.exe
svchost.exe 308 Normal C:\Windows\system32\svchost.exe
SearchIndexer.exe 2448 Normal C:\Windows\system32\SearchIndexer.exe
svchost.exe 2584 Below Normal C:\Windows\system32\svchost.exe
svchost.exe 2656 Normal C:\Windows\system32\svchost.exe
WUDFHost.exe 2700 Normal C:\Windows\system32\WUDFHost.exe
svchost.exe 2824 Normal C:\Windows\system32\svchost.exe
taskhost.exe 3128 Normal C:\Windows\system32\taskhost.exe
ccSvcHst.exe 3220 Normal C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
Dwm.exe 3280 High C:\Windows\system32\Dwm.exe
Explorer.EXE 3344 Normal C:\Windows\Explorer.EXE
HpqSRmon.exe 3848 Normal C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
jusched.exe 3988 Normal C:\Program Files\Common Files\Java\Java Update\jusched.exe
GoogleToolbarNotifier.exe 4016 Normal C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
wmpnetwk.exe 2440 Normal C:\Program Files\Windows Media Player\wmpnetwk.exe
svchost.exe 3480 Normal C:\Windows\System32\svchost.exe
taskhost.exe 708 Below Normal C:\Windows\system32\taskhost.exe
svchost.exe 4004 Below Normal C:\Windows\system32\svchost.exe
hpswp_clipbook.exe 276 Normal C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
iexplore.exe 2468 Normal C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe 5524 Normal C:\Program Files\Internet Explorer\iexplore.exe
SearchProtocolHost.exe 4584 Idle C:\Windows\system32\SearchProtocolHost.exe
SearchFilterHost.exe 3688 Idle C:\Windows\system32\SearchFilterHost.exe
cmd.exe 5108 Normal C:\Windows\system32\cmd.exe
conhost.exe 3540 Normal C:\Windows\system32\conhost.exe
processes.exe 6076 Normal C:\Users\John\Desktop\SpiderKill\SpiderKill\processes.exe


Module information for 'Explorer.EXE'(3344)
MODULE BASE SIZE PATH
Explorer.EXE 980000 2625536 C:\Windows\Explorer.EXE 6.1.7600.16385 (win7_rtm.090713-1255) Windows Explorer
ntdll.dll 77420000 1294336 C:\Windows\SYSTEM32\ntdll.dll 6.1.7600.16385 (win7_rtm.090713-1255) NT Layer DLL
kernel32.dll 75990000 868352 C:\Windows\system32\kernel32.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows NT BASE API Client DLL
KERNELBASE.dll 75620000 303104 C:\Windows\system32\KERNELBASE.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows NT BASE API Client DLL
ADVAPI32.dll 762f0000 655360 C:\Windows\system32\ADVAPI32.dll 6.1.7600.16385 (win7_rtm.090713-1255) Advanced Windows 32 Base API
msvcrt.dll 75c00000 704512 C:\Windows\system32\msvcrt.dll 7.0.7600.16385 (win7_rtm.090713-1255) Windows NT CRT DLL
sechost.dll 75910000 102400 C:\Windows\SYSTEM32\sechost.dll 6.1.7600.16385 (win7_rtm.090713-1255) Host for SCM/SDDL/LSA Lookup APIs
RPCRT4.dll 75a70000 659456 C:\Windows\system32\RPCRT4.dll 6.1.7600.16385 (win7_rtm.090713-1255) Remote Procedure Call Runtime
GDI32.dll 77570000 319488 C:\Windows\system32\GDI32.dll 6.1.7600.16385 (win7_rtm.090713-1255) GDI Client DLL
USER32.dll 75b30000 823296 C:\Windows\system32\USER32.dll 6.1.7600.16385 (win7_rtm.090713-1255) Multi-User Windows USER API Client DLL
LPK.dll 75980000 40960 C:\Windows\system32\LPK.dll 6.1.7600.16385 (win7_rtm.090713-1255) Language Pack
USP10.dll 75870000 643072 C:\Windows\system32\USP10.dll 1.0626.7600.16385 (win7_rtm.090713-1255) Uniscribe Unicode script processor
SHLWAPI.dll 76280000 356352 C:\Windows\system32\SHLWAPI.dll 6.1.7600.16385 (win7_rtm.090713-1255) Shell Light-weight Utility Library
SHELL32.dll 76600000 12881920 C:\Windows\system32\SHELL32.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Shell Common Dll
ole32.dll 76410000 1425408 C:\Windows\system32\ole32.dll 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft OLE for Windows
OLEAUT32.dll 76570000 585728 C:\Windows\system32\OLEAUT32.dll 6.1.7600.16385 6.1.7600.16385
EXPLORERFRAME.dll 6dcc0000 1503232 C:\Windows\system32\EXPLORERFRAME.dll 6.1.7600.16385 (win7_rtm.090713-1255) ExplorerFrame
DUser.dll 74100000 192512 C:\Windows\system32\DUser.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows DirectUser Engine
DUI70.dll 74130000 729088 C:\Windows\system32\DUI70.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows DirectUI Engine
IMM32.dll 76190000 126976 C:\Windows\system32\IMM32.dll 6.1.7600.16385 (win7_rtm.090713-1255) Multi-User Windows IMM32 API Client DLL
MSCTF.dll 761b0000 835584 C:\Windows\system32\MSCTF.dll 6.1.7600.16385 (win7_rtm.090713-1255) MSCTF Server DLL
UxTheme.dll 74380000 262144 C:\Windows\system32\UxTheme.dll 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft UxTheme Library
POWRPROF.dll 73e40000 151552 C:\Windows\system32\POWRPROF.dll 6.1.7600.16385 (win7_rtm.090713-1255) Power Profile Helper DLL
SETUPAPI.dll 75cf0000 1691648 C:\Windows\system32\SETUPAPI.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Setup API
CFGMGR32.dll 75720000 159744 C:\Windows\system32\CFGMGR32.dll 6.1.7600.16385 (win7_rtm.090713-1255) Configuration Manager DLL
DEVOBJ.dll 75700000 73728 C:\Windows\system32\DEVOBJ.dll 6.1.7600.16385 (win7_rtm.090713-1255) Device Information Set DLL
dwmapi.dll 74050000 77824 C:\Windows\system32\dwmapi.dll 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft Desktop Window Manager API
slc.dll 73910000 40960 C:\Windows\system32\slc.dll 6.1.7600.16385 (win7_rtm.090713-1255) Software Licensing Client Dll
gdiplus.dll 741f0000 1638400 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft GDI+
Secur32.dll 752c0000 32768 C:\Windows\system32\Secur32.dll 6.1.7600.16385 (win7_rtm.090713-1255) Security Support Provider Interface
SSPICLI.DLL 75480000 106496 C:\Windows\system32\SSPICLI.DLL 6.1.7600.16385 (win7_rtm.090713-1255) Security Support Provider Interface
PROPSYS.dll 743c0000 1003520 C:\Windows\system32\PROPSYS.dll 7.00.7600.16385 (win7_rtm.090713-1255) Microsoft Property System
CRYPTBASE.dll 754f0000 49152 C:\Windows\system32\CRYPTBASE.dll 6.1.7600.16385 (win7_rtm.090713-1255) Base cryptographic API DLL
comctl32.dll 74500000 1695744 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll 5.82 (win7_rtm.090713-1255) Common Controls Library
WindowsCodecs.dll 73ef0000 1028096 C:\Windows\system32\WindowsCodecs.dll 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft Windows Codecs Library
profapi.dll 75570000 45056 C:\Windows\system32\profapi.dll 6.1.7600.16385 (win7_rtm.090713-1255) User Profile Basic API
apphelp.dll 754a0000 307200 C:\Windows\system32\apphelp.dll 6.1.7600.16385 (win7_rtm.090713-1255) Application Compatibility Client Library
CLBCatQ.DLL 775c0000 536576 C:\Windows\system32\CLBCatQ.DLL 2001.12.8530.16385 (win7_rtm.090713-1255) COM+ Configuration Catalog
EhStorShell.dll 6d020000 200704 C:\Windows\system32\EhStorShell.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Enhanced Storage Shell Extension DLL
cscui.dll 6cfb0000 434176 C:\Windows\System32\cscui.dll 6.1.7600.16385 (win7_rtm.090713-1255) Client Side Caching UI
CSCDLL.dll 6cfa0000 36864 C:\Windows\System32\CSCDLL.dll 6.1.7600.16385 (win7_rtm.090713-1255) Offline Files Temporary Shim
CSCAPI.dll 6fa80000 45056 C:\Windows\system32\CSCAPI.dll 6.1.7600.16385 (win7_rtm.090713-1255) Offline Files Win32 API
buShell.dll 6f180000 2453504 C:\Program Files\Norton 360\Engine\3.8.0.41\buShell.dll 2.6.00.5 Backup Shell
MSVCP80.dll 70ec0000 552960 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCP80.dll 8.00.50727.4927 Microsoft® C++ Runtime Library
MSVCR80.dll 70e20000 634880 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCR80.dll 8.00.50727.4927 Microsoft® C Runtime Library
ccL80U.dll 6ae10000 532480 C:\Program Files\Norton 360\Engine\3.8.0.41\ccL80U.dll 108.1.1.10 Symantec Library
ws2_32.dll 75cb0000 217088 C:\Windows\system32\ws2_32.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Socket 2.0 32-Bit DLL
NSI.dll 762e0000 24576 C:\Windows\system32\NSI.dll 6.1.7600.16385 (win7_rtm.090713-1255) NSI User-mode interface DLL
EFACli.dll 69380000 49152 C:\Program Files\Norton 360\Engine\3.8.0.41\EFACli.dll 1.1.0.4 Symantec Extended File Attributes
ntshrui.dll 6fa90000 454656 C:\Windows\system32\ntshrui.dll 6.1.7600.16385 (win7_rtm.090713-1255) Shell extensions for sharing
srvcli.dll 75120000 102400 C:\Windows\system32\srvcli.dll 6.1.7600.16385 (win7_rtm.090713-1255) Server Service Client DLL
IconCodecService.dll 6cf90000 24576 C:\Windows\system32\IconCodecService.dll 6.1.7600.16385 (win7_rtm.090713-1255) Converts a PNG part of the icon to a legacy bmp icon
CRYPTSP.dll 75020000 90112 C:\Windows\system32\CRYPTSP.dll 6.1.7600.16385 (win7_rtm.090713-1255) Cryptographic Service Provider API
rsaenh.dll 74d90000 241664 C:\Windows\system32\rsaenh.dll 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft Enhanced Cryptographic Provider
RpcRtRemote.dll 75560000 57344 C:\Windows\system32\RpcRtRemote.dll 6.1.7600.16385 (win7_rtm.090713-1255) Remote RPC Extension
SndVolSSO.DLL 740c0000 229376 C:\Windows\system32\SndVolSSO.DLL 6.1.7600.16385 (win7_rtm.090713-1255) SCA Volume
HID.DLL 740b0000 36864 C:\Windows\system32\HID.DLL 6.1.7600.16385 (win7_rtm.090713-1255) Hid User Library
MMDevApi.dll 74070000 233472 C:\Windows\System32\MMDevApi.dll 6.1.7600.16385 (win7_rtm.090713-1255) MMDevice API
timedate.cpl 6ce70000 491520 C:\Windows\system32\timedate.cpl 6.1.7600.16385 (win7_rtm.090713-1255) Time Date Control Panel Applet
ATL.DLL 73940000 81920 C:\Windows\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
actxprxy.dll 6fb00000 319488 C:\Windows\system32\actxprxy.dll 6.1.7600.16385 (win7_rtm.090713-1255) ActiveX Interface Marshaling Library
ntmarta.dll 73b80000 135168 C:\Windows\system32\ntmarta.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows NT MARTA provider
WLDAP32.dll 75930000 282624 C:\Windows\system32\WLDAP32.dll 6.1.7600.16385 (win7_rtm.090713-1255) Win32 LDAP API DLL
shdocvw.dll 6ce40000 188416 C:\Windows\System32\shdocvw.dll 6.1.7600.16385 (win7_rtm.090713-1255) Shell Doc Object and Control Library
LINKINFO.dll 6d080000 36864 C:\Windows\system32\LINKINFO.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Volume Tracking
USERENV.dll 74bd0000 94208 C:\Windows\system32\USERENV.dll 6.1.7600.16385 (win7_rtm.090713-1255) Userenv
SAMLIB.dll 744c0000 73728 C:\Windows\system32\SAMLIB.dll 6.1.7600.16385 (win7_rtm.090713-1255) SAM Library DLL
samcli.dll 73ce0000 61440 C:\Windows\system32\samcli.dll 6.1.7600.16385 (win7_rtm.090713-1255) Security Accounts Manager Client DLL
netutils.dll 73d00000 36864 C:\Windows\system32\netutils.dll 6.1.7600.16385 (win7_rtm.090713-1255) Net Win32 API Helpers DLL
MsftEdit.dll 6cda0000 606208 C:\Windows\system32\MsftEdit.dll 5.41.21.2509 Rich Text Edit Control, v4.1
msls31.dll 6cd70000 172032 C:\Windows\system32\msls31.dll 3.10.349.0 Microsoft Line Services library file
tiptsf.dll 6cd10000 360448 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll 6.1.7600.16385 (win7_rtm.090713-1255) Tablet PC Input Panel Text Services Framework
authui.dll 747a0000 1798144 C:\Windows\system32\authui.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Authentication UI
CRYPTUI.dll 746a0000 1015808 C:\Windows\system32\CRYPTUI.dll 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft Trust UI Provider
CRYPT32.dll 75750000 1163264 C:\Windows\system32\CRYPT32.dll 6.1.7600.16385 (win7_rtm.090713-1255) Crypto API32
MSASN1.dll 755e0000 49152 C:\Windows\system32\MSASN1.dll 6.1.7600.16415 (win7_gdr.090828-1615) ASN.1 Runtime APIs
urlmon.dll 772e0000 1265664 C:\Windows\system32\urlmon.dll 8.00.7600.16385 (win7_rtm.090713-1255) OLE32 Extensions for Win32
iertutil.dll 75e90000 2068480 C:\Windows\system32\iertutil.dll 8.00.7600.16385 (win7_rtm.090713-1255) Run time utility for Internet Explorer
PSAPI.DLL 75b20000 20480 C:\Windows\system32\PSAPI.DLL 6.1.7600.16385 (win7_rtm.090713-1255) Process Status Helper
gameux.dll 6c970000 2588672 C:\Windows\System32\gameux.dll 6.1.7600.16385 (win7_rtm.090713-1255) Games Explorer
XmlLite.dll 74020000 192512 C:\Windows\System32\XmlLite.dll 1.3.1000.0 Microsoft XmlLite Library
wer.dll 6ed20000 393216 C:\Windows\System32\wer.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Error Reporting DLL
msiltcfg.dll 6c960000 28672 C:\Windows\system32\msiltcfg.dll 5.0.7600.16385 (win7_rtm.090713-1255) Windows Installer Configuration API Stub
VERSION.dll 74a70000 36864 C:\Windows\system32\VERSION.dll 6.1.7600.16385 (win7_rtm.090713-1255) Version Checking and File Installation Libraries
msi.dll 70190000 2359296 C:\Windows\system32\msi.dll 5.0.7600.16385 Windows Installer
WINMM.dll 73b40000 204800 C:\Windows\system32\WINMM.dll 6.1.7600.16385 (win7_rtm.090713-1255) MCI API DLL
wdmaud.drv 73a80000 196608 C:\Windows\system32\wdmaud.drv 6.1.7600.16385 (win7_rtm.090713-1255) Winmm audio system driver
ksuser.dll 739d0000 16384 C:\Windows\system32\ksuser.dll 6.1.7600.16385 (win7_rtm.090713-1255) User CSA Library
AVRT.dll 74010000 28672 C:\Windows\system32\AVRT.dll 6.1.7600.16385 (win7_rtm.090713-1255) Multimedia Realtime Runtime
AUDIOSES.DLL 737a0000 221184 C:\Windows\system32\AUDIOSES.DLL 6.1.7600.16385 (win7_rtm.090713-1255) Audio Session
ccVrTrst.dll 6b050000 94208 C:\Program Files\Norton 360\Engine\3.8.0.41\ccVrTrst.dll 108.1.1.10 Symantec Trust Validation Engine
WinTrust.dll 755f0000 184320 C:\Windows\system32\WinTrust.dll 6.1.7600.16493 (win7_gdr.091228-1501) Microsoft Trust Verification APIs
ccSet.dll 6afb0000 262144 C:\Program Files\Norton 360\Engine\3.8.0.41\ccSet.dll 108.1.1.10 Symantec Settings Manager Engine
ccIPC.dll 6ad80000 155648 C:\Program Files\Norton 360\Engine\3.8.0.41\ccIPC.dll 108.1.1.10 Symantec ccIPC Engine
ccGEvt.dll 6acf0000 286720 C:\Program Files\Norton 360\Engine\3.8.0.41\ccGEvt.dll 108.1.1.10 Symantec ccGenericEvent Engine
msacm32.drv 73780000 32768 C:\Windows\system32\msacm32.drv 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft Sound Mapper
MSACM32.dll 73760000 81920 C:\Windows\system32\MSACM32.dll 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft ACM Audio Filter
midimap.dll 73730000 28672 C:\Windows\system32\midimap.dll 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft MIDI Mapper
MPR.dll 6e3a0000 73728 C:\Windows\system32\MPR.dll 6.1.7600.16385 (win7_rtm.090713-1255) Multiple Provider Router DLL
drprov.dll 6cc90000 32768 C:\Windows\System32\drprov.dll 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft Remote Desktop Session Host Server Network Provider
WINSTA.dll 74ec0000 167936 C:\Windows\System32\WINSTA.dll 6.1.7600.16385 (win7_rtm.090713-1255) Winstation Library
ntlanman.dll 6cc70000 81920 C:\Windows\System32\ntlanman.dll 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft® Lan Manager
davclnt.dll 6cc30000 90112 C:\Windows\System32\davclnt.dll 6.1.7600.16385 (win7_rtm.090713-1255) Web DAV Client DLL
DAVHLPR.dll 6cc20000 32768 C:\Windows\System32\DAVHLPR.dll 6.1.7600.16385 (win7_rtm.090713-1255) DAV Helper DLL
wkscli.dll 73cf0000 61440 C:\Windows\system32\wkscli.dll 6.1.7600.16385 (win7_rtm.090713-1255) Workstation Service Client DLL
prnfldr.dll 6cef0000 409600 C:\Windows\system32\prnfldr.dll 6.1.7600.16385 (win7_rtm.090713-1255) prnfldr dll
WINSPOOL.DRV 71090000 331776 C:\Windows\system32\WINSPOOL.DRV 6.1.7600.16385 (win7_rtm.090713-1255) Windows Spooler Driver
stobject.dll 73df0000 233472 C:\Windows\system32\stobject.dll 6.1.7600.16385 (win7_rtm.090713-1255) Systray shell service object
BatMeter.dll 731c0000 749568 C:\Windows\system32\BatMeter.dll 6.1.7600.16385 (win7_rtm.090713-1255) Battery Meter Helper DLL
WTSAPI32.dll 73dd0000 53248 C:\Windows\system32\WTSAPI32.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Remote Desktop Session Host Server SDK APIs
es.dll 737f0000 290816 C:\Windows\system32\es.dll 2001.12.8530.16385 (win7_rtm.090713-1255) COM+
dxp.dll 73c70000 409600 C:\Windows\system32\dxp.dll 6.1.7600.16385 (win7_rtm.090713-1255) Device Stage Shell Extension
Syncreg.dll 73de0000 65536 C:\Windows\system32\Syncreg.dll 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft Synchronization Framework Registration
ehSSO.dll 73dc0000 32768 C:\Windows\ehome\ehSSO.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Media Center Shell Service Object
netshell.dll 6e130000 2510848 C:\Windows\System32\netshell.dll 6.1.7600.16385 (win7_rtm.090713-1255) Network Connections Shell
IPHLPAPI.DLL 732a0000 114688 C:\Windows\System32\IPHLPAPI.DLL 6.1.7600.16385 (win7_rtm.090713-1255) IP Helper API
WINNSI.DLL 73290000 28672 C:\Windows\System32\WINNSI.DLL 6.1.7600.16385 (win7_rtm.090713-1255) Network Store Information RPC interface
nlaapi.dll 739c0000 65536 C:\Windows\System32\nlaapi.dll 6.1.7600.16385 (win7_rtm.090713-1255) Network Location Awareness 2
AltTab.dll 73db0000 57344 C:\Windows\System32\AltTab.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Shell Alt Tab
wpdshserviceobj.dll 73d90000 118784 C:\Windows\system32\wpdshserviceobj.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Portable Device Shell Service Object
PortableDeviceTypes.dll 6e520000 176128 C:\Windows\system32\PortableDeviceTypes.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Portable Device (Parameter) Types Component
PortableDeviceApi.dll 6ec70000 561152 C:\Windows\system32\PortableDeviceApi.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Portable Device API Components
mssprxy.dll 6ee30000 49152 C:\Windows\system32\mssprxy.dll 7.00.7600.16385 (win7_rtm.090713-1255) Microsoft Search Proxy
pnidui.dll 72f80000 1761280 C:\Windows\System32\pnidui.dll 6.1.7600.16385 (win7_rtm.090713-1255) Network System Icon
QUtil.dll 73c50000 94208 C:\Windows\System32\QUtil.dll 6.1.7600.16385 (win7_rtm.090713-1255) Quarantine Utilities
wevtapi.dll 75230000 270336 C:\Windows\System32\wevtapi.dll 6.1.7600.16385 (win7_rtm.090713-1255) Eventing Consumption and Configuration API
dhcpcsvc6.DLL 716e0000 53248 C:\Windows\system32\dhcpcsvc6.DLL 6.1.7600.16385 (win7_rtm.090713-1255) DHCPv6 Client
dhcpcsvc.DLL 71960000 73728 C:\Windows\system32\dhcpcsvc.DLL 6.1.7600.16385 (win7_rtm.090713-1255) DHCP Client Service
credssp.dll 74c90000 32768 C:\Windows\system32\credssp.dll 6.1.7600.16385 (win7_rtm.090713-1255) Credential Delegation Security Package
npmproxy.dll 6eee0000 32768 C:\Windows\System32\npmproxy.dll 6.1.7600.16385 (win7_rtm.090713-1255) Network List Manager Proxy
cscobj.dll 72e80000 151552 C:\Windows\System32\cscobj.dll 6.1.7600.16385 (win7_rtm.090713-1255) In-proc COM object used by clients of CSC API
Wlanapi.dll 72e60000 90112 C:\Windows\system32\Wlanapi.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows WLAN AutoConfig Client Side API DLL
wlanutil.dll 718e0000 24576 C:\Windows\system32\wlanutil.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Wireless LAN 802.11 Utility DLL
srchadmin.dll 72e10000 315392 C:\Windows\System32\srchadmin.dll 7.00.7600.16385 (win7_rtm.090713-1255) Indexing Options
wwanapi.dll 72dc0000 294912 C:\Windows\system32\wwanapi.dll 6.1.7600.16385 (win7_rtm.090713-1255) Mbnapi
wwapi.dll 73d30000 40960 C:\Windows\system32\wwapi.dll 08.01.02.00 (win7_rtm.090713-1255) WWAN API
QAgent.dll 73190000 188416 C:\Windows\System32\QAgent.dll 6.1.7600.16385 (win7_rtm.090713-1255) Quarantine Agent Proxy
SXS.DLL 75500000 389120 C:\Windows\system32\SXS.DLL 6.1.7600.16385 (win7_rtm.090713-1255) Fusion 2.5
bthprops.cpl 72c10000 720896 C:\Windows\System32\bthprops.cpl 6.1.7600.16385 (win7_rtm.090713-1255) Bluetooth Control Panel Applet
ieframe.dll 72190000 10997760 C:\Windows\System32\ieframe.dll 8.00.7600.16385 (win7_rtm.090713-1255) Internet Browser
OLEACC.dll 6eea0000 245760 C:\Windows\System32\OLEACC.dll 7.0.0.0 (win7_rtm.090713-1255) Active Accessibility Core Component
SyncCenter.dll 6b3d0000 2154496 C:\Windows\System32\SyncCenter.dll 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft Sync Center
Actioncenter.dll 71fd0000 761856 C:\Windows\System32\Actioncenter.dll 6.1.7600.16385 (win7_rtm.090713-1255) Action Center
imapi2.dll 71f60000 409600 C:\Windows\system32\imapi2.dll 6.1.7600.16385 (win7_rtm.090713-1255) Image Mastering API v2
hgcpl.dll 73140000 323584 C:\Windows\System32\hgcpl.dll 6.1.7600.16385 (win7_rtm.090713-1255) HomeGroup Control Panel
provsvc.dll 71f30000 176128 C:\Windows\System32\provsvc.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows HomeGroup
fxsst.dll 6a310000 860160 C:\Windows\system32\fxsst.dll 6.1.7600.16385 (win7_rtm.090713-1255) Fax Service
FXSAPI.dll 6a2d0000 237568 C:\Windows\system32\FXSAPI.dll 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft Fax API Support DLL
FXSRESM.DLL 6e430000 929792 C:\Windows\system32\FXSRESM.DLL 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft Fax Resource DLL
UIAnimation.dll 72d40000 110592 C:\Windows\System32\UIAnimation.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Animation Manager
DEVRTL.dll 74d70000 57344 C:\Windows\system32\DEVRTL.dll 6.1.7600.16385 (win7_rtm.090713-1255) Device Management Run Time Library
WININET.dll 76090000 999424 C:\Windows\system32\WININET.dll 8.00.7600.16385 (win7_rtm.090713-1255) Internet Extensions for Win32
Normaliz.dll 77560000 12288 C:\Windows\system32\Normaliz.dll 6.1.7600.16385 (win7_rtm.090713-1255) Unicode Normalization DLL
wscinterop.dll 6efc0000 106496 C:\Windows\System32\wscinterop.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Health Center WSC Interop
WSCAPI.dll 6efb0000 61440 C:\Windows\System32\WSCAPI.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Security Center API
wscui.cpl 6d900000 1155072 C:\Windows\System32\wscui.cpl 6.1.7600.16385 (win7_rtm.090713-1255) Action Center
werconcpl.dll 67de0000 1073152 C:\Windows\System32\werconcpl.dll 6.1.7600.16385 (win7_rtm.090713-1255) PRS CPL
framedynos.dll 6ea20000 217088 C:\Windows\System32\framedynos.dll 6.1.7600.16385 (win7_rtm.090713-1255) WMI SDK Provider Framework
wercplsupport.dll 6ea00000 73728 C:\Windows\System32\wercplsupport.dll 6.1.7600.16385 (win7_rtm.090713-1255) Problem Reports and Solutions
msxml6.dll 716f0000 1404928 C:\Windows\System32\msxml6.dll 6.30.7600.16385 MSXML 6.0 SP3
hcproviders.dll 6e9f0000 36864 C:\Windows\System32\hcproviders.dll 6.1.7600.16385 (win7_rtm.090713-1255) Action Center Providers
ieproxy.dll 699c0000 176128 C:\Program Files\Internet Explorer\ieproxy.dll 8.00.7600.16535 (win7_gdr.100222-1515) IE ActiveX Interface Marshaling Library
NetworkExplorer.dll 6c7c0000 1671168 C:\Windows\system32\NetworkExplorer.dll 6.1.7600.16385 (win7_rtm.090713-1255) Network Explorer
StructuredQuery.dll 73560000 376832 C:\Windows\System32\StructuredQuery.dll 7.00.7600.16385 (win7_rtm.090713-1255) Structured Query
dfscli.dll 71ce0000 53248 C:\Windows\system32\dfscli.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows NT Distributed File System Client DLL
browcli.dll 71cd0000 53248 C:\Windows\system32\browcli.dll 6.1.7600.16385 (win7_rtm.090713-1255) Browser Service Client DLL
mswsock.dll 74fe0000 245760 C:\Windows\system32\mswsock.dll 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft Windows Sockets 2.0 Service Provider
DNSAPI.dll 74e70000 278528 C:\Windows\system32\DNSAPI.dll 6.1.7600.16385 (win7_rtm.090713-1255) DNS Client API DLL
rasadhlp.dll 703d0000 24576 C:\Windows\system32\rasadhlp.dll 6.1.7600.16385 (win7_rtm.090713-1255) Remote Access AutoDial Helper
buComm.dll 6ef00000 335872 C:\Program Files\Norton 360\Engine\3.8.0.41\buComm.dll 2.6.00.5 Backup Common
BuEng.dll 6230000 1462272 C:\Program Files\Norton 360\Engine\3.8.0.41\BuEng.dll 2.00.313 SwapDrive Backup Engine
WSOCK32.dll 736b0000 28672 C:\Windows\system32\WSOCK32.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Socket 32-Bit DLL
MLANG.dll 6b380000 188416 C:\Windows\system32\MLANG.dll 6.1.7600.16385 (win7_rtm.090713-1255) Multi Language Support DLL
thumbcache.dll 6cc50000 90112 C:\Windows\system32\thumbcache.dll 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft Thumbnail Cache
zipfldr.dll 69b50000 335872 C:\Windows\system32\zipfldr.dll 6.1.7600.16385 (win7_rtm.090713-1255) Compressed (zipped) Folders
twext.dll 6b5e0000 159744 C:\Windows\system32\twext.dll 6.1.7600.16385 (win7_rtm.090713-1255) Previous Versions property page
NavShExt.dll 677b0000 278528 C:\Program Files\Norton 360\Engine\3.8.0.41\NavShExt.dll 16.8.0.41 Symantec Shared Component Shell Extension Module
mbamext.dll 10000000 98304 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll 1.45 Malwarebytes' Anti-Malware
syncui.dll 6a3f0000 167936 C:\Windows\system32\syncui.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Briefcase
SYNCENG.dll 6cc00000 90112 C:\Windows\system32\SYNCENG.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Briefcase Engine
EhStorAPI.dll 735c0000 139264 C:\Windows\system32\EhStorAPI.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Enhanced Storage API
NetworkItemFactory.dll 6cca0000 53248 C:\Windows\system32\NetworkItemFactory.dll 6.1.7600.16385 (win7_rtm.090713-1255) NetworkItem Factory
dtsh.dll 744f0000 45056 C:\Windows\system32\dtsh.dll 6.1.7600.16385 (win7_rtm.090713-1255) Detection and Sharing Status API
FirewallAPI.dll 74a80000 483328 C:\Windows\system32\FirewallAPI.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Firewall API
wpdshext.dll 68b70000 2326528 C:\Windows\system32\wpdshext.dll 6.1.7600.16385 (win7_rtm.090713-1255) Portable Devices Shell Extension
wbemprox.dll 70770000 40960 C:\Windows\system32\wbem\wbemprox.dll 6.1.7600.16385 (win7_rtm.090713-1255) WMI
wbemcomn.dll 709e0000 376832 C:\Windows\system32\wbemcomn.dll 6.1.7600.16385 (win7_rtm.090713-1255) WMI
wbemsvc.dll 70160000 61440 C:\Windows\system32\wbem\wbemsvc.dll 6.1.7600.16385 (win7_rtm.090713-1255) WMI
fastprox.dll 707a0000 614400 C:\Windows\system32\wbem\fastprox.dll 6.1.7600.16385 (win7_rtm.090713-1255) WMI Custom Marshaller
NTDSAPI.dll 70780000 98304 C:\Windows\system32\NTDSAPI.dll 6.1.7600.16385 (win7_rtm.090713-1255) Active Directory Domain Services API
FunDisc.dll 706d0000 176128 C:\Windows\system32\FunDisc.dll 6.1.7600.16385 (win7_rtm.090713-1255) Function Discovery Dll
fdproxy.dll 71f20000 40960 C:\Windows\system32\fdproxy.dll 6.1.7600.16385 (win7_rtm.090713-1255) Function Discovery Proxy Dll
fdwcn.dll 6a110000 94208 C:\Windows\System32\fdwcn.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Connect Now - Config Function Discovery Provider DLL
wcnapi.dll 6a0f0000 102400 C:\Windows\System32\wcnapi.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows Connect Now - API Helper DLL
fdWNet.dll 6a0e0000 36864 C:\Windows\system32\fdWNet.dll 6.1.7600.16385 (win7_rtm.090713-1255) Function Discovery WNet Provider Dll
audiodev.dll 69f20000 258048 C:\Windows\system32\audiodev.dll 6.1.7600.16385 (win7_rtm.090713-1255) Portable Media Devices Shell Extension
WMVCore.DLL 6e5b0000 2519040 C:\Windows\system32\WMVCore.DLL 12.0.7600.16385 (win7_rtm.090713-1255) Windows Media Playback/Authoring DLL
WMASF.DLL 6e570000 249856 C:\Windows\system32\WMASF.DLL 12.0.7600.16385 (win7_rtm.090713-1255) Windows Media ASF DLL
wshtcpip.dll 74b00000 20480 C:\Windows\System32\wshtcpip.dll 6.1.7600.16385 (win7_rtm.090713-1255) Winsock2 Helper DLL (TL/IPv4)
wship6.dll 74fd0000 24576 C:\Windows\System32\wship6.dll 6.1.7600.16385 (win7_rtm.090713-1255) Winsock2 Helper DLL (TL/IPv6)
mdnsNSP.dll 16080000 151552 C:\Program Files\Bonjour\mdnsNSP.dll 1,0,6,2 Bonjour Namespace Provider
fwpuclnt.dll 71d10000 229376 C:\Windows\System32\fwpuclnt.dll 6.1.7600.16385 (win7_rtm.090713-1255) FWP/IPsec User-Mode API
MSISIP.DLL 6c680000 32768 C:\Windows\system32\MSISIP.DLL 5.0.7600.16385 (win7_rtm.090713-1255) MSI Signature SIP Provider
wshext.dll 69f00000 90112 C:\Windows\system32\wshext.dll 5.8.7600.16385 Microsoft ® Shell Extension for Windows script Host
pwrshsip.dll 69ec0000 36864 C:\Windows\System32\WindowsPowerShell\v1.0\pwrshsip.dll 6.1.7600.16385 (win7_rtm.090713-1255) Crypto SIP provider for signing and verifying PowerShell script files (.ps1/.ps1xml)



******************************************
EOF

cbxlr8r
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2010-04-21
OS : Windows7
Points : 24248
# Likes : 0

View user profile

Back to top Go down

Re: backdoorTidserv!inf - Please - Need help removing on Windows7 Machine

Post by Belahzur on Fri Apr 23, 2010 10:21 pm

Hello.

Looks like you got lucky.

e:\Users\John\AppData\Local\Temp\H8SRTe8d.TMP <-- is a rootkit file, but the main rootkit driver doesn't seem present here, so you cut it close, but no infection here.

Okay, next:

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight Java(TM) 6 Update 18
  • Click on the Uninstall/Change button at the top.

Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u20-windows-i586.exe that you downloaded to install the newest version.

Please download [You must be registered and logged in to see this link.] and install it. It will install over version 3.6 you currently have installed, so you won't lose any bookmarked websites.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: backdoorTidserv!inf - Please - Need help removing on Windows7 Machine

Post by cbxlr8r on Sat Apr 24, 2010 1:14 am

It seems to be running fine.

I again ran a full scan this afternoon and Norton found nothing. While that really does not mean anything...it is the program that found the rootkit initially.

I thank you very much for your assistance. There seems to be a plethora of knowledge and experience here and it is much appreciated. Thank You!

cbxlr8r
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2010-04-21
OS : Windows7
Points : 24248
# Likes : 0

View user profile

Back to top Go down

Re: backdoorTidserv!inf - Please - Need help removing on Windows7 Machine

Post by Belahzur on Sat Apr 24, 2010 5:23 pm

Norton only found a file related to the rootkit, the actual rootkit driver isn't present so this looks good.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: backdoorTidserv!inf - Please - Need help removing on Windows7 Machine

Post by cbxlr8r on Sat Apr 24, 2010 11:10 pm

Thank you very much.

cbxlr8r
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2010-04-21
OS : Windows7
Points : 24248
# Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum