Trojan - FAKEAV

View previous topic View next topic Go down

Trojan - FAKEAV

Post by doveney on Sun 11 Jul 2010, 1:17 pm

Running Windows 7 on an Acer aspire 5536.

Getting constant pop up s stating that wuauclt.exe is infected. Have run Norton 360 but cannot find problem.


doveney

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-07-11
Operating System : Windows 7

View user profile

Back to top Go down

Re: Trojan - FAKEAV

Post by Sneakyone on Sun 11 Jul 2010, 1:27 pm

Hi, Welcome to GeekPolice.net!

Please download and run RKill.

Download mirror 1 - Download mirror 2 - Download mirror 3

  • Save it to your Desktop.
  • Double click the RKill desktop icon.
  • It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
  • Please post its log in your next reply.
  • After it has run successfully, delete RKill.

Note: This tool only kills the active infection, the actual infection will not be gone. Once you reboot the infection will be active again! Please do not reboot until instructed further to do so.

====

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\*.sys
    %systemroot%\system32\drivers\*.dll
    %systemroot%\system32\drivers\*.ini
    %systemroot%\system32\drivers\*.exe
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    %appdata%\*.*
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    disk.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    usbstor.sys
    /md5stop
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time


Note: in the event that OTL fails to run, please use alternate download links to try again:

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Trojan - FAKEAV

Post by doveney on Sun 11 Jul 2010, 5:34 pm

Thanks Sneakyone.

Unfortunately cannot use internet at all without getting message that the googletoolbaruser_32 is infected. have tried to bypass the proxy server, however unable to apply the change of settings.

Am using another laptop and have copied rkill to mem stick and unable to launch them- every time they start up - I get a message that rkill is infected and nothing is happening. Tried to check Task Manager to see if running in the background, however message pops up taskmanager.exe is infected.

Help

doveney

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-07-11
Operating System : Windows 7

View user profile

Back to top Go down

Re: Trojan - FAKEAV

Post by Sneakyone on Sun 11 Jul 2010, 5:49 pm

Hi,

Have you tried all the different filetypes?

If not, please try the others until one works.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Trojan - FAKEAV

Post by doveney on Sun 11 Jul 2010, 6:10 pm

tried them all.. messages I am getting are that they are all infected or conhost.exe is infected or application was unable to start correct (0xc0000142) Clik ok to close the application ( nircmdc.rkexe),

doveney

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-07-11
Operating System : Windows 7

View user profile

Back to top Go down

Re: Trojan - FAKEAV

Post by Sneakyone on Mon 12 Jul 2010, 4:35 am

Hi,

Please try each of these until they work:

1. [You must be registered and logged in to see this link.]

2. [You must be registered and logged in to see this link.]

3. [You must be registered and logged in to see this link.]

4. [You must be registered and logged in to see this link.]

Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Trojan - FAKEAV

Post by doveney on Tue 13 Jul 2010, 3:55 am

Sneaky. Have turned on the laptop and Norton has quarantined it picked it up and everything appears to be working.. including pop ups do you think I should still run SuperRKill??? Sorry not tech savy whatsoever so still needing your guidance



doveney

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-07-11
Operating System : Windows 7

View user profile

Back to top Go down

Re: Trojan - FAKEAV

Post by Sneakyone on Tue 13 Jul 2010, 4:01 am

Hi,

I imagine the infection is still there, try running OTL, then post the log here in multiple posts.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Trojan - FAKEAV

Post by doveney on Tue 13 Jul 2010, 4:38 am

OTL logfile created on: 12/07/2010 18:17:32 - Run 2
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Scott\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.99 Gb Total Space | 274.31 Gb Free Space | 60.16% Space Free | Partition Type: NTFS
Drive D: | 2.29 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SCOTT-PC
Current User Name: Scott
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/12 18:09:14 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.exe
PRC - [2010/01/27 01:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe
PRC - [2009/11/10 11:14:38 | 000,443,728 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2009/11/10 10:28:06 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/08/28 21:05:34 | 000,703,008 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
PRC - [2009/08/28 21:05:32 | 000,727,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2009/08/28 21:05:30 | 000,469,536 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
PRC - [2009/08/27 05:48:32 | 001,194,504 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2009/08/22 14:45:57 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/08/22 09:14:09 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2009/08/18 03:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/18 03:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 02:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2009/07/06 10:47:26 | 007,600,672 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009/06/12 13:34:16 | 001,414,144 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2009/06/02 11:10:08 | 000,637,952 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009/05/28 14:45:00 | 000,132,096 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009/04/27 14:30:54 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
PRC - [2009/04/27 14:30:52 | 000,434,856 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
PRC - [2009/04/01 21:06:08 | 000,249,600 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009/04/01 21:06:02 | 000,054,528 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/03/30 11:11:14 | 000,120,320 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008/12/18 13:51:34 | 000,075,048 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2008/10/27 12:05:28 | 000,306,736 | ---- | M] (EgisTec Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2008/10/27 12:05:24 | 000,346,672 | ---- | M] (EgisTec Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2008/10/21 10:26:10 | 003,068,352 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2008/10/21 10:26:10 | 001,032,640 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe
PRC - [2008/09/23 15:11:34 | 000,144,632 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2007/06/11 11:14:42 | 000,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxdiserv.exe


========== Modules (SafeList) ==========

MOD - [2010/07/12 18:09:14 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.exe
MOD - [2009/08/28 21:05:50 | 000,215,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\SysHook.dll
MOD - [2009/07/14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/06/12 06:56:28 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/10 10:28:06 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2009/08/28 21:05:32 | 000,727,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009/08/22 09:14:09 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2009/08/18 03:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/06/02 11:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/04/01 21:06:02 | 000,054,528 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/01/16 19:53:30 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008/12/18 13:51:34 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2008/10/27 12:05:28 | 000,306,736 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2008/10/21 10:26:10 | 003,068,352 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2008/09/23 15:11:34 | 000,144,632 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008/09/23 15:11:32 | 000,050,424 | ---- | M] (NewTech InfoSystems, Inc.) [On_Demand | Stopped] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2007/06/11 11:14:42 | 000,099,248 | ---- | M] () [Auto | Running] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe -- (lxdiCATSCustConnectService)


========== Driver Services (SafeList) ==========

DRV - [2010/05/28 20:33:19 | 000,344,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100709.001\IDSvix86.sys -- (IDSVix86)
DRV - [2010/05/26 09:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/26 09:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/10 09:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100712.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/10 09:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100712.003\NAVENG.SYS -- (NAVENG)
DRV - [2009/12/11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/10/26 03:17:02 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/08/22 09:14:09 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\ccHPx86.sys -- (ccHP)
DRV - [2009/08/22 09:14:09 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0308000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2009/08/22 09:14:09 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SRTSP.SYS -- (SRTSP)
DRV - [2009/08/22 09:14:09 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/08/22 09:14:09 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/08/22 09:14:09 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - [2009/08/22 09:14:09 | 000,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/08/22 09:14:09 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0308000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/08/22 09:13:59 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/08/18 04:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 00:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2009/07/13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/13 23:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/06 10:12:50 | 002,657,120 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/06/24 11:23:12 | 000,159,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2009/06/05 02:43:16 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2009/03/26 04:14:34 | 000,021,000 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2009/03/26 00:48:32 | 000,015,360 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2009/02/09 09:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/02/09 09:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/02/09 09:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/02/09 09:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/02/07 02:32:22 | 000,062,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2009/01/16 19:53:32 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2008/12/05 07:55:14 | 000,204,976 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/10/16 01:32:08 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2008/10/16 01:30:04 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2008/10/16 01:29:16 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/10/09 16:47:12 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2008/10/09 16:47:12 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2008/10/09 16:47:12 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2008/08/26 11:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/05/28 17:54:20 | 000,022,072 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2008/04/28 15:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008/01/31 02:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/01/28 01:07:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/24 22:14:59 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [lxdiamon] C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe ()
O4 - HKLM..\Run: [lxdimon.exe] C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe ()
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} [You must be registered and logged in to see this link.] (CPlayFirstFashionDasControl Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} [You must be registered and logged in to see this link.] (Pool Control)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {64CD313F-F079-4D93-959F-4D28B5519449} [You must be registered and logged in to see this link.] (Jeopardy Control)
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} [You must be registered and logged in to see this link.] (UnoCtrl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} [You must be registered and logged in to see this link.] (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} [You must be registered and logged in to see this link.] (ZPA_WheelOfFortune Object)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} [You must be registered and logged in to see this link.] (MSN Games Texas Holdem Poker)
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} [You must be registered and logged in to see this link.] (ZPA_SHVL Object)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} [You must be registered and logged in to see this link.] (MSN Games - Installer)
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} [You must be registered and logged in to see this link.] (CBankshotZoneCtrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} [You must be registered and logged in to see this link.] (TikGames Online Control)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [You must be registered and logged in to see this link.] (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} [You must be registered and logged in to see this link.] (MSN Games Backgammon)
O16 - DPF: Garmin Communicator Plug-In [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img31.jpg
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/08/05 08:54:06 | 000,000,050 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{2e675ca1-22fd-11df-aa1e-001f16a27e05}\Shell - "" = AutoRun
O33 - MountPoints2\{2e675ca1-22fd-11df-aa1e-001f16a27e05}\Shell\AutoRun\command - "" = E:\NokiaPCIA_Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ArcadeDeluxeAgent - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
MsConfig - StartUpReg: EgisTecLiveUpdate - hkey= - key= - C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.)
MsConfig - StartUpReg: EverioService - hkey= - key= - C:\Program Files\CyberLink\PCM4Everio\EverioService.exe (CyberLink Corp.)
MsConfig - StartUpReg: FaxCenterServer - hkey= - key= - C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: kdx - hkey= - key= - C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
MsConfig - StartUpReg: lxdiamon - hkey= - key= - C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe ()
MsConfig - StartUpReg: lxdimon.exe - hkey= - key= - C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe ()
MsConfig - StartUpReg: NSLauncher - hkey= - key= - C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe ()
MsConfig - StartUpReg: PlayMovie - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
MsConfig - StartUpReg: PLFSetI - hkey= - key= - C:\Windows\PLFSetI.exe ()
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

doveney

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-07-11
Operating System : Windows 7

View user profile

Back to top Go down

Re: Trojan - FAKEAV

Post by doveney on Tue 13 Jul 2010, 4:39 am

Part 2

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2010/07/12 18:09:05 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.exe
[2010/07/11 03:45:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/07/11 03:45:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/07/11 03:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/11 03:45:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/11 03:08:39 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/07/11 00:47:28 | 000,000,000 | R--D | C] -- C:\Program Files\Norton Support
[2010/07/10 23:15:54 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\vxacdycuc
[2010/07/10 19:26:06 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Yummy
[2010/07/10 19:25:34 | 000,000,000 | ---D | C] -- C:\Metaboli
[2010/07/10 19:25:33 | 000,258,440 | ---- | C] (Yummy Interactive Inc.) -- C:\Windows\System32\YProx.ocx
[2010/07/10 19:25:33 | 000,040,040 | ---- | C] (Yummy Interactive Inc.) -- C:\Windows\System32\syschkvc.dll
[2010/07/10 19:25:32 | 000,292,208 | ---- | C] (Yummy Interactive, Inc.) -- C:\Windows\System32\YSys.dll
[2010/07/10 19:25:32 | 000,000,000 | ---D | C] -- C:\Program Files\Metaboli Player
[2010/06/28 16:31:11 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\JollyBear
[2010/06/28 16:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\JollyBear
[2010/06/28 15:30:33 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\EA
[2010/06/26 19:28:24 | 000,000,000 | ---D | C] -- C:\Users\Scott\Documents\MumboJumbo
[2010/06/26 19:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\MumboJumbo
[2010/06/24 03:09:57 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/06/24 03:09:57 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/06/24 03:09:57 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/06/23 04:04:35 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010/06/23 04:04:34 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010/06/23 04:04:34 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/06/23 04:04:34 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010/06/19 08:03:47 | 000,000,000 | R--D | C] -- C:\Users\Scott\Documents\Scanned Documents
[2010/06/19 08:03:47 | 000,000,000 | ---D | C] -- C:\Users\Scott\Documents\Fax
[2010/06/17 20:41:27 | 000,000,000 | ---D | C] -- C:\Users\Scott\Documents\JVC
[2010/01/31 11:07:58 | 001,187,840 | ---- | C] ( ) -- C:\Windows\System32\lxdiserv.dll
[2010/01/31 11:07:58 | 000,942,080 | ---- | C] ( ) -- C:\Windows\System32\lxdiusb1.dll
[2010/01/31 11:07:58 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdiinpa.dll
[2010/01/31 11:07:58 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdiiesc.dll
[2010/01/31 11:07:58 | 000,311,296 | ---- | C] ( ) -- C:\Windows\System32\lxdihcp.dll
[2010/01/31 11:07:57 | 000,671,744 | ---- | C] ( ) -- C:\Windows\System32\lxdihbn3.dll
[2010/01/31 11:07:57 | 000,614,400 | ---- | C] ( ) -- C:\Windows\System32\lxdipmui.dll
[2010/01/31 11:07:57 | 000,532,480 | ---- | C] ( ) -- C:\Windows\System32\lxdilmpm.dll
[2010/01/31 11:07:57 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdiprox.dll
[2010/01/31 11:07:57 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdipplc.dll
[2010/01/31 11:07:56 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdicomm.dll
[2010/01/31 11:07:55 | 000,765,952 | ---- | C] ( ) -- C:\Windows\System32\lxdicomc.dll
[2009/05/28 19:03:47 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/12 18:17:42 | 003,670,016 | -HS- | M] () -- C:\Users\Scott\NTUSER.DAT
[2010/07/12 18:09:14 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.exe
[2010/07/12 17:53:46 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/12 17:53:46 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/12 17:46:45 | 000,726,316 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/12 17:46:45 | 000,628,460 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/12 17:46:45 | 000,110,612 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/12 17:43:15 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/12 17:41:41 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/12 17:41:39 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/12 17:41:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/12 17:41:14 | 2313,965,568 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/11 08:44:07 | 003,080,772 | -H-- | M] () -- C:\Users\Scott\AppData\Local\IconCache.db
[2010/07/11 07:48:24 | 000,363,520 | ---- | M] () -- C:\Users\Scott\Documents\rkill.com
[2010/07/11 07:48:24 | 000,363,520 | ---- | M] () -- C:\Users\Scott\Desktop\rkill.com
[2010/07/11 07:38:31 | 000,000,615 | ---- | M] () -- C:\Users\Scott\Desktop\rkill3.scr - Shortcut.lnk
[2010/07/11 07:38:27 | 000,000,300 | ---- | M] () -- C:\Users\Scott\Desktop\rkill2.exe - Shortcut.lnk
[2010/07/11 04:32:05 | 000,002,716 | ---- | M] () -- C:\Users\Scott\AppData\Local\ulowopoze.dll
[2010/07/11 04:24:25 | 000,002,716 | ---- | M] () -- C:\Users\Scott\AppData\Local\evuketom.dll
[2010/07/11 04:17:22 | 000,000,615 | ---- | M] () -- C:\Users\Scott\Desktop\rkill3 - Shortcut.lnk
[2010/07/11 04:16:36 | 000,000,300 | ---- | M] () -- C:\Users\Scott\Desktop\rkill2 - Shortcut.lnk
[2010/07/11 04:12:04 | 000,363,520 | ---- | M] () -- C:\Users\Scott\Documents\rkill3.scr
[2010/07/11 04:12:04 | 000,363,520 | ---- | M] () -- C:\Users\Scott\Desktop\rkill3.scr
[2010/07/11 04:11:46 | 000,363,520 | ---- | M] () -- C:\Users\Scott\Documents\rkill2.exe
[2010/07/11 04:11:46 | 000,363,520 | ---- | M] () -- C:\Users\Scott\Desktop\rkill2.exe
[2010/07/11 03:45:53 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/11 03:11:46 | 000,002,716 | ---- | M] () -- C:\Users\Scott\AppData\Local\eyebaguwimuwese.dll
[2010/07/11 03:08:22 | 195,444,806 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/07/11 01:06:45 | 000,002,716 | ---- | M] () -- C:\Users\Scott\AppData\Local\eqavuyub.dll
[2010/07/10 23:49:33 | 000,002,716 | ---- | M] () -- C:\Users\Scott\AppData\Local\upudajugaborovom.dll
[2010/07/10 23:30:58 | 000,002,716 | ---- | M] () -- C:\Users\Scott\AppData\Local\upayolax.dll
[2010/07/10 23:17:26 | 000,000,000 | ---- | M] () -- C:\Users\Scott\AppData\Local\ekagofud.dll
[2010/07/10 19:25:35 | 000,000,132 | ---- | M] () -- C:\Users\Scott\Desktop\Video Games.url
[2010/07/02 22:44:33 | 000,002,161 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/06/24 17:52:07 | 000,000,998 | ---- | M] () -- C:\Users\Scott\AppData\Roaming\wklnhst.dat
[2010/06/22 19:54:56 | 000,031,744 | ---- | M] () -- C:\Users\Scott\Agenda 24 June 10.doc
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/11 08:08:56 | 000,363,520 | ---- | C] () -- C:\Users\Scott\Documents\rkill.com
[2010/07/11 08:08:53 | 000,363,520 | ---- | C] () -- C:\Users\Scott\Documents\rkill2.exe
[2010/07/11 08:08:45 | 000,363,520 | ---- | C] () -- C:\Users\Scott\Documents\rkill3.scr
[2010/07/11 07:51:24 | 000,363,520 | ---- | C] () -- C:\Users\Scott\Desktop\rkill.com
[2010/07/11 07:39:16 | 000,363,520 | ---- | C] () -- C:\Users\Scott\Desktop\rkill3.scr
[2010/07/11 07:39:15 | 000,363,520 | ---- | C] () -- C:\Users\Scott\Desktop\rkill2.exe
[2010/07/11 07:38:31 | 000,000,615 | ---- | C] () -- C:\Users\Scott\Desktop\rkill3.scr - Shortcut.lnk
[2010/07/11 07:38:27 | 000,000,300 | ---- | C] () -- C:\Users\Scott\Desktop\rkill2.exe - Shortcut.lnk
[2010/07/11 04:32:05 | 000,002,716 | ---- | C] () -- C:\Users\Scott\AppData\Local\ulowopoze.dll
[2010/07/11 04:24:25 | 000,002,716 | ---- | C] () -- C:\Users\Scott\AppData\Local\evuketom.dll
[2010/07/11 04:17:22 | 000,000,615 | ---- | C] () -- C:\Users\Scott\Desktop\rkill3 - Shortcut.lnk
[2010/07/11 04:16:36 | 000,000,300 | ---- | C] () -- C:\Users\Scott\Desktop\rkill2 - Shortcut.lnk
[2010/07/11 03:45:53 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/11 03:11:46 | 000,002,716 | ---- | C] () -- C:\Users\Scott\AppData\Local\eyebaguwimuwese.dll
[2010/07/11 01:06:45 | 000,002,716 | ---- | C] () -- C:\Users\Scott\AppData\Local\eqavuyub.dll
[2010/07/10 23:49:33 | 000,002,716 | ---- | C] () -- C:\Users\Scott\AppData\Local\upudajugaborovom.dll
[2010/07/10 23:30:58 | 000,002,716 | ---- | C] () -- C:\Users\Scott\AppData\Local\upayolax.dll
[2010/07/10 23:17:26 | 000,000,000 | ---- | C] () -- C:\Users\Scott\AppData\Local\ekagofud.dll
[2010/07/10 19:25:35 | 000,000,132 | ---- | C] () -- C:\Users\Scott\Desktop\Video Games.url
[2010/07/10 19:25:33 | 000,000,146 | ---- | C] () -- C:\Windows\System32\syschkvc.dll.manifest
[2010/07/10 19:25:32 | 000,352,648 | ---- | C] () -- C:\Windows\System32\SysCheck2.dll
[2010/07/10 19:25:32 | 000,112,460 | ---- | C] () -- C:\user.js
[2010/06/22 19:54:56 | 000,031,744 | ---- | C] () -- C:\Users\Scott\Agenda 24 June 10.doc
[2010/01/31 11:07:58 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxdiinst.dll
[2010/01/31 11:07:57 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdigrd.dll
[2010/01/28 07:24:28 | 000,000,000 | ---- | C] () -- C:\Windows\Setup.INI
[2009/12/12 08:56:46 | 000,000,110 | ---- | C] () -- C:\Windows\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
[2009/08/28 12:31:29 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXF3PMON.DLL
[2009/08/28 12:31:29 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxf3oem.dll
[2009/08/28 12:31:29 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXF3FXPU.DLL
[2009/08/28 12:31:28 | 000,012,288 | ---- | C] () -- C:\Windows\System32\LXF3PMRC.DLL
[2009/08/23 09:05:25 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/05/28 11:47:23 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009/05/28 11:17:28 | 000,000,074 | ---- | C] () -- C:\Windows\PidList.ini
[2009/02/21 01:26:15 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009/02/21 01:26:15 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009/02/21 01:26:14 | 000,000,061 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009/02/21 01:26:14 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2007/03/30 11:13:24 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxdicoin.dll
[2007/03/23 16:44:46 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxdidrs.dll
[2007/02/09 15:07:06 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdicnv4.dll
[2007/01/23 20:40:16 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxdicaps.dll
[2006/08/01 02:53:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdivs.dll

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 02:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\LocationApi.dll

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.sys >
[2009/07/13 22:40:41 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
[2009/07/14 02:26:21 | 000,249,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2009/07/13 22:40:44 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
[2009/07/13 22:40:40 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
[2009/07/13 22:40:43 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
[2009/07/13 22:40:43 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
[2009/07/13 22:40:23 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
[2009/07/13 22:40:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
[2009/07/13 22:40:35 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS
[2009/07/13 22:40:39 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS
[2009/07/13 22:40:27 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS
[2009/07/13 22:40:11 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS
[2009/07/13 22:40:15 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS
[2009/07/13 22:40:17 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS
[2009/07/13 22:40:19 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS
[2009/07/13 22:40:13 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS
[2010/05/01 15:49:25 | 002,326,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\system32\drivers\*.dll >
[2009/08/18 02:37:56 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\ati2erec.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2009/06/10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/01/28 08:42:39 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/06/10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/07/12 17:41:14 | 2313,965,568 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/26 18:26:51 | 000,000,200 | ---- | M] () -- C:\lxdi.log
[2010/07/12 17:41:19 | 3085,287,424 | -HS- | M] () -- C:\pagefile.sys
[2009/04/21 00:17:22 | 000,001,887 | -HS- | M] () -- C:\Patch.rev
[2009/02/24 03:31:32 | 000,000,151 | RHS- | M] () -- C:\Preload.rev
[2010/01/28 07:25:51 | 000,003,146 | ---- | M] () -- C:\RHDSetup.log
[2010/07/11 08:25:36 | 000,000,268 | ---- | M] () -- C:\rkill.log
[2010/05/18 09:59:22 | 000,112,460 | ---- | M] () -- C:\user.js

< %PROGRAMFILES%\*. >
[2010/01/28 00:51:12 | 000,000,000 | ---D | M] -- C:\Program Files\Abbyy FineReader 6.0 Sprint
[2010/01/28 00:51:13 | 000,000,000 | ---D | M] -- C:\Program Files\Acer
[2010/01/28 00:52:43 | 000,000,000 | ---D | M] -- C:\Program Files\Acer Arcade Deluxe
[2010/01/28 00:54:18 | 000,000,000 | ---D | M] -- C:\Program Files\Acer GameZone
[2010/01/28 00:54:29 | 000,000,000 | ---D | M] -- C:\Program Files\Acer Inc
[2010/01/28 00:54:33 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/01/28 00:54:38 | 000,000,000 | ---D | M] -- C:\Program Files\AMD
[2010/01/28 00:54:39 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/01/28 00:54:40 | 000,000,000 | ---D | M] -- C:\Program Files\ATI
[2010/01/28 00:54:42 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2010/05/11 14:30:28 | 000,000,000 | ---D | M] -- C:\Program Files\BBC iPlayer Desktop
[2010/01/28 00:54:53 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/01/28 00:54:53 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2010/01/28 00:56:01 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/01/28 00:46:52 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2010/01/28 00:56:01 | 000,000,000 | ---D | M] -- C:\Program Files\Convesoft
[2010/01/28 00:58:58 | 000,000,000 | ---D | M] -- C:\Program Files\Cyberlink
[2010/01/28 00:58:59 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2010/01/28 00:59:00 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Photo Navigator 1.5
[2009/07/14 08:49:36 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
[2010/01/28 00:59:00 | 000,000,000 | ---D | M] -- C:\Program Files\EgisTec
[2010/01/28 00:59:18 | 000,000,000 | ---D | M] -- C:\Program Files\EgisTec Egis Software Update
[2010/01/28 00:59:19 | 000,000,000 | ---D | M] -- C:\Program Files\Eidos
[2010/01/28 07:27:13 | 000,000,000 | ---D | M] -- C:\Program Files\eSobi
[2010/01/28 01:03:15 | 000,000,000 | ---D | M] -- C:\Program Files\Free Download Manager
[2010/07/11 01:03:38 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/01/28 01:04:13 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/06/11 03:21:21 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/01/28 01:04:14 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/01/28 01:05:16 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/01/28 01:05:16 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/01/28 01:05:31 | 000,000,000 | ---D | M] -- C:\Program Files\Kontiki
[2010/01/28 07:24:18 | 000,000,000 | ---D | M] -- C:\Program Files\Launch Manager
[2010/01/28 01:05:35 | 000,000,000 | ---D | M] -- C:\Program Files\LeapFrog
[2010/02/26 18:34:35 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark 3500-4500 Series
[2010/01/28 01:06:03 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark Fax Solutions
[2010/07/11 03:45:54 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/10 19:25:35 | 000,000,000 | ---D | M] -- C:\Program Files\Metaboli Player
[2010/01/28 01:06:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2010/01/31 10:41:17 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2010/01/28 01:06:25 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/01/28 01:06:39 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Suite Activation Assistant
[2010/06/06 13:14:54 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/01/28 01:06:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/01/28 01:06:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2010/01/28 01:07:03 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/06/25 19:30:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2009/07/14 05:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/01/28 01:07:09 | 000,000,000 | ---D | M] -- C:\Program Files\NewTech Infosystems
[2010/01/28 01:07:44 | 000,000,000 | ---D | M] -- C:\Program Files\Nokia
[2010/01/28 01:08:04 | 000,000,000 | ---D | M] -- C:\Program Files\Norton 360
[2010/07/11 00:47:29 | 000,000,000 | R--D | M] -- C:\Program Files\Norton Support
[2010/01/28 01:08:05 | 000,000,000 | ---D | M] -- C:\Program Files\NortonInstaller
[2010/01/28 01:08:06 | 000,000,000 | ---D | M] -- C:\Program Files\PC Connectivity Solution
[2010/01/31 10:41:18 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/06/19 19:30:28 | 000,000,000 | ---D | M] -- C:\Program Files\RealArcade
[2010/01/28 00:45:18 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/07/14 05:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/06/07 20:08:56 | 000,000,000 | ---D | M] -- C:\Program Files\ReflexiveArcade
[2010/06/07 20:09:43 | 000,000,000 | ---D | M] -- C:\Program Files\SKIPBO Castaway Caper
[2010/01/28 01:08:27 | 000,000,000 | ---D | M] -- C:\Program Files\Sky
[2010/01/28 01:08:27 | 000,000,000 | ---D | M] -- C:\Program Files\Sports Interactive
[2010/01/28 01:08:49 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2010/01/28 00:47:32 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2010/01/28 01:08:49 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2010/01/28 01:08:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2009/07/14 05:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/07/14 08:49:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2010/01/28 01:08:53 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2010/01/28 01:08:54 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/05/12 04:05:19 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/01/31 10:41:19 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/07/14 05:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/07/14 05:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
[2009/07/14 05:52:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009/07/14 05:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2010/01/28 01:08:58 | 000,000,000 | -H-D | M] -- C:\Program Files\Zero G Registry

< %appdata%\*.* >
[2010/06/24 17:52:07 | 000,000,998 | ---- | M] () -- C:\Users\Scott\AppData\Roaming\wklnhst.dat


< MD5 for: AGP440.SYS >
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: AHCIX86S.SYS >
[2008/10/03 18:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\$WINDOWS.~Q\DATA\Windows\System32\drivers\ahcix86s.sys
[2008/10/03 18:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\Acer\Preload\Autorun\DRV\ATIVGA\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/07/14 02:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\drivers\disk.sys
[2009/07/14 02:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_x86_neutral_b431b61a11f8df6c\disk.sys
[2009/07/14 02:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_f99cd807d58018cb\disk.sys

< MD5 for: IASTOR.SYS >
[2009/06/05 02:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009/06/05 02:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys
[2009/06/05 02:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_10aa509d6843c6fc\iaStor.sys

< MD5 for: IASTORV.SYS >
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< MD5 for: USBSTOR.SYS >
[2009/07/14 00:51:19 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=D8889D56E0D27E57ED4591837FE71D27 -- C:\Windows\System32\drivers\USBSTOR.SYS
[2009/07/14 00:51:19 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=D8889D56E0D27E57ED4591837FE71D27 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_x86_neutral_83027f5d5b2468d3\USBSTOR.SYS
[2009/07/14 00:51:19 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=D8889D56E0D27E57ED4591837FE71D27 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.1.7600.16385_none_485ca4d9f926b0b4\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-12 16:50:33

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:DCAF903C
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:BB24555F
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:B203B914
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:3064D21D
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:4F636E25
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:131C0EE9
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:B623B5B8
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:9E22BBE8
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:E1982A23
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:F7862839
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:CE0A077E
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:8750DCE4
@Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:814B9485
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:35759C73

< End of report >

doveney

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-07-11
Operating System : Windows 7

View user profile

Back to top Go down

Re: Trojan - FAKEAV

Post by Sneakyone on Tue 13 Jul 2010, 4:58 am

Hi,

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code:

    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

    :Files
    C:\Users\Scott\AppData\Local\vxacdycuc
    C:\Users\Scott\AppData\Local\ulowopoze.dll
    C:\Users\Scott\AppData\Local\evuketom.dll
    C:\Users\Scott\AppData\Local\eyebaguwimuwese.dll
    C:\Users\Scott\AppData\Local\eqavuyub.dll
    C:\Users\Scott\AppData\Local\upudajugaborovom.dll
    C:\Users\Scott\AppData\Local\upayolax.dll
    C:\Users\Scott\AppData\Local\ekagofud.dll

    :commands
    [Emptytemp]
    [resethosts]
    [reboot]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If this fix becomes unresponsive, please move on to ComboFix.

==========

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Trojan - FAKEAV

Post by doveney on Tue 13 Jul 2010, 6:54 am

ComboFix 10-07-11.07 - Scott 12/07/2010 20:18:05.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2942.1991 [GMT 1:00]
Running from: c:\users\Scott\Desktop\commy.exe
Command switches used :: /stepdel
.

((((((((((((((((((((((((( Files Created from 2010-06-12 to 2010-07-12 )))))))))))))))))))))))))))))))
.

2010-07-12 19:35 . 2010-07-12 19:35 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-12 19:35 . 2010-07-12 19:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-12 19:15 . 2010-07-12 19:16 -------- d-----w- C:\32788R22FWJFW
2010-07-12 18:35 . 2010-07-12 18:35 -------- d-----w- C:\_OTL
2010-07-11 02:45 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-11 02:45 . 2010-07-11 02:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-11 02:45 . 2010-07-11 02:45 -------- d-----w- c:\programdata\Malwarebytes
2010-07-11 02:45 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-10 23:47 . 2010-07-10 23:47 -------- d-----r- c:\program files\Norton Support
2010-07-10 18:26 . 2010-07-10 18:40 -------- d-----w- c:\users\Scott\AppData\Local\Yummy
2010-07-10 18:25 . 2010-07-10 18:25 -------- d-----w- C:\Metaboli
2010-07-10 18:25 . 2008-08-20 14:20 40040 ----a-w- c:\windows\system32\syschkvc.dll
2010-07-10 18:25 . 2010-07-10 18:25 -------- d-----w- c:\program files\Metaboli Player
2010-07-10 18:25 . 2010-04-19 11:54 292208 ----a-w- c:\windows\system32\YSys.dll
2010-07-10 18:25 . 2009-10-13 14:37 352648 ----a-w- c:\windows\system32\SysCheck2.dll
2010-06-28 15:31 . 2010-06-28 15:31 -------- d-----w- c:\users\Scott\AppData\Local\JollyBear
2010-06-28 15:31 . 2010-06-28 15:31 -------- d-----w- c:\programdata\JollyBear
2010-06-28 14:30 . 2010-06-28 14:30 -------- d-----w- c:\users\Scott\AppData\Roaming\EA
2010-06-26 18:28 . 2010-06-26 18:28 -------- d-----w- c:\programdata\MumboJumbo
2010-06-24 02:09 . 2009-11-25 11:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-24 02:09 . 2009-11-25 11:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 02:09 . 2009-11-25 11:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 02:09 . 2009-11-25 11:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 02:09 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 12:14 . 2010-06-23 12:14 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb4C2B.tmp.exe
2010-06-23 03:04 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-06-23 03:04 . 2010-05-09 09:14 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-06-23 03:04 . 2010-05-09 09:14 417792 ----a-w- c:\windows\system32\msdri.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-12 19:36 . 2009-09-22 20:56 -------- d-----w- c:\programdata\Kontiki
2010-07-11 00:03 . 2009-08-22 13:45 -------- d-----w- c:\program files\Google
2010-06-25 18:30 . 2009-02-23 17:47 -------- d-----w- c:\program files\Microsoft.NET
2010-06-24 16:52 . 2009-08-23 07:36 998 ----a-w- c:\users\Scott\AppData\Roaming\wklnhst.dat
2010-06-19 18:30 . 2010-06-06 21:36 -------- d-----w- c:\program files\RealArcade
2010-06-11 02:06 . 2009-02-23 17:45 -------- d-----w- c:\programdata\Microsoft Help
2010-06-07 19:09 . 2010-06-07 19:09 -------- d-----w- c:\program files\SKIPBO Castaway Caper
2010-06-07 19:08 . 2010-06-07 19:08 -------- d-----w- c:\program files\ReflexiveArcade
2010-06-06 21:38 . 2010-06-06 21:38 -------- d-----w- c:\users\Scott\AppData\Roaming\Skip-Bo
2010-06-06 21:38 . 2010-06-06 21:38 -------- d-----w- c:\programdata\Trymedia
2010-06-06 12:14 . 2009-08-29 20:29 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-27 21:54 . 2010-05-27 21:51 -------- d-----w- c:\users\Scott\AppData\Roaming\GARMIN
2010-05-27 07:24 . 2010-06-10 05:27 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-10 05:27 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 13:14 . 2009-10-02 19:17 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 05:18 . 2010-06-10 05:27 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-01 14:49 . 2010-06-10 05:28 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 07:13 . 2010-05-25 19:45 2048 ----a-w- c:\windows\system32\tzres.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-10-27 11:05 40496 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-22 68856]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-10-21 1032640]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-06 7600672]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-06 1833504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-28 703008]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-01 249600]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-11-10 443728]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2008-10-27 346672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-29 149280]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-27 1194504]
"lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2009-04-27 434856]
"lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2009-04-27 25256]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 02:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent]
2009-01-20 23:41 156968 ----a-w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2009-01-20 23:41 202024 ----a-w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisTecLiveUpdate]
2008-10-27 14:09 199464 ----a-w- c:\program files\EgisTec Egis Software Update\EgisUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
2007-11-01 16:13 151552 ----a-w- c:\program files\Cyberlink\PCM4Everio\EverioService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2007-07-16 16:54 311984 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 15:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
2008-10-21 09:26 1032640 ----a-w- c:\program files\Kontiki\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdiamon]
2009-04-27 13:30 25256 ----a-w- c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdimon.exe]
2009-04-27 13:30 434856 ----a-w- c:\program files\Lexmark 3500-4500 Series\lxdimon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
2007-08-02 14:30 3096576 ----a-w- c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2008-12-26 16:30 173288 ----a-w- c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI]
2009-05-28 10:17 200704 ----a-w- c:\windows\PLFSetI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 00:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-03-18 20:34 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-22 13:45 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-23 135664]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-12 1343400]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2009-08-22 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2009-08-22 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2009-08-22 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100709.001\IDSvix86.sys [2010-05-28 344112]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-18 75048]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-28 727584]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-06-11 99248]
S2 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2008-10-09 19504]
S2 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2008-10-09 16432]
S2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-10-09 59952]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2008-10-27 306736]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2009-08-22 117640]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-01 54528]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [2009-08-22 48688]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-28 22072]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
Contents of the 'Scheduled Tasks' folder

2010-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-23 19:59]

2010-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-23 19:59]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Download all with Free Download Manager - [You must be registered and logged in to see this link.] files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - [You must be registered and logged in to see this link.] files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - [You must be registered and logged in to see this link.] files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - [You must be registered and logged in to see this link.] files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: Garmin Communicator Plug-In - [You must be registered and logged in to see this link.]
DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} - [You must be registered and logged in to see this link.]
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"=""c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe" /s "N360" /m "c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1894570463-908229038-4136380979-1000\Software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC]
@Denied: (C D) (Everyone)

[HKEY_USERS\S-1-5-21-1894570463-908229038-4136380979-1000\Software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Endpoints]
@Denied: (C D) (Everyone)
"{96F45B4D-0661-4C56-B746-1BB3C6054B25}"=""
"{9AD7D329-6DAB-4CDC-96AA-26F7795EC644}"=""
"{DBFE6909-7024-4FA7-B1CF-D2E9762C96EE}"=""
"{8A50EE60-6CE8-4999-81FB-56E61B610E17}"=""
"{D77C22D5-4F87-4ACC-A7F3-8B877ED460F0}"=""
"{D03FF734-EDC7-4400-86C3-E4679322E5FD}"=""
"{1FE43703-60E7-4ACF-B6D6-D9C4CD7414A0}"=""
"{D8739438-BB88-4672-94BD-D11C419CDC17}"=""
"{C8E2F36C-3637-4C2C-BAC7-12B87E0C9332}"=""
"{586F95E0-2D1F-4ABA-94CE-114D94ACF8FE}"=""
"{13001976-7C6D-451E-B8ED-F7B508044D39}"=""
"{FF6588E7-C28E-47C5-85A8-9C5BA38E5ABA}"=""
"{9445B836-0523-4CF5-AD07-2DAD0F835265}"=""
"{9ADD4E9A-0D39-451B-84C3-B552231B7A88}"=""
"{23ADBFD6-882F-49C0-8635-F98716B58AC5}"=""
"{285ACE9A-E868-41CF-9A99-37D6AE451BD8}"=""
"{330A6CDC-51D2-4675-B35E-279AA7575B64}"=""
"{C68D9E83-1C95-456E-9605-A785FEA3577C}"=""
"{0EE0962C-68FF-4423-861A-6CC8FA862254}"=""
"{009F3ABA-702C-4A09-89EC-89CD73EC974E}"=""
"{B86D5017-755E-4A34-8453-3B071C5CEE03}"=""
"{F5881296-7B3B-4E35-8A64-EB45ED079E8F}"=""
"{EE940057-4CAC-4A1F-8E58-E14BE948E976}"=""
"{E70131F9-F583-4E40-A948-FC9529DA555C}"=""
"{32C962D5-592D-42DF-AB51-C107FE0CDF30}"=""
"{3C3D2924-3B0A-4915-A9A3-2BD2A4BDECDE}"=""
"{063737EC-5DBD-4E9D-BD60-F3A8C3631147}"=""
"{B78E736D-F2C3-4B59-9F66-97FF77FCEC7D}"=""
"{DBB5EF1E-F60F-41A1-A13B-E2484991FB6C}"=""
"{5304E93F-3C5F-4FD1-9A58-24196905B152}"=""
"{C760DB1B-729A-41E5-A236-F9CF838E1C22}"=""
"{057D4C1B-40D8-459C-B015-1A4F0D44B894}"=""
"{F15CBB28-3713-49B2-99F6-FEC97C0B1817}"=""
"{CC7DC923-4CB5-4420-9EC1-981DD79E0B6B}"=""
"{50FDB9B9-5462-4F08-AAF7-DFE0BE438840}"=""
"{8345C108-C8C7-48DB-9842-DE4A4D6A8370}"=""
"{C5C254B1-2599-43AD-8F39-9D157CBD4711}"=""
"{01C5AD0E-3C98-4412-B625-ABCF3781D0B3}"=""
"{9D98D841-B211-4FB1-80FC-A32A68C7ABFF}"=""
"{3A210CC7-5043-45BD-B872-2EB0D573E66E}"=""
"{5A4AFFF0-9D9F-462F-B273-F1835A3B0EE3}"=""
"{CB0AEB59-8812-4E54-8157-B9EACFEA5F11}"=""
"{097C521C-48EA-405A-A963-14A7777BB72F}"=""
"{4213F008-3AA0-49AD-9C4A-D42148B37F1B}"=""
"{E2B0CA0E-DCC6-41BF-B978-227978D34FA4}"=""
"{F841F0ED-9104-4482-82F9-D1F5399F26DE}"=""
"{BF54F8A8-76D6-4689-9A3E-8077CBD29422}"=""
"{5538B00D-7390-477D-B9A7-FCBB41B228AE}"=""
"{3E6DBB82-44B2-4077-B2B5-08A32AF7C652}"=""
"{41BD0510-4BF2-4418-9931-750AD2C653F8}"=""
"{6F4C33B0-4652-455A-ACCE-A574C22B6B55}"=""
"{753E09EC-86EF-40F1-A472-81F224053D18}"=""
"{61DBDF59-00F0-47D1-9D93-52824906BDB5}"=""
"{C0CACCCD-CBB7-4DA5-B704-1421DBD2D14E}"=""
"{332DA3EF-C36F-4710-9BCC-DB9A6973B0B7}"=""
"{988E6805-30B6-4D88-BD52-B5B8A82E4E1E}"=""
"{E4D54026-0837-4AE3-A761-33BE7EC9A8BB}"=""
"{C1B4D289-CEA1-4615-A452-95C20B91B5F9}"=""
"{D5145CF7-4900-48B7-B384-50DC48090D58}"=""
"{10218349-D2E4-47E5-81B9-5205F54A76FF}"=""
"{5E4E6066-66C2-49F2-B855-A51F01613973}"=""
"{4EAC06B0-C0DA-400E-9C3D-5B40BD2D8EBB}"=""
"{C47D8C81-C974-4302-B7B5-ED2844030AE0}"=""
"{4B5C5D35-A48D-4AD0-9A46-A97EF8FE1511}"=""
"{788B8EE1-9E77-43CB-B85B-562BDAE60746}"=""
"{B2DA17C8-CCF5-4132-9CDB-A0DF57026F01}"=""
"{764D3BD1-ABBE-4CEE-A1F3-DADA72F7537E}"=""

[HKEY_USERS\S-1-5-21-1894570463-908229038-4136380979-1000\Software\SecuROM\License information*]
"datasecu"=hex:52,97,6f,ea,c6,de,a5,01,fc,25,19,32,1f,57,47,e0,88,bf,88,e0,a5,
87,6f,b8,e0,fb,27,f9,5d,97,d1,f4,14,d3,a3,86,48,4a,13,c8,3e,0a,cb,37,7c,c1,\
"rkeysecu"=hex:cb,10,f7,8f,90,21,e1,b7,a2,8c,f9,9f,9a,d8,bf,98

[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC]
@Denied: (C D) (Everyone)

[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Channels]
@Denied: (C D) (Everyone)
"ccSvcHst_UserSession_3676"="{EB8E77B2-2AD9-4D08-B183-9AA97CB31C6E}"
"ccSvcHst_UserSession_3876"="{0FCD07C3-8C15-4CD5-94E9-E4AAD5865958}"
"clt::AlertChannel_01"="{0FCD07C3-8C15-4CD5-94E9-E4AAD5865958}"
"ccSvcHst_UserSession_5500"="{D9F244FD-C844-4E69-84B2-7F44E69EC27C}"
"ccSvcHst_UserSession_3996"="{A0FE2799-8455-4571-8537-D148D7EC8C96}"
"ccSvcHst_UserSession_3092"="{4BE3BF0A-A6B1-4B3B-B4CF-48B30E136082}"
"ccSvcHst_UserSession_3924"="{0DADA48F-1A43-4126-A73D-286B2421B80C}"
"ccSvcHst_UserSession_3800"="{BA68D820-8A68-4633-920C-B6BE82DA879E}"
"ccSvcHst_UserSession_2752"="{A3C60E7C-BB57-405E-99CA-1B5B7B9A60AD}"
"ccSvcHst_UserSession_3928"="{3A255A7E-E350-4D4C-808E-159C9973A491}"
"ccSvcHst_UserSession_3376"="{DF5D5B86-DB28-489C-954C-3B2DC92CE392}"
"ccSvcHst_UserSession_3488"="{914AD14D-EDF6-4090-843C-85E3C7BBCE25}"
"ccSvcHst_UserSession_3720"="{2F99FEA6-62FC-4CB2-B999-EC0DCE16C310}"
"ccSvcHst_UserSession_2956"="{ACD5B217-F8CD-4C8E-AF90-C9151C22773F}"
"ccSvcHst_UserSession_3832"="{633F862F-0A6A-401F-B4FB-A3C70FA6DF2E}"
"ccSvcHst_UserSession_3752"="{CA4E6534-92A1-4D01-8415-61EC79264B2A}"
"ccSvcHst_UserSession_3472"="{DA01E9EF-DE87-46D5-967F-98F635315CF8}"
"ccSvcHst_UserSession_3704"="{A566A3FB-AE97-4DB6-B9BE-5815D3C6A4DB}"
"ccSvcHst_UserSession_3484"="{6584CED3-3720-428D-8207-6A760C19CD63}"
"ccSvcHst_UserSession_3036"="{E0E724D4-8C0C-4162-ADC1-D17443772D51}"
"ccSvcHst_N360"="{13388983-B5DD-4AA6-9C8D-C33014D2C51C}"
"g_coVistaProxyChannel"="{13388983-B5DD-4AA6-9C8D-C33014D2C51C}"
"{3F11C6A7-CEA8-40c9-88EE-E5461341AE97}_ccSubmissionEngineIPC"="{13388983-B5DD-4AA6-9C8D-C33014D2C51C}"
"uiPerf_Service_Channel"="{13388983-B5DD-4AA6-9C8D-C33014D2C51C}"
"QuickStart{4302D82E-BA29-4be2-A0EF-72589D61BCD3}"="{13388983-B5DD-4AA6-9C8D-C33014D2C51C}"
"IPS_COMMAND_CHANNEL"="{13388983-B5DD-4AA6-9C8D-C33014D2C51C}"
"ccJobMgr_general_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{13388983-B5DD-4AA6-9C8D-C33014D2C51C}"
"ccJobMgr_session_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{13388983-B5DD-4AA6-9C8D-C33014D2C51C}"
"ccGenericEvent_Global_EM"="{13388983-B5DD-4AA6-9C8D-C33014D2C51C}"
"ccGenericEvent_Global_LM"="{13388983-B5DD-4AA6-9C8D-C33014D2C51C}"
"ccGenericLog_Manager"="{13388983-B5DD-4AA6-9C8D-C33014D2C51C}"
"SNDServiceRequestChannel"="{13388983-B5DD-4AA6-9C8D-C33014D2C51C}"
"SNDLocationChannel"="{13388983-B5DD-4AA6-9C8D-C33014D2C51C}"
"ccSettingsService"="{13388983-B5DD-4AA6-9C8D-C33014D2C51C}"
"_isDataPrComm_"="{13388983-B5DD-4AA6-9C8D-C33014D2C51C}"
"SymRedirSvcRequestChannel"="{13388983-B5DD-4AA6-9C8D-C33014D2C51C}"
"Tuneup_Context_Switch_Channel"="{13388983-B5DD-4AA6-9C8D-C33014D2C51C}"
"FWAlert"="{13388983-B5DD-4AA6-9C8D-C33014D2C51C}"
"_AvProdSvcComm_"="{13388983-B5DD-4AA6-9C8D-C33014D2C51C}"
"_buSvcComm_"="{13388983-B5DD-4AA6-9C8D-C33014D2C51C}"
"NortonNetServiceIPC"="{13388983-B5DD-4AA6-9C8D-C33014D2C51C}"
"NetMapServiceIPC"="{13388983-B5DD-4AA6-9C8D-C33014D2C51C}"
"_StatisticsCommand_"="{13388983-B5DD-4AA6-9C8D-C33014D2C51C}"
"ccSvcHst_UserSession_2872"="{3E4EF2D1-7C64-427F-A1A8-4868B7606E29}"
"{436E95FE-192E-469f-8F34-5038FBA89BF4}1"="{3E4EF2D1-7C64-427F-A1A8-4868B7606E29}"
"{B44E7D73-F081-414B-ADD2-CD66675A190D}1"="{3E4EF2D1-7C64-427F-A1A8-4868B7606E29}"
"_buUIComm_"="{3E4EF2D1-7C64-427F-A1A8-4868B7606E29}"
"AvProdSession_01"="{3E4EF2D1-7C64-427F-A1A8-4868B7606E29}"
"AvProdSession_Options_01"="{3E4EF2D1-7C64-427F-A1A8-4868B7606E29}"
"AvProdSession_Scanless_01"="{3E4EF2D1-7C64-427F-A1A8-4868B7606E29}"
"clt::AlertChannel2_01"="{3E4EF2D1-7C64-427F-A1A8-4868B7606E29}"
"QuickStart{4A16DDA3-2513-41ea-90C8-E34A67781129}1"="{3E4EF2D1-7C64-427F-A1A8-4868B7606E29}"
"TRUSTCHANNEL"="{3E4EF2D1-7C64-427F-A1A8-4868B7606E29}"
"SDKCHANNEL1"="{3E4EF2D1-7C64-427F-A1A8-4868B7606E29}"
"ToasterNotify\\SessionID_1"="{3E4EF2D1-7C64-427F-A1A8-4868B7606E29}"
"AccountServices_1"="{3E4EF2D1-7C64-427F-A1A8-4868B7606E29}"
"FormHandler_1"="{3E4EF2D1-7C64-427F-A1A8-4868B7606E29}"
"BashIPCChannel"="{13388983-B5DD-4AA6-9C8D-C33014D2C51C}"
"_TrustSvcComm_"="{13388983-B5DD-4AA6-9C8D-C33014D2C51C}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Endpoints]
@Denied: (C D) (Everyone)
"{B55464AF-92BD-4D40-B8AD-D95C82576AE8}"=""
"{EB8E77B2-2AD9-4D08-B183-9AA97CB31C6E}"=""
"{58BD3302-5CAB-4BFC-B660-1DCC89B5732F}"=""
"{0FA2642B-CAE7-4146-9F06-BEE0C04390A4}"=""
"{25631519-CFF3-4CBA-9A64-72F553656878}"=""
"{E884C3B7-B71B-488B-AD3C-6FC99148E1EE}"=""
"{BD34029F-139E-4461-8C50-EAFD3FA72595}"=""
"{97C464CF-D727-4022-859A-4EDD8E002E2B}"=""
"{EB24B681-27DA-4329-AB9A-AA8E6D0D7E32}"=""
"{56D9810D-839F-4E5C-9B4E-A4A3850986B7}"=""
"{6D89BF15-55F2-4FE8-80BE-0519422E15C4}"=""
"{1070BC76-26DF-4155-B427-58ED40580FFE}"=""
"{000AEA3A-1913-4C82-9CAE-3C24B68B28D5}"=""
"{4329F7D4-E906-4A10-9C40-CE98DA4791AF}"=""
"{0FCD07C3-8C15-4CD5-94E9-E4AAD5865958}"=""
"{9A774F35-AA48-4DFB-B50E-0E24FF617100}"=""
"{D9F244FD-C844-4E69-84B2-7F44E69EC27C}"=""
"{B3030821-DCFB-4DDA-AA39-2B2F6DA699BA}"=""
"{413EE665-A2F7-47EF-BA19-0F27BC835AE7}"=""
"{B83A4C76-2682-4562-A5CF-DAA45210ADFF}"=""
"{25CF7530-D4BE-493D-B3D6-06ADE507BEBE}"=""
"{D01EF6D5-105D-4FD7-8FE0-8653998B55DA}"=""
"{7C28F083-B068-40B7-A168-492AAEEBF2D3}"=""
"{9C55D117-801B-41C3-97D3-2EBF33043FD7}"=""
"{2ACE5548-0C94-4225-8E96-47D17E2321FC}"=""
"{469BC038-AC3E-4FB6-A40D-9A3C30C4E913}"=""
"{77F8584D-DFD2-4817-A9B5-4D9772C27A61}"=""
"{B165D8D3-F5DB-4C52-A959-691232DDDCD6}"=""
"{A0FE2799-8455-4571-8537-D148D7EC8C96}"=""
"{B462DB07-9EF7-4767-ABFC-19A40D56E900}"=""
"{4BE3BF0A-A6B1-4B3B-B4CF-48B30E136082}"=""
"{208A95CC-11E2-4BBE-BB4B-AA2CF6FB07B9}"=""
"{CAE48E97-B7D2-4E66-A18B-E6EC61102ACF}"=""
"{D2657DF5-C407-44FF-92A4-D01644FCB0F6}"=""
"{5D8A1563-D3C7-4FA2-966B-39D24B02849C}"=""
"{B8475783-9801-4E12-B999-64905A49BA4E}"=""
"{0DADA48F-1A43-4126-A73D-286B2421B80C}"=""
"{94A6967A-7F0D-4DB1-8CE9-D208D67CFB63}"=""
"{BA68D820-8A68-4633-920C-B6BE82DA879E}"=""
"{47BEC34D-3E70-43B5-8423-641D5E6E7186}"=""
"{F48C0292-76B6-498C-BA5B-DD2CA347289A}"=""
"{16A317E2-BD71-4D2F-A5C3-69A80FE13706}"=""
"{67EBF587-5131-4B90-9BAE-DFEDF517BE62}"=""
"{D9642E26-0E34-414C-AA43-CEA97C6DACC2}"=""
"{A3C60E7C-BB57-405E-99CA-1B5B7B9A60AD}"=""
"{B11E87E2-042A-4511-A810-0CBEE81272D0}"=""
"{3A255A7E-E350-4D4C-808E-159C9973A491}"=""
"{074D7C31-48CF-4CC2-A561-43A62EE80570}"=""
"{E9697361-497D-4CA5-991B-5B5134A5588F}"=""
"{756FD40C-74CB-4C5E-84DF-E6473126E23C}"=""
"{DF5D5B86-DB28-489C-954C-3B2DC92CE392}"=""
"{89A4F5EF-3350-48D7-8A25-831186C362A0}"=""
"{914AD14D-EDF6-4090-843C-85E3C7BBCE25}"=""
"{6DEBFE77-B6E7-42C8-9A88-36964A51ACB8}"=""
"{2F99FEA6-62FC-4CB2-B999-EC0DCE16C310}"=""
"{D72655F5-41BA-41A7-9A77-E5F8C97BB122}"=""
"{C4258106-EE2C-4D9E-BA0C-9BC0272AC3D2}"=""
"{F8C8EB1E-EF41-4319-925B-93D6EAED94CF}"=""
"{1FAFCDFE-9C22-4109-B58A-83801A51D6E7}"=""
"{C7E6211F-7BD1-4777-A95B-DD035E358FE4}"=""
"{D176FB1D-3699-4699-AB01-ED47DE6D52FA}"=""
"{AA6C62A0-326E-4E12-91E6-09BFD4C0103D}"=""
"{9950D606-C902-4749-98CC-11D8D841AE92}"=""
"{07F08B0A-C8AA-4499-B49A-CD8C2F19DAC6}"=""
"{2EDF8371-AF14-47C4-BB89-6F59BA3F1DE6}"=""
"{EA5E1F81-E439-4AD7-84C4-D0867E9F6B1E}"=""
"{693F7327-ACC7-4207-A929-0B63E1BC0911}"=""
"{3AFD4B22-A382-42F1-B1C6-EAA258EAC76E}"=""
"{ACD5B217-F8CD-4C8E-AF90-C9151C22773F}"=""
"{3BFFD21F-0977-468C-9F9C-DB7224FEB27E}"=""
"{633F862F-0A6A-401F-B4FB-A3C70FA6DF2E}"=""
"{5F8E62B5-8425-45ED-B34C-D5DF6E45F707}"=""
"{39C4F92B-AE9F-4337-9B93-D57160EECB9F}"=""
"{7B1B80F5-4617-413C-B7D2-6FCB35D89768}"=""
"{29C4E717-8C79-44BE-A8A3-144D3777E5FD}"=""
"{46305F84-980A-4204-8CEA-6D5A9C159FEB}"=""
"{4EDBE6D4-09F4-45EE-8B51-19344672D5DF}"=""
"{CA4E6534-92A1-4D01-8415-61EC79264B2A}"=""
"{0CAB0B68-98F1-4999-902C-FEF4EECAB409}"=""
"{A6116A98-6AE1-4759-B923-F40C740B87E6}"=""
"{7BB2DA3B-CEC8-4BBB-A90D-66B56BBD462D}"=""
"{53F1BB01-7AA6-47A9-8C1D-056EADA2319C}"=""
"{BF938863-D6FE-4E7C-B51E-7F8773040BB5}"=""
"{85F48E96-A4BB-423A-8921-1B9E9D6682CA}"=""
"{82672D4D-F228-49E7-A604-F0B7EB5D00B6}"=""
"{9C12AD94-D015-41CB-90BB-08A6FB1F9371}"=""
"{C79C14BD-89DD-4057-84AC-A5504E69052A}"=""
"{DBFE99A3-6283-4CA6-9FDD-2EBE11ED68A5}"=""
"{607D8DD0-8120-422A-8DD5-EB778735F287}"=""
"{869FA6C4-094F-4B70-9062-C02C24F7EEE0}"=""
"{9A28FB8F-976A-4701-9096-A6916F686871}"=""
"{DA01E9EF-DE87-46D5-967F-98F635315CF8}"=""
"{B8CA53E6-930E-4B0C-A9B0-A0D97D2E38E4}"=""
"{A566A3FB-AE97-4DB6-B9BE-5815D3C6A4DB}"=""
"{42B29D28-CD0E-4BEA-B399-4DDFD0BA7ABA}"=""
"{7F1B33DF-389C-4BA1-8208-BE64AA8F90AF}"=""
"{0FBBC9A4-FD77-4C68-A167-4DD5B209EB81}"=""
"{AFD48696-35EF-4277-B6C3-35FFAA8A74B4}"=""
"{15D4F862-88D2-4B76-AF74-CC64AFC50A0E}"=""
"{F1794CC7-2F74-426C-853C-BF7E50768F7A}"=""
"{60F43400-423E-4F6F-8B1F-C1FBE35B2BAC}"=""
"{21038BEF-E62E-4632-8BAF-735D9304ABFF}"=""
"{6584CED3-3720-428D-8207-6A760C19CD63}"=""
"{56CFB01B-C6C6-4C78-9594-42EE1B2380ED}"=""
"{E0E724D4-8C0C-4162-ADC1-D17443772D51}"=""
"{E8D0810F-7BC4-4286-8885-3ACD9CBB11E0}"=""
"{45436674-E80E-4CDA-959B-C4B226666700}"=""
"{741E6364-B63C-47D8-AD9E-6C70DD51EFAB}"=""
"{674082FA-FC4A-4AF9-A238-3526E0898E6A}"=""
"{CE90E985-72DB-4D92-9FA1-65C409661520}"=""
"{C3FA5173-59AE-44AE-AED6-F10F6DD993AD}"=""
"{13388983-B5DD-4AA6-9C8D-C33014D2C51C}"=""
"{3E4EF2D1-7C64-427F-A1A8-4868B7606E29}"=""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(6020)
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlUI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\GDIExtendCtrl.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlOP.dll
c:\program files\EgisTec\MyWinLocker 3\x86\CryptoAPI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\ShowErrMsg.dll
c:\windows\System32\gameux.dll
c:\program files\Acer\Acer ePower Management\SysHook.dll
c:\windows\System32\ieframe.dll
.
Completion time: 2010-07-12 20:41:30
ComboFix-quarantined-files.txt 2010-07-12 19:41
ComboFix2.txt 2010-07-12 19:10

Pre-Run: 294,488,743,936 bytes free
Post-Run: 294,435,532,800 bytes free

- - End Of File - - BB6C7436CC01F929C4A1C1303007186

unfortunately lost the OTi log - Do you want me to ree run.

doveney

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-07-11
Operating System : Windows 7

View user profile

Back to top Go down

Re: Trojan - FAKEAV

Post by Sneakyone on Tue 13 Jul 2010, 10:15 am

Hi,

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Trojan - FAKEAV

Post by doveney on Wed 14 Jul 2010, 4:45 am

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4309

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

13/07/2010 18:43:50
mbam-log-2010-07-13 (18-43-50).txt

Scan type: Full scan (C:\|)
Objects scanned: 265696
Time elapsed: 1 hour(s), 35 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\24d1ca9a-a864-4f7b-86fe-495eb56529d8 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\7bde84a2-f58f-46ec-9eac-f1f90fead080 (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\BASH\Clone\BHC1F71.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\Downloaded Program Files\popcaploader.dll.vir (Adware.PopCap) -> Quarantined and deleted successfully.

doveney

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-07-11
Operating System : Windows 7

View user profile

Back to top Go down

Re: Trojan - FAKEAV

Post by Sneakyone on Wed 14 Jul 2010, 8:15 am

Hi,

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Trojan - FAKEAV

Post by Sponsored content Today at 7:35 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum