HTTPS Tidserv Request 2

View previous topic View next topic Go down

HTTPS Tidserv Request 2

Post by vtflee on Tue Jul 27, 2010 10:58 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:53:04 PM, on 7/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\system32\bcmntray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM6\anotify.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Francisco Lee\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

vtflee
Intermediate
Intermediate

Status :
Online
Offline

Posts : 61
Joined : 2008-11-27
OS : Windows XP Media Center

View user profile

Back to top Go down

Re: HTTPS Tidserv Request 2

Post by Belahzur on Wed Jul 28, 2010 12:22 am

Please post a full log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: HTTPS Tidserv Request 2

Post by vtflee on Wed Jul 28, 2010 11:45 pm

SORRY!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:53:04 PM, on 7/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\system32\bcmntray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM6\anotify.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Francisco Lee\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Francisco Lee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - [You must be registered and logged in to see this link.]
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - [You must be registered and logged in to see this link.]
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 11998 bytes

vtflee
Intermediate
Intermediate

Status :
Online
Offline

Posts : 61
Joined : 2008-11-27
OS : Windows XP Media Center

View user profile

Back to top Go down

Re: HTTPS Tidserv Request 2

Post by Belahzur on Thu Jul 29, 2010 12:05 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: HTTPS Tidserv Request 2

Post by vtflee on Thu Jul 29, 2010 12:20 pm

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4365

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/29/2010 8:12:29 AM
mbam-log-2010-07-29 (08-12-29).txt

Scan type: Quick scan
Objects scanned: 144393
Time elapsed: 19 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

vtflee
Intermediate
Intermediate

Status :
Online
Offline

Posts : 61
Joined : 2008-11-27
OS : Windows XP Media Center

View user profile

Back to top Go down

Re: HTTPS Tidserv Request 2

Post by Belahzur on Fri Jul 30, 2010 12:18 am

Hello.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: HTTPS Tidserv Request 2

Post by vtflee on Fri Jul 30, 2010 2:10 am

OTL logfile created on: 7/29/2010 9:52:33 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Francisco Lee\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 345.00 Mb Available Physical Memory | 34.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 11.96 Gb Free Space | 21.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 620.40 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FRANCISC-ED200B
Current User Name: Francisco Lee
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/29 21:51:25 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Francisco Lee\My Documents\Downloads\OTL.exe
PRC - [2009/08/22 04:14:09 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2009/07/01 12:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2009/05/19 01:23:16 | 000,049,968 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2009/04/28 21:36:58 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/03/29 17:24:34 | 001,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/11/06 13:33:00 | 000,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/28 20:51:10 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/08/31 12:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/02/08 01:12:48 | 000,488,984 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007/02/08 01:12:20 | 000,230,936 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2007/02/06 17:43:26 | 000,252,704 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/12 06:48:46 | 000,157,592 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools\daemon.exe
PRC - [2005/05/11 18:48:22 | 001,044,480 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\bcmntray.EXE
PRC - [2003/01/09 10:20:20 | 000,114,688 | ---- | M] (Roxio, Inc.) -- C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
PRC - [2003/01/09 09:21:26 | 000,253,952 | ---- | M] (Roxio, Inc.) -- C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe


========== Modules (SafeList) ==========

MOD - [2010/07/29 21:51:25 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Francisco Lee\My Documents\Downloads\OTL.exe
MOD - [2009/08/22 04:14:06 | 000,419,696 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.8.0.41\asOEHook.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/08/22 04:14:09 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2007/11/28 20:51:10 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/08/31 12:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/23 16:35:22 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/02/06 17:47:12 | 000,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/02/06 17:45:26 | 000,109,344 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\yujetiyq.sys -- (fyopctqy)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10615.sys -- (EraserUtilDrv10615)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/07/13 04:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100729.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/13 04:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100729.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/05/28 15:33:19 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100728.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/26 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/26 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/01/03 17:31:18 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/09/28 03:02:44 | 000,014,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2009/08/22 04:14:09 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys -- (ccHP)
DRV - [2009/08/22 04:14:09 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2009/08/22 04:14:09 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS -- (SRTSP)
DRV - [2009/08/22 04:14:09 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/08/22 04:14:09 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/08/22 04:14:09 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - [2009/08/22 04:14:09 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/08/22 04:14:09 | 000,036,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2009/08/22 04:14:09 | 000,033,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/08/22 04:13:59 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2009/08/22 04:13:59 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/29 17:24:34 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2009/02/17 11:43:30 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/02/17 11:43:28 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/10/25 01:38:46 | 000,822,272 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/04/13 14:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/03/21 16:30:06 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2008/03/21 16:30:06 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/02/06 17:44:36 | 001,964,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/02/06 17:42:40 | 001,691,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/02/03 10:33:00 | 000,022,560 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2007/02/03 10:32:46 | 001,939,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Fusion(UVC)
DRV - [2007/02/03 10:32:36 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/02/03 10:30:58 | 001,507,232 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2007/01/30 16:40:00 | 000,646,392 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/01/30 01:16:42 | 000,006,144 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/04/29 14:10:06 | 000,274,688 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camchal.sys -- (CAMCHALA)
DRV - [2004/04/29 14:09:20 | 000,292,352 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camcaud.sys -- (CAMCAUD)
DRV - [2004/03/23 22:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2004/03/12 14:57:00 | 001,638,618 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/05/01 22:42:00 | 000,030,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\strmdisp.sys -- (StreamDispatcher)
DRV - [2003/05/01 22:40:00 | 000,165,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2003/05/01 22:38:00 | 000,622,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/05/01 22:37:00 | 001,107,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/13 10:19:26 | 000,249,344 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2003/01/13 10:19:26 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\UdfReadr_xp.sys -- (UdfReadr_xp)
DRV - [2003/01/13 10:19:26 | 000,118,422 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2003/01/13 10:19:26 | 000,022,758 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2003/01/13 10:19:26 | 000,021,654 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: FFToolbar@upromise:6.2.0.1281
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:7
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.176.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/25 15:02:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/21 01:06:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/24 11:35:06 | 000,000,000 | ---D | M]

[2008/11/16 13:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Francisco Lee\Application Data\Mozilla\Extensions
[2010/07/29 07:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Francisco Lee\Application Data\Mozilla\Firefox\Profiles\e59ng5xf.default\extensions
[2009/10/03 18:17:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Francisco Lee\Application Data\Mozilla\Firefox\Profiles\e59ng5xf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/14 23:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Francisco Lee\Application Data\Mozilla\Firefox\Profiles\e59ng5xf.default\extensions\DeviceDetection@logitech.com
[2010/03/25 14:37:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Francisco Lee\Application Data\Mozilla\Firefox\Profiles\e59ng5xf.default\extensions\FFToolbar@upromise
[2010/01/12 03:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Francisco Lee\Application Data\Mozilla\Firefox\Profiles\e59ng5xf.default\extensions\firefox@tvunetworks.com
[2010/07/29 07:56:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/15 01:23:05 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/07/24 11:35:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/24 11:34:24 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2009/04/01 19:04:23 | 000,000,021 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\bcmntray.exe (Broadcom Corporation)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [RoxioAudioCentral] C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe (Roxio, Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [RoxioEngineUtility] C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe (Roxio)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe File not found
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKCU..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} [You must be registered and logged in to see this link.] (Infotl Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} [You must be registered and logged in to see this link.] (VerifyGMN Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} [You must be registered and logged in to see this link.] (Windows Live Safety Center Base Module)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} [You must be registered and logged in to see this link.] (Facebook Photo Uploader Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} [You must be registered and logged in to see this link.] (DivXBrowserPlugin Object)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} [You must be registered and logged in to see this link.] (GMNRev Class)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} [You must be registered and logged in to see this link.] (Groove Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Francisco Lee\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Francisco Lee\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/05 14:52:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1998/12/13 03:43:32 | 000,000,040 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{5296ed5a-b0a2-11db-aed6-00904b56d88f}\Shell - "" = AutoRun
O33 - MountPoints2\{5296ed5a-b0a2-11db-aed6-00904b56d88f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5296ed5a-b0a2-11db-aed6-00904b56d88f}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [1998/12/01 01:04:40 | 000,025,600 | R--- | M] ()
O33 - MountPoints2\{de42c9c4-acca-11dc-af4d-00904b56d88f}\Shell - "" = AutoRun
O33 - MountPoints2\{de42c9c4-acca-11dc-af4d-00904b56d88f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{de42c9c4-acca-11dc-af4d-00904b56d88f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/07/24 16:14:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/07/24 16:14:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/24 11:35:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Java.exe
[2010/07/24 11:35:06 | 000,423,656 | ---- | C] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/24 11:35:06 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/07/24 11:35:06 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/07/24 11:35:06 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/07/24 11:35:06 | 000,073,728 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/24 11:23:15 | 000,000,000 | -HSD | C] -- C:\found.003
[2010/07/23 10:10:52 | 000,000,000 | -HSD | C] -- C:\found.002
[2010/07/23 00:55:09 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/07/23 00:55:03 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/07/23 00:55:02 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/07/23 00:55:02 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/07/23 00:55:02 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/07/23 00:55:01 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/07/23 00:55:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/07/22 14:09:22 | 000,000,000 | -HSD | C] -- C:\found.001
[2010/07/22 10:59:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/22 10:59:02 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/22 10:58:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/21 20:45:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/21 20:29:41 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/07/20 19:32:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/20 19:30:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/20 19:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/20 19:16:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Francisco Lee\Application Data\80549D4BAC8408491A18543EEB42DDBD
[2010/07/16 17:20:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Francisco Lee\Local Settings\Application Data\Unity
[2010/07/16 03:00:37 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/07/15 01:39:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Francisco Lee\Application Data\ooVoo Details
[2010/07/15 01:29:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Francisco Lee\Application Data\skypePM
[2010/07/15 01:24:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Francisco Lee\Application Data\Skype
[2010/07/15 01:22:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/07/15 01:22:17 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/07/15 01:21:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/07/15 01:07:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Francisco Lee\Local Settings\Application Data\Temp
[2010/07/15 01:07:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Francisco Lee\Local Settings\Application Data\Google
[2010/07/15 00:50:46 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2010/07/15 00:50:27 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2010/07/15 00:50:21 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2010/07/15 00:50:21 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2010/07/15 00:50:21 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2010/07/15 00:50:16 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2010/07/15 00:50:06 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2010/07/15 00:49:58 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2010/07/15 00:49:38 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2010/07/15 00:48:50 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2010/07/15 00:48:50 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2010/07/15 00:48:50 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2010/07/15 00:48:50 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2010/07/15 00:48:50 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2010/07/15 00:48:50 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2010/07/15 00:48:49 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2010/07/15 00:48:49 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2010/07/15 00:48:49 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2010/07/15 00:48:49 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2010/07/15 00:28:20 | 001,939,360 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\lvuvc.sys
[2010/07/15 00:28:20 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\msvcr71.dll
[2010/07/15 00:28:20 | 000,264,992 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\lvcodec2.dll
[2010/07/15 00:28:19 | 001,507,232 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\lvpopflt.sys
[2010/07/15 00:28:19 | 000,527,136 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\LVUI2RC.dll
[2010/07/15 00:28:19 | 000,215,840 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\LVUI2.dll
[2010/07/15 00:28:18 | 000,129,824 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\lvci1051.dll
[2010/07/15 00:28:18 | 000,041,504 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\LVUSBSta.sys
[2010/07/15 00:28:18 | 000,022,560 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\lvuvcflt.sys
[2010/07/15 00:26:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2010/07/15 00:26:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2010/07/15 00:21:16 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2010/07/14 23:46:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Francisco Lee\Local Settings\Application Data\LogiShrd
[2010/07/14 23:45:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Francisco Lee\Application Data\Leadertech
[2010/07/14 23:41:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
[2010/07/14 23:23:53 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2010/07/14 23:23:53 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2010/07/14 07:51:18 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe

========== Files - Modified Within 30 Days ==========

[2010/07/29 21:12:06 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-117609710-1801674531-1003UA.job
[2010/07/29 01:12:01 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-117609710-1801674531-1003Core.job
[2010/07/26 22:18:22 | 007,602,176 | -H-- | M] () -- C:\Documents and Settings\Francisco Lee\NTUSER.DAT
[2010/07/25 18:32:51 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/25 18:31:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/07/25 18:30:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/25 18:30:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/25 18:28:31 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Francisco Lee\ntuser.ini
[2010/07/25 18:28:18 | 008,592,662 | -H-- | M] () -- C:\Documents and Settings\Francisco Lee\Local Settings\Application Data\IconCache.db
[2010/07/24 11:49:59 | 000,054,632 | ---- | M] () -- C:\Documents and Settings\Francisco Lee\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/24 11:34:23 | 000,153,376 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/07/24 11:34:22 | 000,423,656 | ---- | M] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/24 11:34:22 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/07/24 11:34:22 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/07/24 11:34:22 | 000,073,728 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/22 10:59:22 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/21 20:44:15 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/20 14:27:48 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\Francisco Lee\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/15 23:04:23 | 000,146,083 | ---- | M] () -- C:\Documents and Settings\Francisco Lee\Desktop\Video call snapshot 5.png
[2010/07/15 22:46:31 | 000,042,334 | ---- | M] () -- C:\Documents and Settings\Francisco Lee\Desktop\Video call snapshot 4.png
[2010/07/15 01:29:30 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/07/15 01:22:22 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/07/15 00:37:47 | 000,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/15 00:26:27 | 000,001,801 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk
[2010/07/08 16:04:24 | 000,067,421 | ---- | M] () -- C:\Documents and Settings\Francisco Lee\My Documents\Art_Me_Lavar.jpg
[2010/06/30 23:54:47 | 000,444,342 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/30 23:54:47 | 000,072,178 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/30 23:54:46 | 000,523,104 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2010/07/22 10:59:22 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/15 23:03:07 | 000,146,083 | ---- | C] () -- C:\Documents and Settings\Francisco Lee\Desktop\Video call snapshot 5.png
[2010/07/15 22:46:22 | 000,042,334 | ---- | C] () -- C:\Documents and Settings\Francisco Lee\Desktop\Video call snapshot 4.png
[2010/07/15 18:25:40 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Francisco Lee\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/15 01:29:30 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/07/15 01:22:22 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/07/15 01:07:50 | 000,001,010 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-117609710-1801674531-1003UA.job
[2010/07/15 01:07:49 | 000,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-117609710-1801674531-1003Core.job
[2010/07/15 00:49:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/07/15 00:28:19 | 000,013,398 | ---- | C] () -- C:\WINDOWS\System32\Repository.reg
[2010/07/15 00:28:18 | 000,050,127 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/07/15 00:26:27 | 000,001,801 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk
[2010/07/08 16:04:20 | 000,067,421 | ---- | C] () -- C:\Documents and Settings\Francisco Lee\My Documents\Art_Me_Lavar.jpg
[2010/03/09 20:51:06 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/10/25 01:52:20 | 001,212,416 | ---- | C] () -- C:\WINDOWS\System32\bcmwcfg.dll
[2008/10/25 01:52:20 | 000,950,272 | ---- | C] () -- C:\WINDOWS\System32\bcmacfg.dll
[2008/10/25 01:52:20 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\bcmctrls.dll
[2008/10/25 01:52:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/10/07 12:04:50 | 000,000,034 | ---- | C] () -- C:\WINDOWS\ebraryRdr.ini
[2008/09/15 20:14:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/15 20:12:02 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/15 20:12:02 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/09/15 20:11:10 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/02/06 17:45:04 | 000,025,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/02/06 17:42:40 | 001,691,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2007/01/30 16:40:00 | 000,646,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/01/24 02:23:17 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/25 21:54:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/13 14:21:58 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

vtflee
Intermediate
Intermediate

Status :
Online
Offline

Posts : 61
Joined : 2008-11-27
OS : Windows XP Media Center

View user profile

Back to top Go down

Re: HTTPS Tidserv Request 2

Post by vtflee on Fri Jul 30, 2010 2:10 am

OTL Extras logfile created on: 7/29/2010 9:52:34 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Francisco Lee\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 345.00 Mb Available Physical Memory | 34.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 11.96 Gb Free Space | 21.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 620.40 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FRANCISC-ED200B
Current User Name: Francisco Lee
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"443:TCP" = 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\Francisco Lee\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Francisco Lee\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{26B878A8-5704-3B64-BDBC-4F0EACA38121}" = Google Talk Plugin
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{644F9DBE-CEDB-45AF-ACB8-E26692B74F62}" = Easy CD & DVD Creator 6
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D2370AC-D8E6-4996-986A-19824F8A167C}" = Logitech QuickCam
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = RTLSetup for Realtek RTL8139/810x Family NIC 3.50 (OEM A)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"3DGroove" = OTOY
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_6" = AIM 6
"Broadcom 802.11 Application" = Broadcom Wireless Utility
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CNXT_MODEM_PCI_VEN_8086&DEV_24D6&SUBSYS_006A103C" = Conexant 56K ACLink Modem
"Conexant PCI Audio" = Conexant AC-Link Audio
"ESET Online Scanner" = ESET Online Scanner v3
"GOM Player" = GOM Player
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.7.0 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.7)" = Mozilla Firefox (3.6.7)
"MSN Music Assistant" = MSN Music Assistant
"N360" = Norton 360
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Driver" = NVIDIA Display Driver
"PeerGuardian_is1" = PeerGuardian 2.0
"QcDrv" = Logitech® Camera Driver
"RealAlt_is1" = Real Alternative 1.8.0 Lite
"RealPlayer 6.0" = RealPlayer
"SpywareBlaster_is1" = SpywareBlaster 4.3
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip Self-Extractor" = WinZip Self-Extractor
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Move Media Player" = Move Media Player
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/29/2010 12:12:05 PM | Computer Name = FRANCISC-ED200B | Source = Google Update | ID = 20
Description =

Error - 7/29/2010 1:12:05 PM | Computer Name = FRANCISC-ED200B | Source = Google Update | ID = 20
Description =

Error - 7/29/2010 2:12:06 PM | Computer Name = FRANCISC-ED200B | Source = Google Update | ID = 20
Description =

Error - 7/29/2010 3:12:05 PM | Computer Name = FRANCISC-ED200B | Source = Google Update | ID = 20
Description =

Error - 7/29/2010 4:12:05 PM | Computer Name = FRANCISC-ED200B | Source = Google Update | ID = 20
Description =

Error - 7/29/2010 5:12:05 PM | Computer Name = FRANCISC-ED200B | Source = Google Update | ID = 20
Description =

Error - 7/29/2010 6:12:05 PM | Computer Name = FRANCISC-ED200B | Source = Google Update | ID = 20
Description =

Error - 7/29/2010 7:12:10 PM | Computer Name = FRANCISC-ED200B | Source = Google Update | ID = 20
Description =

Error - 7/29/2010 8:12:07 PM | Computer Name = FRANCISC-ED200B | Source = Google Update | ID = 20
Description =

Error - 7/29/2010 9:12:05 PM | Computer Name = FRANCISC-ED200B | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 7/25/2010 4:13:11 PM | Computer Name = FRANCISC-ED200B | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.MFC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 7/25/2010 4:13:11 PM | Computer Name = FRANCISC-ED200B | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.MFC. Reference error
message: The referenced assembly is not installed on your system. .

Error - 7/25/2010 4:13:11 PM | Computer Name = FRANCISC-ED200B | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Avira\AntiVir
Desktop\shlext.dll. Reference error message: The operation completed successfully.
.

Error - 7/25/2010 6:30:58 PM | Computer Name = FRANCISC-ED200B | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 7/25/2010 6:30:58 PM | Computer Name = FRANCISC-ED200B | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 7/25/2010 6:31:43 PM | Computer Name = FRANCISC-ED200B | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.MFC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 7/25/2010 6:31:43 PM | Computer Name = FRANCISC-ED200B | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.MFC. Reference error
message: The referenced assembly is not installed on your system. .

Error - 7/25/2010 6:31:43 PM | Computer Name = FRANCISC-ED200B | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Avira\AntiVir
Desktop\avgnt.exe. Reference error message: The operation completed successfully.
.

Error - 7/25/2010 6:32:36 PM | Computer Name = FRANCISC-ED200B | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgio

Error - 7/29/2010 12:46:43 PM | Computer Name = FRANCISC-ED200B | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >

vtflee
Intermediate
Intermediate

Status :
Online
Offline

Posts : 61
Joined : 2008-11-27
OS : Windows XP Media Center

View user profile

Back to top Go down

Re: HTTPS Tidserv Request 2

Post by Belahzur on Fri Jul 30, 2010 9:26 pm

Hmm, still nothing, guess we need to go deeper.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: HTTPS Tidserv Request 2

Post by vtflee on Sat Jul 31, 2010 2:18 am

FYI: I thought I had removed the program AntiVir, but apparently not. I hope that didn't affect the outcome of the Combo-Fix

ComboFix 10-07-30.01 - Francisco Lee 07/30/2010 21:51:23.6.2 - x86
Running from: c:\documents and settings\Francisco Lee\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\run.log

.
((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-31 )))))))))))))))))))))))))))))))
.

2010-07-31 01:26 . 2010-07-31 01:26 -------- d-----w- C:\found.004
2010-07-24 15:49 . 2010-07-24 15:49 54632 ----a-w- c:\documents and settings\Francisco Lee\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-24 15:35 . 2010-07-24 15:34 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-24 15:23 . 2010-07-24 15:23 -------- d-----w- C:\found.003
2010-07-23 14:10 . 2010-07-23 14:10 -------- d-----w- C:\found.002
2010-07-23 04:55 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-07-23 04:55 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-07-23 04:55 . 2009-05-11 16:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-07-23 04:55 . 2009-05-11 16:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-07-23 04:55 . 2010-07-23 04:55 -------- d-----w- c:\program files\Avira
2010-07-23 04:55 . 2010-07-23 04:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-07-22 18:09 . 2010-07-22 18:09 -------- d-----w- C:\found.001
2010-07-22 14:59 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-22 14:59 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-22 14:58 . 2010-07-22 14:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-22 00:45 . 2010-07-22 00:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-22 00:29 . 2010-07-22 00:29 -------- d-----w- C:\found.000
2010-07-20 23:16 . 2010-07-20 23:16 -------- d-----w- c:\documents and settings\Francisco Lee\Application Data\80549D4BAC8408491A18543EEB42DDBD
2010-07-16 21:20 . 2010-07-16 21:20 -------- d-----w- c:\documents and settings\Francisco Lee\Local Settings\Application Data\Unity
2010-07-16 07:00 . 2010-07-16 07:00 -------- d-----w- c:\program files\MSXML 4.0
2010-07-15 05:39 . 2010-07-15 05:41 -------- d-----w- c:\documents and settings\Francisco Lee\Application Data\ooVoo Details
2010-07-15 05:29 . 2010-07-15 05:29 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-07-15 05:29 . 2010-07-31 00:46 -------- d-----w- c:\documents and settings\Francisco Lee\Application Data\skypePM
2010-07-15 05:24 . 2010-07-31 01:45 -------- d-----w- c:\documents and settings\Francisco Lee\Application Data\Skype
2010-07-15 05:22 . 2010-07-15 05:22 -------- d-----w- c:\program files\Common Files\Skype
2010-07-15 05:22 . 2010-07-15 05:23 -------- d-----r- c:\program files\Skype
2010-07-15 05:21 . 2010-07-15 05:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-07-15 05:07 . 2010-07-15 05:08 -------- d-----w- c:\documents and settings\Francisco Lee\Local Settings\Application Data\Temp
2010-07-15 05:07 . 2010-07-15 05:08 -------- d-----w- c:\documents and settings\Francisco Lee\Local Settings\Application Data\Google
2010-07-15 04:50 . 2008-04-13 18:39 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2010-07-15 04:50 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-07-15 04:50 . 2008-04-13 18:46 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2010-07-15 04:50 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-07-15 04:50 . 2008-04-13 18:46 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2010-07-15 04:50 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2010-07-15 04:50 . 2008-04-13 18:46 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2010-07-15 04:50 . 2008-04-13 18:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2010-07-15 04:50 . 2008-04-13 18:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-07-15 04:50 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2010-07-15 04:49 . 2008-04-13 18:46 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2010-07-15 04:49 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2010-07-15 04:49 . 2008-04-13 18:46 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2010-07-15 04:49 . 2008-04-13 18:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2010-07-15 04:48 . 2008-04-14 00:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-07-15 04:48 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-07-15 04:28 . 2007-02-03 14:32 1939360 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2010-07-15 04:28 . 2007-02-03 14:29 264992 ----a-w- c:\windows\system32\lvcodec2.dll
2010-07-15 04:28 . 2003-02-21 08:42 348160 ----a-w- c:\windows\system\msvcr71.dll
2010-07-15 04:28 . 2007-02-03 14:32 527136 ----a-w- c:\windows\system32\LVUI2RC.dll
2010-07-15 04:28 . 2007-02-03 14:32 215840 ----a-w- c:\windows\system32\LVUI2.dll
2010-07-15 04:28 . 2007-02-03 14:30 1507232 ----a-w- c:\windows\system32\drivers\lvpopflt.sys
2010-07-15 04:28 . 2007-02-03 13:01 13398 ----a-w- c:\windows\system32\Repository.reg
2010-07-15 04:28 . 2007-02-03 14:33 22560 ----a-w- c:\windows\system32\drivers\lvuvcflt.sys
2010-07-15 04:28 . 2007-02-03 14:32 41504 ----a-w- c:\windows\system32\drivers\LVUSBSta.sys
2010-07-15 04:28 . 2007-02-03 14:29 129824 ----a-w- c:\windows\system32\lvci1051.dll
2010-07-15 04:26 . 2010-07-15 04:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2010-07-15 04:26 . 2010-07-15 04:48 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-07-15 04:21 . 2010-07-15 04:26 -------- d-----w- c:\program files\Logitech
2010-07-15 03:46 . 2010-07-15 03:46 -------- d-----w- c:\documents and settings\Francisco Lee\Local Settings\Application Data\LogiShrd
2010-07-15 03:45 . 2010-07-15 03:45 -------- d-----w- c:\documents and settings\Francisco Lee\Application Data\Leadertech
2010-07-15 03:41 . 2010-07-15 03:41 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-07-15 03:23 . 2008-04-13 18:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-07-15 03:23 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-07-14 11:51 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-31 02:05 . 2009-03-23 16:38 117760 ----a-w- c:\documents and settings\Francisco Lee\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-25 22:31 . 2010-07-15 04:49 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-07-22 15:00 . 2009-03-07 03:22 -------- d-----w- c:\documents and settings\Francisco Lee\Application Data\Malwarebytes
2010-07-22 00:44 . 2007-03-29 06:30 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-21 18:07 . 2010-03-09 04:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-21 18:06 . 2010-03-09 04:10 -------- d-----w- c:\program files\SpywareBlaster
2010-07-15 04:30 . 2010-07-15 04:30 10134 ----a-r- c:\documents and settings\Francisco Lee\Application Data\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe
2010-07-15 04:29 . 2010-07-15 04:29 10134 ----a-r- c:\documents and settings\Francisco Lee\Application Data\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe
2010-07-15 04:29 . 2010-07-15 04:29 10134 ----a-r- c:\documents and settings\Francisco Lee\Application Data\Microsoft\Installer\{EA516024-D84D-41F1-814F-83175A6188F2}\ARPPRODUCTICON.exe
2010-07-15 04:27 . 2006-06-05 19:35 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-14 14:31 . 2006-06-05 18:46 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-11 20:51 . 2010-06-11 20:51 3055600 ----a-w- c:\documents and settings\Francisco Lee\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-06-11 20:36 . 2010-06-11 20:36 275952 ----a-w- c:\documents and settings\Francisco Lee\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-06-11 08:46 . 2008-08-18 12:22 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-24 05:41 . 2010-05-24 05:41 503808 ----a-w- c:\documents and settings\Francisco Lee\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5d605c38-n\msvcp71.dll
2010-05-24 05:41 . 2010-05-24 05:41 499712 ----a-w- c:\documents and settings\Francisco Lee\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5d605c38-n\jmc.dll
2010-05-24 05:41 . 2010-05-24 05:41 348160 ----a-w- c:\documents and settings\Francisco Lee\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5d605c38-n\msvcr71.dll
2010-05-24 05:41 . 2010-05-24 05:41 61440 ----a-w- c:\documents and settings\Francisco Lee\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-39e02bdd-n\decora-sse.dll
2010-05-24 05:41 . 2010-05-24 05:41 12800 ----a-w- c:\documents and settings\Francisco Lee\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-39e02bdd-n\decora-d3d.dll
2010-05-06 10:41 . 2004-08-10 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-10 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2008-11-27 . 63999D0ABD8DABFD76A9C07F6E104868 . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[7] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2005-03-10 . C29A5286E64D97385178452D5F307B98 . 295424 . . [5.1.2600.2627] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2004-08-10 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB895961$\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-29 1830128]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google Update"="c:\documents and settings\Francisco Lee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-07-15 136176]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\bcmntray" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-03-12 3067904]
"nwiz"="nwiz.exe" [2004-03-12 753664]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-01-13 69632]
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-01-13 757760]
"RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-01-09 253952]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-11-29 583048]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-29 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 15:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Francisco Lee\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [2/2/2010 8:23 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [2/2/2010 8:23 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [2/2/2010 8:23 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100729.001\IDSXpx86.sys [7/30/2010 7:34 PM 331640]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2009 11:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2009 11:43 AM 55024]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2/2/2010 8:22 PM 117640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/15/2009 11:42 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/30/2010 7:35 PM 102448]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2009 11:43 AM 7408]
S0 fyopctqy;fyopctqy;c:\windows\system32\drivers\yujetiyq.sys --> c:\windows\system32\drivers\yujetiyq.sys [?]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/23/2010 12:55 AM 135336]
S3 EraserUtilDrv10615;EraserUtilDrv10615;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10615.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10615.sys [?]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [1/12/2010 9:01 PM 14424]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/30/2007 4:40 PM 646392]
.
Contents of the 'Scheduled Tasks' folder

2010-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-117609710-1801674531-1003Core.job
- c:\documents and settings\Francisco Lee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-15 05:07]

2010-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-117609710-1801674531-1003UA.job
- c:\documents and settings\Francisco Lee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-15 05:07]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: { - c:\documents and settings\All Users\Start Menu\Programs\absoƖute Poker\absoƖute Poker.lnk
FF - ProfilePath - c:\documents and settings\Francisco Lee\Application Data\Mozilla\Firefox\Profiles\e59ng5xf.default\
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Francisco Lee\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Francisco Lee\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\Francisco Lee\Application Data\Mozilla\Firefox\Profiles\e59ng5xf.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\documents and settings\Francisco Lee\Application Data\Mozilla\Firefox\Profiles\e59ng5xf.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\Francisco Lee\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Francisco Lee\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\Francisco Lee\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\Francisco Lee\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-30 22:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system.ini 227 bytes

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360]
"ImagePath"=""c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe" /s "N360" /m "c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,77,f8,99,60,9b,06,87,47,b3,fa,bc,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,77,f8,99,60,9b,06,87,47,b3,fa,bc,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1188)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(668)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\bcmntray.exe
c:\program files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2010-07-30 22:13:45 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-31 02:13

Pre-Run: 12,789,178,368 bytes free
Post-Run: 12,818,198,528 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 09A616CB9E7C7F133CA58B261B57B0B2

vtflee
Intermediate
Intermediate

Status :
Online
Offline

Posts : 61
Joined : 2008-11-27
OS : Windows XP Media Center

View user profile

Back to top Go down

Re: HTTPS Tidserv Request 2

Post by Belahzur on Sat Jul 31, 2010 11:19 pm

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    KILLALL::

    Driver::
    fyopctqy

    FCopy::
     c:\windows\ServicePackFiles\i386\termsrv.dll | c:\windows\system32\termsrv.dll
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: HTTPS Tidserv Request 2

Post by vtflee on Sun Aug 01, 2010 12:08 am

ComboFix 10-07-30.01 - Francisco Lee 07/31/2010 19:44:58.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.501 [GMT -4:00]
Running from: c:\documents and settings\Francisco Lee\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Francisco Lee\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\termsrv.dll --> c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_fyopctqy


((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-31 )))))))))))))))))))))))))))))))
.

2010-07-31 01:26 . 2010-07-31 01:26 -------- d-----w- C:\found.004
2010-07-24 15:49 . 2010-07-24 15:49 54632 ----a-w- c:\documents and settings\Francisco Lee\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-24 15:35 . 2010-07-24 15:34 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-24 15:23 . 2010-07-24 15:23 -------- d-----w- C:\found.003
2010-07-23 14:10 . 2010-07-23 14:10 -------- d-----w- C:\found.002
2010-07-23 04:55 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-07-23 04:55 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-07-23 04:55 . 2009-05-11 16:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-07-23 04:55 . 2009-05-11 16:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-07-23 04:55 . 2010-07-23 04:55 -------- d-----w- c:\program files\Avira
2010-07-23 04:55 . 2010-07-23 04:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-07-22 18:09 . 2010-07-22 18:09 -------- d-----w- C:\found.001
2010-07-22 14:59 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-22 14:59 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-22 14:58 . 2010-07-22 14:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-22 00:45 . 2010-07-22 00:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-22 00:29 . 2010-07-22 00:29 -------- d-----w- C:\found.000
2010-07-20 23:16 . 2010-07-20 23:16 -------- d-----w- c:\documents and settings\Francisco Lee\Application Data\80549D4BAC8408491A18543EEB42DDBD
2010-07-16 21:20 . 2010-07-16 21:20 -------- d-----w- c:\documents and settings\Francisco Lee\Local Settings\Application Data\Unity
2010-07-16 07:00 . 2010-07-16 07:00 -------- d-----w- c:\program files\MSXML 4.0
2010-07-15 05:39 . 2010-07-15 05:41 -------- d-----w- c:\documents and settings\Francisco Lee\Application Data\ooVoo Details
2010-07-15 05:29 . 2010-07-15 05:29 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-07-15 05:29 . 2010-07-31 00:46 -------- d-----w- c:\documents and settings\Francisco Lee\Application Data\skypePM
2010-07-15 05:24 . 2010-07-31 02:11 -------- d-----w- c:\documents and settings\Francisco Lee\Application Data\Skype
2010-07-15 05:22 . 2010-07-15 05:22 -------- d-----w- c:\program files\Common Files\Skype
2010-07-15 05:22 . 2010-07-15 05:23 -------- d-----r- c:\program files\Skype
2010-07-15 05:21 . 2010-07-15 05:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-07-15 05:07 . 2010-07-15 05:08 -------- d-----w- c:\documents and settings\Francisco Lee\Local Settings\Application Data\Temp
2010-07-15 05:07 . 2010-07-15 05:08 -------- d-----w- c:\documents and settings\Francisco Lee\Local Settings\Application Data\Google
2010-07-15 04:50 . 2008-04-13 18:39 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2010-07-15 04:50 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-07-15 04:50 . 2008-04-13 18:46 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2010-07-15 04:50 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-07-15 04:50 . 2008-04-13 18:46 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2010-07-15 04:50 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2010-07-15 04:50 . 2008-04-13 18:46 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2010-07-15 04:50 . 2008-04-13 18:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2010-07-15 04:50 . 2008-04-13 18:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-07-15 04:50 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2010-07-15 04:49 . 2008-04-13 18:46 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2010-07-15 04:49 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2010-07-15 04:49 . 2008-04-13 18:46 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2010-07-15 04:49 . 2008-04-13 18:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2010-07-15 04:48 . 2008-04-14 00:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-07-15 04:48 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-07-15 04:28 . 2007-02-03 14:32 1939360 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2010-07-15 04:28 . 2007-02-03 14:29 264992 ----a-w- c:\windows\system32\lvcodec2.dll
2010-07-15 04:28 . 2003-02-21 08:42 348160 ----a-w- c:\windows\system\msvcr71.dll
2010-07-15 04:28 . 2007-02-03 14:32 527136 ----a-w- c:\windows\system32\LVUI2RC.dll
2010-07-15 04:28 . 2007-02-03 14:32 215840 ----a-w- c:\windows\system32\LVUI2.dll
2010-07-15 04:28 . 2007-02-03 14:30 1507232 ----a-w- c:\windows\system32\drivers\lvpopflt.sys
2010-07-15 04:28 . 2007-02-03 13:01 13398 ----a-w- c:\windows\system32\Repository.reg
2010-07-15 04:28 . 2007-02-03 14:33 22560 ----a-w- c:\windows\system32\drivers\lvuvcflt.sys
2010-07-15 04:28 . 2007-02-03 14:32 41504 ----a-w- c:\windows\system32\drivers\LVUSBSta.sys
2010-07-15 04:28 . 2007-02-03 14:29 129824 ----a-w- c:\windows\system32\lvci1051.dll
2010-07-15 04:26 . 2010-07-15 04:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2010-07-15 04:26 . 2010-07-15 04:48 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-07-15 04:21 . 2010-07-15 04:26 -------- d-----w- c:\program files\Logitech
2010-07-15 03:46 . 2010-07-15 03:46 -------- d-----w- c:\documents and settings\Francisco Lee\Local Settings\Application Data\LogiShrd
2010-07-15 03:45 . 2010-07-15 03:45 -------- d-----w- c:\documents and settings\Francisco Lee\Application Data\Leadertech
2010-07-15 03:41 . 2010-07-15 03:41 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-07-15 03:23 . 2008-04-13 18:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-07-15 03:23 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-07-14 11:51 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-31 23:57 . 2009-03-23 16:38 117760 ----a-w- c:\documents and settings\Francisco Lee\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-25 22:31 . 2010-07-15 04:49 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-07-22 15:00 . 2009-03-07 03:22 -------- d-----w- c:\documents and settings\Francisco Lee\Application Data\Malwarebytes
2010-07-22 00:44 . 2007-03-29 06:30 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-21 18:07 . 2010-03-09 04:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-21 18:06 . 2010-03-09 04:10 -------- d-----w- c:\program files\SpywareBlaster
2010-07-15 04:30 . 2010-07-15 04:30 10134 ----a-r- c:\documents and settings\Francisco Lee\Application Data\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe
2010-07-15 04:29 . 2010-07-15 04:29 10134 ----a-r- c:\documents and settings\Francisco Lee\Application Data\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe
2010-07-15 04:29 . 2010-07-15 04:29 10134 ----a-r- c:\documents and settings\Francisco Lee\Application Data\Microsoft\Installer\{EA516024-D84D-41F1-814F-83175A6188F2}\ARPPRODUCTICON.exe
2010-07-15 04:27 . 2006-06-05 19:35 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-14 14:31 . 2006-06-05 18:46 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-11 20:51 . 2010-06-11 20:51 3055600 ----a-w- c:\documents and settings\Francisco Lee\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-06-11 20:36 . 2010-06-11 20:36 275952 ----a-w- c:\documents and settings\Francisco Lee\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-06-11 08:46 . 2008-08-18 12:22 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-24 05:41 . 2010-05-24 05:41 503808 ----a-w- c:\documents and settings\Francisco Lee\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5d605c38-n\msvcp71.dll
2010-05-24 05:41 . 2010-05-24 05:41 499712 ----a-w- c:\documents and settings\Francisco Lee\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5d605c38-n\jmc.dll
2010-05-24 05:41 . 2010-05-24 05:41 348160 ----a-w- c:\documents and settings\Francisco Lee\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5d605c38-n\msvcr71.dll
2010-05-24 05:41 . 2010-05-24 05:41 61440 ----a-w- c:\documents and settings\Francisco Lee\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-39e02bdd-n\decora-sse.dll
2010-05-24 05:41 . 2010-05-24 05:41 12800 ----a-w- c:\documents and settings\Francisco Lee\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-39e02bdd-n\decora-d3d.dll
2010-05-06 10:41 . 2004-08-10 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-29 1830128]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google Update"="c:\documents and settings\Francisco Lee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-07-15 136176]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\bcmntray" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-03-12 3067904]
"nwiz"="nwiz.exe" [2004-03-12 753664]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-01-13 69632]
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-01-13 757760]
"RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-01-09 253952]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-11-29 583048]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-29 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 15:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Francisco Lee\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/30/2007 4:40 PM 646392]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [2/2/2010 8:23 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [2/2/2010 8:23 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [2/2/2010 8:23 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100730.001\IDSXpx86.sys [7/31/2010 7:39 PM 331640]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2009 11:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2009 11:43 AM 55024]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2/2/2010 8:22 PM 117640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/15/2009 11:42 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/30/2010 7:35 PM 102448]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2009 11:43 AM 7408]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/23/2010 12:55 AM 135336]
S3 EraserUtilDrv10615;EraserUtilDrv10615;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10615.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10615.sys [?]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [1/12/2010 9:01 PM 14424]
.
Contents of the 'Scheduled Tasks' folder

2010-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-117609710-1801674531-1003Core.job
- c:\documents and settings\Francisco Lee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-15 05:07]

2010-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-117609710-1801674531-1003UA.job
- c:\documents and settings\Francisco Lee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-15 05:07]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: { - c:\documents and settings\All Users\Start Menu\Programs\absoƖute Poker\absoƖute Poker.lnk
FF - ProfilePath - c:\documents and settings\Francisco Lee\Application Data\Mozilla\Firefox\Profiles\e59ng5xf.default\
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Francisco Lee\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Francisco Lee\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\Francisco Lee\Application Data\Mozilla\Firefox\Profiles\e59ng5xf.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\documents and settings\Francisco Lee\Application Data\Mozilla\Firefox\Profiles\e59ng5xf.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\Francisco Lee\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Francisco Lee\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\Francisco Lee\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\Francisco Lee\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-31 19:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x8737F7B8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf789af28
\Driver\ACPI -> ACPI.sys @ 0xf76fbcb8
\Driver\atapi -> atapi.sys @ 0xf7672b40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
NDIS: Broadcom 802.11b/g WLAN -> SendCompleteHandler -> NDIS.sys @ 0xf752cbb0
PacketIndicateHandler -> NDIS.sys @ 0xf751ba0d
SendHandler -> NDIS.sys @ 0xf752fb40
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360]
"ImagePath"=""c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe" /s "N360" /m "c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,77,f8,99,60,9b,06,87,47,b3,fa,bc,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,77,f8,99,60,9b,06,87,47,b3,fa,bc,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1244)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(5484)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\bcmntray.exe
c:\program files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2010-07-31 20:04:46 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-01 00:04
ComboFix2.txt 2010-07-31 02:13

Pre-Run: 12,806,123,520 bytes free
Post-Run: 12,790,206,464 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - FD21E53BB1EF5667B5A00897E4AC8B8C

vtflee
Intermediate
Intermediate

Status :
Online
Offline

Posts : 61
Joined : 2008-11-27
OS : Windows XP Media Center

View user profile

Back to top Go down

Re: HTTPS Tidserv Request 2

Post by Belahzur on Sun Aug 01, 2010 12:18 am

Hello.
Another infection has snuck in.


  • Download [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: HTTPS Tidserv Request 2

Post by vtflee on Sun Aug 01, 2010 12:32 am

I get an Error Message when I run "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

Valid command line parameters
-| (path to log file)
-qpath (path to quarantine file)
-qall (copy all objects to quarantine)
-qsus (copy all suspicious objects to quarantine)
-qmbr (copy all mbr to quarantine)

Am I doing something wrong?

vtflee
Intermediate
Intermediate

Status :
Online
Offline

Posts : 61
Joined : 2008-11-27
OS : Windows XP Media Center

View user profile

Back to top Go down

Re: HTTPS Tidserv Request 2

Post by Belahzur on Sun Aug 01, 2010 5:18 pm

Nevermind, use this version of TDSSKiller instead.

Please download TDSSKiller from [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: HTTPS Tidserv Request 2

Post by vtflee on Sun Aug 01, 2010 6:25 pm

2010/08/01 14:21:30.0270 TDSS rootkit removing tool 2.4.0.0 Jul 22 2010 16:09:49
2010/08/01 14:21:30.0270 ================================================================================
2010/08/01 14:21:30.0270 SystemInfo:
2010/08/01 14:21:30.0270
2010/08/01 14:21:30.0270 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/01 14:21:30.0270 Product type: Workstation
2010/08/01 14:21:30.0270 ComputerName: FRANCISC-ED200B
2010/08/01 14:21:30.0270 UserName: Francisco Lee
2010/08/01 14:21:30.0270 Windows directory: C:\WINDOWS
2010/08/01 14:21:30.0270 System windows directory: C:\WINDOWS
2010/08/01 14:21:30.0270 Processor architecture: Intel x86
2010/08/01 14:21:30.0270 Number of processors: 2
2010/08/01 14:21:30.0270 Page size: 0x1000
2010/08/01 14:21:30.0270 Boot type: Normal boot
2010/08/01 14:21:30.0270 ================================================================================
2010/08/01 14:22:05.0989 Initialize success
2010/08/01 14:22:22.0614 ================================================================================
2010/08/01 14:22:22.0614 Scan started
2010/08/01 14:22:22.0614 Mode: Manual;
2010/08/01 14:22:22.0614 ================================================================================
2010/08/01 14:22:25.0974 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/01 14:22:26.0474 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/08/01 14:22:28.0364 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/01 14:22:30.0099 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/08/01 14:22:30.0864 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/01 14:22:30.0911 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/08/01 14:22:31.0599 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/08/01 14:22:31.0849 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/01 14:22:32.0036 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/01 14:22:32.0177 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/01 14:22:32.0520 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/01 14:22:33.0177 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2010/08/01 14:22:33.0630 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2010/08/01 14:22:34.0333 BCM43XX (c1813dfc127ab556f31b2dfc5517c4c7) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/08/01 14:22:34.0489 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/01 14:22:35.0270 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys
2010/08/01 14:22:36.0067 CAMCAUD (5a94e9d6e2716e38183959d8f4c2a5a9) C:\WINDOWS\system32\drivers\camcaud.sys
2010/08/01 14:22:36.0833 CAMCHALA (e7e737bc125d6beb50669ff4b61ced19) C:\WINDOWS\system32\drivers\camchal.sys
2010/08/01 14:22:37.0067 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/01 14:22:37.0333 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/08/01 14:22:37.0880 ccHP (8973ff34b83572d867b5b928905ad5ac) C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys
2010/08/01 14:22:38.0786 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/01 14:22:39.0661 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/01 14:22:40.0005 Cdr4_xp (837eef65af62d4e8a37c41d3879f7274) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2010/08/01 14:22:40.0239 Cdralw2k (579da2f9f5401f55dae2cf8779d61dfc) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2010/08/01 14:22:40.0458 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/01 14:22:40.0599 cdudf_xp (a19f8c660426e02aa99af1ed3d0dcb1c) C:\WINDOWS\system32\drivers\cdudf_xp.sys
2010/08/01 14:22:40.0724 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/08/01 14:22:40.0927 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/08/01 14:22:41.0270 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/01 14:22:41.0552 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/01 14:22:41.0677 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/01 14:22:41.0708 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/01 14:22:41.0739 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/01 14:22:41.0802 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/01 14:22:41.0849 dvd_2K (943873bf94e372b78ab0b0631069ac2b) C:\WINDOWS\system32\drivers\dvd_2K.sys
2010/08/01 14:22:42.0192 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/08/01 14:22:42.0630 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/08/01 14:22:42.0958 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/01 14:22:43.0161 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/08/01 14:22:43.0567 FilterService (5c329e2ab8dd62310213cbfac0178539) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2010/08/01 14:22:44.0177 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/01 14:22:44.0708 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/08/01 14:22:45.0083 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/08/01 14:22:45.0208 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/01 14:22:45.0302 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/01 14:22:45.0692 GEARAspiWDM (df6e37b27a9a1a498c6d9f29995b7a03) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/08/01 14:22:45.0927 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/01 14:22:46.0020 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/01 14:22:46.0083 HSFHWICH (2d9f10d6e7baa20c4526ce6a16444581) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2010/08/01 14:22:46.0161 HSF_DP (2d566a7f0b4c54b417ac637cb608444b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/08/01 14:22:46.0349 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/01 14:22:46.0442 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/01 14:22:46.0692 IDSxpx86 (231c3f6d5c520e99924e1e37401a90c4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100730.001\IDSxpx86.sys
2010/08/01 14:22:46.0770 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/01 14:22:46.0895 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/08/01 14:22:46.0911 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/01 14:22:46.0989 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/08/01 14:22:47.0052 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/01 14:22:47.0130 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/01 14:22:47.0177 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/01 14:22:47.0224 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/01 14:22:47.0411 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2010/08/01 14:22:47.0536 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/01 14:22:47.0630 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/01 14:22:47.0661 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/01 14:22:47.0724 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/08/01 14:22:47.0770 klmd24 (6485ad0a17a0d6286b4d44c652adabb2) C:\WINDOWS\system32\drivers\klmd.sys
2010/08/01 14:22:47.0817 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/01 14:22:47.0895 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/01 14:22:48.0052 LVcKap (9a3d4fc6b86e7e36473079ab76ac703d) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
2010/08/01 14:22:48.0255 LVMVDrv (0acbc11f19320af6c19f2e20013d9095) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
2010/08/01 14:22:48.0489 lvpopflt (e8acf6dd83956fb63ceb058d5f51b18a) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
2010/08/01 14:22:48.0599 LVUSBSta (64bc29c3a0388bfc580bb8b1346f7659) C:\WINDOWS\system32\drivers\LVUSBSta.sys
2010/08/01 14:22:48.0677 LVUVC (922be6770499220dc27b529ca236815a) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2010/08/01 14:22:48.0911 mdmxsdk (b72d7ea394d5f1c5053368783ad7f7ed) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/08/01 14:22:49.0005 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2010/08/01 14:22:49.0067 mmc_2K (18032034b88c7f9e9068df91ab3ae968) C:\WINDOWS\system32\drivers\mmc_2K.sys
2010/08/01 14:22:49.0130 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/01 14:22:49.0192 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/01 14:22:49.0239 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/01 14:22:49.0395 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/01 14:22:49.0505 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/01 14:22:49.0552 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/01 14:22:49.0599 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/01 14:22:49.0630 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/01 14:22:49.0661 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/01 14:22:49.0708 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/01 14:22:49.0755 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/01 14:22:49.0786 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/01 14:22:49.0833 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/08/01 14:22:49.0880 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/01 14:22:49.0942 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/08/01 14:22:50.0286 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100731.002\NAVENG.SYS
2010/08/01 14:22:50.0630 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100731.002\NAVEX15.SYS
2010/08/01 14:22:50.0770 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/01 14:22:50.0817 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/08/01 14:22:50.0880 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/01 14:22:50.0911 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/01 14:22:50.0958 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/01 14:22:50.0989 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/01 14:22:51.0036 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/01 14:22:51.0067 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/01 14:22:51.0130 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/08/01 14:22:51.0161 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/01 14:22:51.0177 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
2010/08/01 14:22:51.0239 NSNDIS5 (53f7546e8daefb3a0813f5e19c4613c9) C:\WINDOWS\system32\NSNDIS5.SYS
2010/08/01 14:22:51.0458 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/01 14:22:51.0489 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/01 14:22:51.0630 nv (06500516671f54f74672d99a6b26950d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/08/01 14:22:51.0786 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/01 14:22:51.0849 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/01 14:22:51.0895 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/08/01 14:22:51.0958 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/08/01 14:22:52.0005 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/01 14:22:52.0067 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/01 14:22:52.0177 pbfilter (65fb0c4aa30d84849e0e4c97cb5501ce) C:\Program Files\PeerBlock\pbfilter.sys
2010/08/01 14:22:52.0552 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/01 14:22:52.0599 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/01 14:22:52.0630 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/08/01 14:22:52.0786 pgfilter (2ee7f9a01fac4d7c5516a5c3ce130fd7) C:\Program Files\PeerGuardian2\pgfilter.sys
2010/08/01 14:22:52.0864 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/01 14:22:52.0927 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/01 14:22:52.0989 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/01 14:22:53.0052 pwd_2k (4f1948a73db89ee4b34feeedd6745ee1) C:\WINDOWS\system32\drivers\pwd_2k.sys
2010/08/01 14:22:53.0099 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/08/01 14:22:53.0208 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/01 14:22:53.0317 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2010/08/01 14:22:53.0520 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/01 14:22:53.0583 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/01 14:22:53.0630 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/01 14:22:53.0692 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/01 14:22:53.0724 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/01 14:22:53.0802 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/08/01 14:22:53.0864 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/01 14:22:53.0911 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/01 14:22:53.0989 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/08/01 14:22:54.0114 SASDIFSV (bfbc4be8d6ac6d33ad93f3f5f2e11499) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/08/01 14:22:54.0208 SASENUM (e9c2d75c748c3f0a4c34d6cf2ae1d754) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2010/08/01 14:22:54.0286 SASKUTIL (64c100dbf57c6cb6e7d5d24153f5e444) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2010/08/01 14:22:54.0489 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/01 14:22:54.0567 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/08/01 14:22:54.0614 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/01 14:22:54.0692 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/08/01 14:22:54.0739 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/01 14:22:54.0817 sptd (e8b705f9abe446aaf7a315ef8b4aea5a) C:\WINDOWS\system32\Drivers\sptd.sys
2010/08/01 14:22:54.0817 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: e8b705f9abe446aaf7a315ef8b4aea5a
2010/08/01 14:22:54.0817 sptd - detected Locked file (1)
2010/08/01 14:22:54.0911 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/01 14:22:55.0020 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS
2010/08/01 14:22:55.0114 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS
2010/08/01 14:22:55.0224 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/01 14:22:55.0286 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2010/08/01 14:22:55.0380 StreamDispatcher (3e5aa17e13fba9969d17b5455bde8efd) C:\WINDOWS\system32\DRIVERS\strmdisp.sys
2010/08/01 14:22:55.0458 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/08/01 14:22:55.0567 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/01 14:22:55.0599 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/01 14:22:55.0724 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS
2010/08/01 14:22:56.0052 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2010/08/01 14:22:56.0286 SYMFW (1e825026436c4eac3e1a11d1e9c33f2c) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS
2010/08/01 14:22:56.0395 SYMIDS (7a20b7d774ef0f16cf81b898bfeca772) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS
2010/08/01 14:22:56.0505 SymIM (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
2010/08/01 14:22:56.0536 SymIMMP (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
2010/08/01 14:22:56.0614 SYMNDIS (5ab7d00ea6b7a6fcd5067c632ec6f039) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS
2010/08/01 14:22:56.0677 SYMTDI (e4fa8bbb96e314e9508865de1a767538) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS
2010/08/01 14:22:56.0802 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/01 14:22:56.0880 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/01 14:22:56.0911 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/01 14:22:56.0974 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/01 14:22:57.0020 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/01 14:22:57.0130 UdfReadr_xp (37148e648e0f3a6694040fd9f80941b7) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
2010/08/01 14:22:57.0208 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/01 14:22:57.0380 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/01 14:22:57.0520 USBAAPL (df38374e12e73c25b37b6f8a9b8622ef) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/08/01 14:22:57.0630 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/08/01 14:22:57.0692 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/01 14:22:57.0755 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/01 14:22:57.0786 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/01 14:22:57.0833 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/08/01 14:22:57.0880 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/01 14:22:57.0942 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/01 14:22:58.0005 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/01 14:22:58.0083 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/01 14:22:58.0114 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/01 14:22:58.0177 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/01 14:22:58.0349 winachsf (88a5f20c6c221e50f01c00d8235db8c4) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/08/01 14:22:58.0677 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/08/01 14:22:58.0724 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/08/01 14:22:58.0770 ================================================================================
2010/08/01 14:22:58.0770 Scan finished
2010/08/01 14:22:58.0770 ================================================================================
2010/08/01 14:22:58.0786 Detected object count: 1
2010/08/01 14:23:15.0677 Locked file(sptd) - User select action: Skip
2010/08/01 14:23:25.0958 ================================================================================
2010/08/01 14:23:25.0958 Scan started
2010/08/01 14:23:25.0958 Mode: Manual;
2010/08/01 14:23:25.0958 ================================================================================
2010/08/01 14:23:26.0567 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/01 14:23:26.0599 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/08/01 14:23:26.0645 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/01 14:23:26.0692 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/08/01 14:23:26.0724 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/01 14:23:26.0755 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/08/01 14:23:26.0833 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/08/01 14:23:26.0911 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/01 14:23:26.0989 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/01 14:23:27.0020 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/01 14:23:27.0067 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/01 14:23:27.0208 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2010/08/01 14:23:27.0255 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2010/08/01 14:23:27.0349 BCM43XX (c1813dfc127ab556f31b2dfc5517c4c7) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/08/01 14:23:27.0474 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/01 14:23:27.0583 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys
2010/08/01 14:23:27.0645 CAMCAUD (5a94e9d6e2716e38183959d8f4c2a5a9) C:\WINDOWS\system32\drivers\camcaud.sys
2010/08/01 14:23:27.0708 CAMCHALA (e7e737bc125d6beb50669ff4b61ced19) C:\WINDOWS\system32\drivers\camchal.sys
2010/08/01 14:23:27.0755 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/01 14:23:27.0802 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/08/01 14:23:27.0849 ccHP (8973ff34b83572d867b5b928905ad5ac) C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys
2010/08/01 14:23:27.0942 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/01 14:23:27.0989 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/01 14:23:28.0020 Cdr4_xp (837eef65af62d4e8a37c41d3879f7274) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2010/08/01 14:23:28.0036 Cdralw2k (579da2f9f5401f55dae2cf8779d61dfc) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2010/08/01 14:23:28.0083 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/01 14:23:28.0114 cdudf_xp (a19f8c660426e02aa99af1ed3d0dcb1c) C:\WINDOWS\system32\drivers\cdudf_xp.sys
2010/08/01 14:23:28.0161 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/08/01 14:23:28.0192 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/08/01 14:23:28.0270 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/01 14:23:28.0333 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/01 14:23:28.0395 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/01 14:23:28.0411 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/01 14:23:28.0505 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/01 14:23:28.0536 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/01 14:23:28.0567 dvd_2K (943873bf94e372b78ab0b0631069ac2b) C:\WINDOWS\system32\drivers\dvd_2K.sys
2010/08/01 14:23:28.0677 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/08/01 14:23:28.0724 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/08/01 14:23:28.0755 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/01 14:23:28.0786 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/08/01 14:23:28.0802 FilterService (5c329e2ab8dd62310213cbfac0178539) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2010/08/01 14:23:28.0833 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/01 14:23:28.0880 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/08/01 14:23:28.0942 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/08/01 14:23:29.0005 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/01 14:23:29.0036 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/01 14:23:29.0083 GEARAspiWDM (df6e37b27a9a1a498c6d9f29995b7a03) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/08/01 14:23:29.0114 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/01 14:23:29.0130 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/01 14:23:29.0192 HSFHWICH (2d9f10d6e7baa20c4526ce6a16444581) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2010/08/01 14:23:29.0270 HSF_DP (2d566a7f0b4c54b417ac637cb608444b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/08/01 14:23:29.0380 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/01 14:23:29.0489 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/01 14:23:29.0692 IDSxpx86 (231c3f6d5c520e99924e1e37401a90c4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100730.001\IDSxpx86.sys
2010/08/01 14:23:29.0708 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/01 14:23:29.0755 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/08/01 14:23:29.0770 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/01 14:23:29.0817 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/08/01 14:23:29.0895 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/01 14:23:29.0927 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/01 14:23:29.0989 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/01 14:23:30.0036 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/01 14:23:30.0052 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2010/08/01 14:23:30.0083 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/01 14:23:30.0114 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/01 14:23:30.0130 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/01 14:23:30.0145 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/08/01 14:23:30.0192 klmd24 (6485ad0a17a0d6286b4d44c652adabb2) C:\WINDOWS\system32\drivers\klmd.sys
2010/08/01 14:23:30.0239 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/01 14:23:30.0270 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/01 14:23:30.0395 LVcKap (9a3d4fc6b86e7e36473079ab76ac703d) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
2010/08/01 14:23:30.0583 LVMVDrv (0acbc11f19320af6c19f2e20013d9095) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
2010/08/01 14:23:30.0692 lvpopflt (e8acf6dd83956fb63ceb058d5f51b18a) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
2010/08/01 14:23:30.0817 LVUSBSta (64bc29c3a0388bfc580bb8b1346f7659) C:\WINDOWS\system32\drivers\LVUSBSta.sys
2010/08/01 14:23:31.0067 LVUVC (922be6770499220dc27b529ca236815a) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2010/08/01 14:23:31.0177 mdmxsdk (b72d7ea394d5f1c5053368783ad7f7ed) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/08/01 14:23:31.0224 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2010/08/01 14:23:31.0364 mmc_2K (18032034b88c7f9e9068df91ab3ae968) C:\WINDOWS\system32\drivers\mmc_2K.sys
2010/08/01 14:23:31.0474 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/01 14:23:31.0708 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/01 14:23:31.0786 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/01 14:23:32.0020 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/01 14:23:32.0036 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/01 14:23:32.0067 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/01 14:23:32.0114 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/01 14:23:32.0145 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/01 14:23:32.0177 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/01 14:23:32.0208 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/01 14:23:32.0239 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/01 14:23:32.0302 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/01 14:23:32.0380 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/08/01 14:23:32.0411 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/01 14:23:32.0458 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/08/01 14:23:32.0583 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100731.002\NAVENG.SYS
2010/08/01 14:23:32.0677 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100731.002\NAVEX15.SYS
2010/08/01 14:23:32.0755 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/01 14:23:32.0786 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/08/01 14:23:32.0864 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/01 14:23:32.0895 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/01 14:23:32.0911 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/01 14:23:32.0958 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/01 14:23:33.0020 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/01 14:23:33.0083 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/01 14:23:33.0114 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/08/01 14:23:33.0145 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/01 14:23:33.0161 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
2010/08/01 14:23:33.0208 NSNDIS5 (53f7546e8daefb3a0813f5e19c4613c9) C:\WINDOWS\system32\NSNDIS5.SYS
2010/08/01 14:23:33.0317 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/01 14:23:33.0380 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/01 14:23:33.0489 nv (06500516671f54f74672d99a6b26950d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/08/01 14:23:33.0567 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/01 14:23:33.0599 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/01 14:23:33.0661 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/08/01 14:23:33.0708 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/08/01 14:23:33.0770 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/01 14:23:33.0786 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/01 14:23:33.0880 pbfilter (65fb0c4aa30d84849e0e4c97cb5501ce) C:\Program Files\PeerBlock\pbfilter.sys
2010/08/01 14:23:33.0911 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/01 14:23:33.0989 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/01 14:23:34.0052 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/08/01 14:23:34.0224 pgfilter (2ee7f9a01fac4d7c5516a5c3ce130fd7) C:\Program Files\PeerGuardian2\pgfilter.sys
2010/08/01 14:23:34.0270 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/01 14:23:34.0349 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/01 14:23:34.0380 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/01 14:23:34.0427 pwd_2k (4f1948a73db89ee4b34feeedd6745ee1) C:\WINDOWS\system32\drivers\pwd_2k.sys
2010/08/01 14:23:34.0458 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/08/01 14:23:34.0536 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/01 14:23:34.0599 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2010/08/01 14:23:34.0614 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/01 14:23:34.0645 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/01 14:23:34.0708 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/01 14:23:34.0755 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/01 14:23:34.0786 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/01 14:23:34.0833 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/08/01 14:23:34.0880 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/01 14:23:34.0911 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/01 14:23:34.0958 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/08/01 14:23:35.0083 SASDIFSV (bfbc4be8d6ac6d33ad93f3f5f2e11499) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/08/01 14:23:35.0114 SASENUM (e9c2d75c748c3f0a4c34d6cf2ae1d754) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2010/08/01 14:23:35.0161 SASKUTIL (64c100dbf57c6cb6e7d5d24153f5e444) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2010/08/01 14:23:35.0270 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/01 14:23:35.0317 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/08/01 14:23:35.0349 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/01 14:23:35.0411 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/08/01 14:23:35.0442 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/01 14:23:35.0505 sptd (e8b705f9abe446aaf7a315ef8b4aea5a) C:\WINDOWS\system32\Drivers\sptd.sys
2010/08/01 14:23:35.0505 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: e8b705f9abe446aaf7a315ef8b4aea5a
2010/08/01 14:23:35.0505 sptd - detected Locked file (1)
2010/08/01 14:23:35.0583 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/01 14:23:35.0677 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS
2010/08/01 14:23:35.0755 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS
2010/08/01 14:23:35.0833 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/01 14:23:35.0864 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2010/08/01 14:23:35.0911 StreamDispatcher (3e5aa17e13fba9969d17b5455bde8efd) C:\WINDOWS\system32\DRIVERS\strmdisp.sys
2010/08/01 14:23:35.0974 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/08/01 14:23:36.0020 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/01 14:23:36.0036 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/01 14:23:36.0114 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS
2010/08/01 14:23:36.0224 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2010/08/01 14:23:36.0317 SYMFW (1e825026436c4eac3e1a11d1e9c33f2c) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS
2010/08/01 14:23:36.0380 SYMIDS (7a20b7d774ef0f16cf81b898bfeca772) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS
2010/08/01 14:23:36.0411 SymIM (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
2010/08/01 14:23:36.0427 SymIMMP (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
2010/08/01 14:23:36.0442 SYMNDIS (5ab7d00ea6b7a6fcd5067c632ec6f039) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS
2010/08/01 14:23:36.0489 SYMTDI (e4fa8bbb96e314e9508865de1a767538) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS
2010/08/01 14:23:36.0536 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/01 14:23:36.0614 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/01 14:23:36.0802 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/01 14:23:36.0864 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/01 14:23:37.0005 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/01 14:23:37.0099 UdfReadr_xp (37148e648e0f3a6694040fd9f80941b7) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
2010/08/01 14:23:37.0114 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/01 14:23:37.0192 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/01 14:23:37.0239 USBAAPL (df38374e12e73c25b37b6f8a9b8622ef) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/08/01 14:23:37.0317 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/08/01 14:23:37.0349 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/01 14:23:37.0364 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/01 14:23:37.0411 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/01 14:23:37.0458 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/08/01 14:23:37.0536 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/01 14:23:37.0567 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/01 14:23:37.0614 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/01 14:23:37.0645 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/01 14:23:37.0677 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/01 14:23:37.0724 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/01 14:23:37.0786 winachsf (88a5f20c6c221e50f01c00d8235db8c4) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/08/01 14:23:37.0849 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/08/01 14:23:37.0895 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/08/01 14:23:37.0911 ================================================================================
2010/08/01 14:23:37.0911 Scan finished
2010/08/01 14:23:37.0911 ================================================================================
2010/08/01 14:23:37.0927 Detected object count: 1
2010/08/01 14:23:44.0661 Locked file(sptd) - User select action: Skip


vtflee
Intermediate
Intermediate

Status :
Online
Offline

Posts : 61
Joined : 2008-11-27
OS : Windows XP Media Center

View user profile

Back to top Go down

Re: HTTPS Tidserv Request 2

Post by Belahzur on Sun Aug 01, 2010 8:25 pm

Hmm.

Download [You must be registered and logged in to see this link.] to your Desktop.

  • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: [You must be registered and logged in to see this link.]
  • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL C
  • Open a Notepad and press CTRL V
  • Post the output back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: HTTPS Tidserv Request 2

Post by vtflee on Sun Aug 01, 2010 11:01 pm

Bootkit Remover
(c) 2009 eSage Lab
[You must be registered and logged in to see this link.]

Program version: 1.1.0.0
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...

vtflee
Intermediate
Intermediate

Status :
Online
Offline

Posts : 61
Joined : 2008-11-27
OS : Windows XP Media Center

View user profile

Back to top Go down

Re: HTTPS Tidserv Request 2

Post by vtflee on Tue Aug 03, 2010 6:13 pm

BUMP

vtflee
Intermediate
Intermediate

Status :
Online
Offline

Posts : 61
Joined : 2008-11-27
OS : Windows XP Media Center

View user profile

Back to top Go down

Re: HTTPS Tidserv Request 2

Post by vtflee on Wed Aug 04, 2010 12:46 am

Bootkit Remover
(c) 2009 eSage Lab
[You must be registered and logged in to see this link.]

Program version: 1.1.0.0
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...

vtflee
Intermediate
Intermediate

Status :
Online
Offline

Posts : 61
Joined : 2008-11-27
OS : Windows XP Media Center

View user profile

Back to top Go down

Re: HTTPS Tidserv Request 2

Post by vtflee on Fri Aug 06, 2010 12:48 am

My Norton Antivirus alerted me two days ago that I now have Backdoor.Tidserv!inf in my computer. Please Help!

vtflee
Intermediate
Intermediate

Status :
Online
Offline

Posts : 61
Joined : 2008-11-27
OS : Windows XP Media Center

View user profile

Back to top Go down

Re: HTTPS Tidserv Request 2

Post by Belahzur on Fri Aug 06, 2010 7:49 pm

Please download [You must be registered and logged in to see this link.] and install it. If you already have it, no need to reinstall.

Then, download [You must be registered and logged in to see this link.] and save the setup to your Desktop.

  • Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"
  • Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.
  • Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)
  • It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.
  • Once inside the interface, do not fix anything. Click on the Report tab.
  • Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.
  • It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.
  • When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: HTTPS Tidserv Request 2

Post by vtflee on Sat Aug 07, 2010 9:10 am

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>SSDT State
==============================================
ntoskrnl.exe-->NtAlertResumeThread, Type: Address change 0x80637AD6-->86F5E220 [Unknown module filename]
ntoskrnl.exe-->NtAlertThread, Type: Address change 0x8058395D-->86F51150 [Unknown module filename]
ntoskrnl.exe-->NtAllocateVirtualMemory, Type: Address change 0x80570BC5-->86DB5E78 [Unknown module filename]
ntoskrnl.exe-->NtAssignProcessToJobObject, Type: Address change 0x805E8E34-->86DF57D8 [Unknown module filename]
ntoskrnl.exe-->NtConnectPort, Type: Address change 0x80584D73-->87090FB0 [Unknown module filename]
ntoskrnl.exe-->NtCreateKey, Type: Address change 0x80578710-->F7E133BE [Unknown module filename]
ntoskrnl.exe-->NtCreateMutant, Type: Address change 0x80582EA8-->86D00788 [Unknown module filename]
ntoskrnl.exe-->NtCreateSymbolicLinkObject, Type: Address change 0x805E78DA-->86D3D008 [Unknown module filename]
ntoskrnl.exe-->NtCreateThread, Type: Address change 0x805959DF-->F7E133B4 [Unknown module filename]
ntoskrnl.exe-->NtDebugActiveProcess, Type: Address change 0x80662889-->86DE3340 [Unknown module filename]
ntoskrnl.exe-->NtDeleteKey, Type: Address change 0x80599783-->F7E133C3 [Unknown module filename]
ntoskrnl.exe-->NtDeleteValueKey, Type: Address change 0x805983A2-->F7E133CD [Unknown module filename]
ntoskrnl.exe-->NtDuplicateObject, Type: Address change 0x8057EDE5-->86DB6478 [Unknown module filename]
ntoskrnl.exe-->NtEnumerateKey, Type: Address change 0x8057EC5A-->F772CA92 [sptd.sys]
ntoskrnl.exe-->NtEnumerateValueKey, Type: Address change 0x80594DB6-->F772CE20 [sptd.sys]
ntoskrnl.exe-->NtFreeVirtualMemory, Type: Address change 0x805710BF-->86D46C70 [Unknown module filename]
ntoskrnl.exe-->NtImpersonateAnonymousToken, Type: Address change 0x8059EA22-->86F0EE08 [Unknown module filename]
ntoskrnl.exe-->NtImpersonateThread, Type: Address change 0x8058D42E-->86F5F450 [Unknown module filename]
ntoskrnl.exe-->NtLoadDriver, Type: Address change 0x805AEDE2-->86FD0A70 [Unknown module filename]
ntoskrnl.exe-->NtLoadKey, Type: Address change 0x805D45C5-->F7E133D2 [Unknown module filename]
ntoskrnl.exe-->NtMapViewOfSection, Type: Address change 0x8057A879-->86D46808 [Unknown module filename]
ntoskrnl.exe-->NtOpenEvent, Type: Address change 0x8058E7F1-->872EB3E8 [Unknown module filename]
ntoskrnl.exe-->NtOpenKey, Type: Address change 0x80572BDF-->F7727090 [sptd.sys]
ntoskrnl.exe-->NtOpenProcess, Type: Address change 0x8057F592-->F7E133A0 [Unknown module filename]
ntoskrnl.exe-->NtOpenProcessToken, Type: Address change 0x80578148-->86EE0158 [Unknown module filename]
ntoskrnl.exe-->NtOpenSection, Type: Address change 0x80578DEE-->86E017D8 [Unknown module filename]
ntoskrnl.exe-->NtOpenThread, Type: Address change 0x80584849-->F7E133A5 [Unknown module filename]
ntoskrnl.exe-->NtProtectVirtualMemory, Type: Address change 0x8057F1C3-->86E9E050 [Unknown module filename]
ntoskrnl.exe-->NtQueryKey, Type: Address change 0x8057E85A-->F772CEF8 [sptd.sys]
ntoskrnl.exe-->NtQueryValueKey, Type: Address change 0x80572F19-->F772CD78 [sptd.sys]
ntoskrnl.exe-->NtReplaceKey, Type: Address change 0x806567FE-->F7E133DC [Unknown module filename]
ntoskrnl.exe-->NtRestoreKey, Type: Address change 0x80656395-->F7E133D7 [Unknown module filename]
ntoskrnl.exe-->NtResumeThread, Type: Address change 0x80596056-->86F11070 [Unknown module filename]
ntoskrnl.exe-->NtSetContextThread, Type: Address change 0x80635C83-->86FEDE20 [Unknown module filename]
ntoskrnl.exe-->NtSetInformationProcess, Type: Address change 0x80574B1F-->86DF0C20 [Unknown module filename]
ntoskrnl.exe-->NtSetSystemInformation, Type: Address change 0x805B0A14-->86E76E08 [Unknown module filename]
ntoskrnl.exe-->NtSetValueKey, Type: Address change 0x8057FCE0-->F7E133C8 [Unknown module filename]
ntoskrnl.exe-->NtSuspendProcess, Type: Address change 0x80637A1B-->86F96B30 [Unknown module filename]
ntoskrnl.exe-->NtSuspendThread, Type: Address change 0x80637937-->86F7AB78 [Unknown module filename]
ntoskrnl.exe-->NtTerminateProcess, Type: Address change 0x80593435-->F54F7F20 [C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys]
ntoskrnl.exe-->NtTerminateThread, Type: Address change 0x8059560C-->86EE84A0 [Unknown module filename]
ntoskrnl.exe-->NtUnmapViewOfSection, Type: Address change 0x8057A401-->87060038 [Unknown module filename]
ntoskrnl.exe-->NtWriteVirtualMemory, Type: Address change 0x8058D363-->86E86FC0 [Unknown module filename]
==============================================
>Shadow
==============================================
win32k.sys-->NtUserAttachThreadInput, Type: Address change 0xBF8F556E-->86E86E08 [Unknown module filename]
win32k.sys-->NtUserGetAsyncKeyState, Type: Address change 0xBF83C845-->86FBA638 [Unknown module filename]
win32k.sys-->NtUserGetKeyboardState, Type: Address change 0xBF8A0C8F-->87011AF8 [Unknown module filename]
win32k.sys-->NtUserGetKeyState, Type: Address change 0xBF81C763-->86DE5C70 [Unknown module filename]
win32k.sys-->NtUserGetRawInputData, Type: Address change 0xBF916210-->871A8120 [Unknown module filename]
win32k.sys-->NtUserMessageCall, Type: Address change 0xBF80EE8D-->8719FA00 [Unknown module filename]
win32k.sys-->NtUserPostMessage, Type: Address change 0xBF808306-->86F158D8 [Unknown module filename]
win32k.sys-->NtUserPostThreadMessage, Type: Address change 0xBF8B9E23-->87193258 [Unknown module filename]
win32k.sys-->NtUserSetWindowsHookEx, Type: Address change 0xBF8A0D4F-->86DC0A00 [Unknown module filename]
win32k.sys-->NtUserSetWinEventHook, Type: Address change 0xBF8F98FA-->86D81DA0 [Unknown module filename]
==============================================
>Processes
==============================================
0x873C4490 [4] System
0x86D90BA0 [236] C:\WINDOWS\system32\WLTRYSVC.EXE
0x85F8E020 [252] C:\WINDOWS\system32\BCMWLTRY.EXE (Broadcom Corporation, Broadcom 802.11 Network Adapter Wireless Network Controller)
0x86D64570 [392] C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x86A2F728 [528] C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe (Logitech Inc., Camera Control Interface)
0x85EE7DA0 [536] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86D7F368 [564] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x85F88988 [620] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc., Apple Mobile Device Service)
0x85F5D728 [700] C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation, Automatic LiveUpdate Scheduler Service)
0x86FC6500 [736] C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc., Bonjour Service)
0x86FC5288 [772] C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation, Media Center Receiver Service)
0x85E9C998 [824] C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation, ViewMgr)
0x85EE7B20 [940] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x85F3B900 [1028] C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation, Media Center Scheduler Service)
0x86A66528 [1108] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x871551E8 [1180] C:\Program Files\Java\jre6\bin\jqs.exe (Oracle, Java(TM) Quick Starter Service)
0x862EADA0 [1252] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x8695DDA0 [1276] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x85F2F428 [1300] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation, LiveUpdate Notice Service)
0x86A43950 [1324] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x862FEB78 [1336] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x85FDD728 [1532] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x85FAEB78 [1600] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x85F80020 [1640] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x85F2A020 [1684] C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation, MCRD Device Service)
0x857C1950 [1748] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x85F99B78 [1828] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86D37DA0 [1856] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x85EE72D8 [1948] C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe (Symantec Corporation, Symantec Service Framework)
0x85EE8728 [1988] C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation, NVIDIA Driver Helper Service, Version 54.05)
0x85E8EDA0 [2100] C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Development Company, L.P., hpqwmiex Module)
0x8569F9F0 [2308] C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe (Logitech Inc., LVCom Server)
0x85745DA0 [2772] C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe (Symantec Corporation, Symantec Service Framework)
0x8575EDA0 [2872] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation, Media Center Tray Applet)
0x857405B8 [2924] C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe (Roxio, Inc., Roxio AudioCentral Media Manager Tray App)
0x85E745B8 [2932] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation, LiveUpdate Notice Service)
0x857D3020 [2964] C:\WINDOWS\system32\bcmntray.EXE (Broadcom Corporation, Broadcom 802.11 Network Adapter Wireless Network Tray Applet)
0x85746470 [3020] C:\WINDOWS\ehome\ehmsas.exe (Microsoft Corporation, Media Center Media Status Aggregator Service)
0x857E7A18 [3096] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc., RealNetworks Scheduler)
0x857E2DA0 [3132] C:\Program Files\QuickTime\QTTask.exe (Apple Inc., QuickTime Task)
0x85E5D950 [3196] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc., iTunesHelper Module)
0x85E6C950 [3248] C:\Program Files\Winamp\winampa.exe
0x85E62B28 [3308] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc., Communications Manager)
0x85721728 [3412] C:\WINDOWS\system32\dllhost.exe (Microsoft Corporation, COM Surrogate)
0x86F52DA0 [3416] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe (-, -)
0x85E3EDA0 [3452] C:\Program Files\AIM6\aolsoftware.exe (AOL LLC, AOL)
0x85E39DA0 [3660] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd., Virtual DAEMON Manager)
0x856A7950 [3800] C:\Program Files\AIM6\aim6.exe (AOL LLC, AIM)
0x8569DDA0 [3832] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd., System settings protector)
0x8569B508 [3940] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
0x85FAB740 [4008] C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe (Roxio, Inc., Roxio AudioCentral Media Manager Playlist)
0x85221290 [4136] C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation, Windows Security Center Notification App)
0x856B2738 [4464] C:\Program Files\iPod\bin\iPodService.exe (Apple Inc., iPodService Module (32-bit))
0x85E68020 [4772] C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation, Firefox)
0x857DC020 [4872] C:\WINDOWS\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0x85D48DA0 [5916] C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation, Plugin Container for Firefox)
0x85F33DA0 [6020] C:\Documents and Settings\Francisco Lee\Desktop\RkU3.8.388.590\MustBeRandomlyNamed\V7hwsrksA15.exe (UG North, RKULE, SR2 Normandy)
==============================================
>Drivers
==============================================
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 3772416 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 54.05 )
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2260992 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2260992 bytes
0x804D7000 RAW 2260992 bytes
0x804D7000 WMIxWDM 2260992 bytes
0xF5004000 C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys 1957888 bytes (Logitech Inc., Logitech Machine Vision Engine Loader)
0xF4E2C000 C:\WINDOWS\system32\DRIVERS\lvuvc.sys 1933312 bytes (Logitech Inc., Logitech USB Video Class Driver)
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF4B21000 C:\WINDOWS\system32\DRIVERS\LVcKap.sys 1687552 bytes (-, -)
0xF6CFA000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 1552384 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 54.05 )
0xF4CBD000 C:\WINDOWS\system32\DRIVERS\lvpopflt.sys 1503232 bytes (Logitech Inc., Logitech AudioProcessing Filter Driver)
0xEFD3C000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100806.002\NAVEX15.SYS 1359872 bytes (Symantec Corporation, AV Engine)
0xF69BD000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1110016 bytes (Conexant Systems, Inc., HSF_DP driver)
0xF7726000 PCI_NTPNP4560 892928 bytes
0xF7726000 sptd.sys 892928 bytes
0xF6BF9000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 823296 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0xF6924000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 626688 bytes (Conexant Systems, Inc., WinACHSF driver)
0xF752F000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF52E6000 C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys 503808 bytes (Symantec Corporation, Common Client Hash Provider Driver)
0xF5454000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF53F6000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xF67B3000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF5643000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xF1D1A000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xF555A000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100805.004\IDSxpx86.sys 348160 bytes (Symantec Corporation, IDS Core Driver)
0xF08AE000 C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS 339968 bytes (Symantec Corporation, Symantec AutoProtect)
0xF75D3000 SYMEFA.SYS 323584 bytes (Symantec Corporation, Symantec Extended File Attributes)
0xF68DA000 C:\WINDOWS\System32\Drivers\attw2n3g.SYS 303104 bytes
0xF6B19000 C:\WINDOWS\system32\drivers\camcaud.sys 294912 bytes (Conexant Systems Inc., Conexant WDM AC97 Audio Driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF6B61000 C:\WINDOWS\system32\drivers\camchal.sys 278528 bytes (Conexant Systems Inc., Conexant AmcHal Driver)
0xF52A4000 C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys 270336 bytes (Symantec Corporation, BASH Driver)
0xF1E61000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF572E000 C:\WINDOWS\System32\Drivers\cdudf_xp.SYS 249856 bytes (Roxio, CD-UDF NT Filesystem Driver)
0xF560F000 C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS 212992 bytes (Symantec Corporation, Network Dispatch Driver)
0xF56E9000 C:\WINDOWS\System32\Drivers\UdfReadr_xp.SYS 208896 bytes (Roxio, CD-UDF NT Filesystem Reader Driver)
0xF6839000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF76E0000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF28C7000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7502000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xEFBBD000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF54C4000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF6ACC000 C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys 167936 bytes (Conexant Systems, Inc., HSFHWICH WDM driver)
0xF5532000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF766C000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF55E9000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF55C4000 C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0xF6AF5000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6CC2000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF6BC2000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF5510000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF5282000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 139264 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0xF54EF000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 135168 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806FF000 ACPI_HAL 134400 bytes
0x806FF000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7634000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7692000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF76B1000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF53D9000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xF6BA5000 C:\WINDOWS\System32\Drivers\pwd_2k.SYS 118784 bytes (Roxio, Win2000 Framework for Packet Write Driver)
0xF74E8000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7654000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF4ABE000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF770E000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF75BC000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF687A000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF2BC4000 C:\WINDOWS\system32\DRIVERS\irda.sys 90112 bytes (Microsoft Corporation, IRDA Protocol Driver)
0xF2C52000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0xF55AF000 C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS 86016 bytes (Symantec Corporation, Firewall Filter Driver)
0xF1FC2000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xEFD28000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100806.002\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0xF6BE5000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF6CE6000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF569C000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7622000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF76CF000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6869000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF79A1000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7A01000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF79D1000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF7821000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF7911000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF7A31000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7A11000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF2914000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7991000 C:\WINDOWS\system32\drivers\usbaudio.sys 61440 bytes (Microsoft Corporation, USB Audio Class Driver)
0xF6EC5000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7831000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF7881000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF79E1000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7A91000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7861000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF6F05000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF78A1000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF7941000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF79F1000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7851000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF78C1000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7841000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF6ED5000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7891000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF7931000 C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0xF6EE5000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7871000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF79C1000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7961000 C:\WINDOWS\system32\drivers\LVUSBSta.sys 36864 bytes (Logitech Inc., USB Statistic Driver)
0xF6EF5000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF7921000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF169A000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7901000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7BE1000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF7B81000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7AF1000 C:\WINDOWS\system32\DRIVERS\strmdisp.sys 32768 bytes (Conexant Systems, Inc., Conexant Stream Dispatcher)
0xF7B09000 C:\WINDOWS\system32\DRIVERS\SymIM.sys 32768 bytes (Symantec Corporation, NDIS Intermediate Driver)
0xF7B89000 C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS 32768 bytes (Symantec Corporation, NDIS Filter Driver)
0xF7C11000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF7BB1000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7B69000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7BD1000 C:\WINDOWS\system32\DRIVERS\nscirda.sys 28672 bytes (National Semiconductor Corporation, NSC Fast Infrared Driver.)
0xF7AA1000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7B91000 C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS 28672 bytes (Symantec Corporation, IDS Filter Driver)
0xF7BC1000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7B11000 C:\WINDOWS\System32\Drivers\mmc_2K.SYS 24576 bytes (Roxio, CD-R/RW AddOn MMC Driver (W2K))
0xF7BC9000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7BB9000 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 24576 bytes (Realtek Semiconductor Corporation, Realtek RTL8139 NDIS 5.0 Driver)
0xF7BA1000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF7B99000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xF7BA9000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7B71000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7BD9000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 20480 bytes (GEAR Software Inc., CD DVD Filter)
0xF7B79000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7AA9000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7AF9000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7AD9000 C:\WINDOWS\system32\DRIVERS\rasirda.sys 20480 bytes (Microsoft Corporation, IrDA WAN Miniport Driver)
0xF7B01000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF7C01000 C:\Program Files\SUPERAntiSpyware\SASENUM.SYS 20480 bytes ( SUPERAdBlocker.com and SUPERAntiSpyware.com, SASENUM.SYS)
0xF7AE1000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7B51000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF2C7F000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 16384 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xF7C39000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF74AC000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF579B000 C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys 16384 bytes (Logitech Inc., Logitech USB Video Class Filter Driver)
0xF705E000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF2C73000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7C3D000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xF7C31000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7C35000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xF5365000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF74A8000 C:\WINDOWS\system32\DRIVERS\irenum.sys 12288 bytes (Microsoft Corporation, Infra-Red Bus Enumerator)
0xF1EA2000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF707A000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF6825000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF746B000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xF7DD3000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7D27000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7D53000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7DD1000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7D25000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7D21000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7DD5000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7D41000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7DD7000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7D79000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7D83000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7D23000 C:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7EE6000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7EDA000 C:\WINDOWS\System32\Drivers\Cdr4_xp.SYS 4096 bytes (Sonic Solutions, CDR4 CD and DVD Place Holder Driver (see PxHelp))
0xF7EE3000 C:\WINDOWS\System32\Drivers\Cdralw2k.SYS 4096 bytes (Sonic Solutions, CDRAL Place Holder Driver (see PxHelp))
0xF7F64000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7EE4000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7DEA000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF7DE9000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8735C1E8 unknown_irp_handler 3608 bytes
0x873CE1E8 unknown_irp_handler 3608 bytes
0x8735E1E8 unknown_irp_handler 3608 bytes
0x8711B1E8 unknown_irp_handler 3608 bytes
0x8705E778 unknown_irp_handler 2184 bytes
0x8708C7B8 unknown_irp_handler 2120 bytes
0x87110980 unknown_irp_handler 1664 bytes
0x86FB6980 unknown_irp_handler 1664 bytes
0x87088980 unknown_irp_handler 1664 bytes
0x86A44980 unknown_irp_handler 1664 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\sptd.sys]
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00005B22, Type: Inline - RelativeJump 0x804DCB22-->804DCB29 [ntoskrnl.exe]
ntoskrnl.exe+0x0000D914, Type: Inline - RelativeJump 0x804E4914-->804E4978 [ntoskrnl.exe]
ntoskrnl.exe+0x0000D9E0, Type: Inline - RelativeJump 0x804E49E0-->804E4A4A [ntoskrnl.exe]
ntoskrnl.exe+0x0000D9F4, Type: Inline - RelativeJump 0x804E49F4-->804E49F3 [ntoskrnl.exe]
ntoskrnl.exe+0x0000DA1C, Type: Inline - RelativeJump 0x804E4A1C-->804E4A8E [ntoskrnl.exe]
ntoskrnl.exe+0x0000DA54, Type: Inline - RelativeJump 0x804E4A54-->804E4A64 [ntoskrnl.exe]
ntoskrnl.exe+0x0000DA98, Type: Inline - RelativeCall 0x804E4A98-->AFD57950 [unknown_code_page]
ntoskrnl.exe+0x0000DAAC, Type: Inline - RelativeJump 0x804E4AAC-->804E4B25 [ntoskrnl.exe]
ntoskrnl.exe+0x0000DB52, Type: Inline - RelativeJump 0x804E4B52-->804E4B4F [ntoskrnl.exe]
ntoskrnl.exe+0x0000DB94, Type: Inline - RelativeJump 0x804E4B94-->804E4B67 [ntoskrnl.exe]
ntoskrnl.exe+0x0000DC08, Type: Inline - RelativeJump 0x804E4C08-->804E4C1E [ntoskrnl.exe]
[1748]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[1748]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[1748]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[1748]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[1748]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[1748]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[1748]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[3452]aolsoftware.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [tbdiag.dll]
[3452]aolsoftware.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [tbdiag.dll]
[3452]aolsoftware.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [tbdiag.dll]
[3452]aolsoftware.exe-->advapi32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x77DD115C-->00000000 [tbdiag.dll]
[3452]aolsoftware.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [tbdiag.dll]
[3452]aolsoftware.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [tbdiag.dll]
[3452]aolsoftware.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [tbdiag.dll]
[3452]aolsoftware.exe-->gdi32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x77F1102C-->00000000 [tbdiag.dll]
[3452]aolsoftware.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [tbdiag.dll]
[3452]aolsoftware.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [tbdiag.dll]
[3452]aolsoftware.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [tbdiag.dll]
[3452]aolsoftware.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [tbdiag.dll]
[3452]aolsoftware.exe-->shell32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x7C9C13DC-->00000000 [tbdiag.dll]
[3452]aolsoftware.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [tbdiag.dll]
[3452]aolsoftware.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [tbdiag.dll]
[3452]aolsoftware.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [tbdiag.dll]
[3452]aolsoftware.exe-->user32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x7E411304-->00000000 [tbdiag.dll]
[3800]aim6.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [tbdiag.dll]
[3800]aim6.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [tbdiag.dll]
[3800]aim6.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [tbdiag.dll]
[3800]aim6.exe-->advapi32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x77DD115C-->00000000 [tbdiag.dll]
[3800]aim6.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [tbdiag.dll]
[3800]aim6.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [tbdiag.dll]
[3800]aim6.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [tbdiag.dll]
[3800]aim6.exe-->gdi32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x77F1102C-->00000000 [tbdiag.dll]
[3800]aim6.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [tbdiag.dll]
[3800]aim6.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [tbdiag.dll]
[3800]aim6.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [tbdiag.dll]
[3800]aim6.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [tbdiag.dll]
[3800]aim6.exe-->shell32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x7C9C13DC-->00000000 [tbdiag.dll]
[3800]aim6.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [tbdiag.dll]
[3800]aim6.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [tbdiag.dll]
[3800]aim6.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [tbdiag.dll]
[3800]aim6.exe-->user32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x7E411304-->00000000 [tbdiag.dll]
[4772]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [unknown_code_page]
[5916]plugin-container.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x7E46531E-->00000000 [xul.dll]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

vtflee
Intermediate
Intermediate

Status :
Online
Offline

Posts : 61
Joined : 2008-11-27
OS : Windows XP Media Center

View user profile

Back to top Go down

Re: HTTPS Tidserv Request 2

Post by vtflee on Wed Aug 11, 2010 6:21 pm

BUMP

Anything else I can do?

vtflee
Intermediate
Intermediate

Status :
Online
Offline

Posts : 61
Joined : 2008-11-27
OS : Windows XP Media Center

View user profile

Back to top Go down

Re: HTTPS Tidserv Request 2

Post by Belahzur on Wed Aug 11, 2010 9:16 pm

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    TDL::
    C:\WINDOWS\system32\drivers\sptd.sys
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: HTTPS Tidserv Request 2

Post by vtflee on Thu Aug 12, 2010 1:45 am

ComboFix 10-08-11.04 - Francisco Lee 08/11/2010 21:31:13.8.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.520 [GMT -4:00]
Running from: c:\documents and settings\Francisco Lee\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Francisco Lee\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\drivers\dmio.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-07-12 to 2010-08-12 )))))))))))))))))))))))))))))))
.

2010-08-06 21:35 . 2010-08-06 21:35 -------- d-----w- c:\program files\7-Zip
2010-07-31 01:26 . 2010-07-31 01:26 -------- d-----w- C:\found.004
2010-07-24 15:49 . 2010-07-24 15:49 54632 ----a-w- c:\documents and settings\Francisco Lee\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-24 15:35 . 2010-07-24 15:34 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-24 15:23 . 2010-07-24 15:23 -------- d-----w- C:\found.003
2010-07-23 14:10 . 2010-07-23 14:10 -------- d-----w- C:\found.002
2010-07-23 04:55 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-07-23 04:55 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-07-23 04:55 . 2009-05-11 16:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-07-23 04:55 . 2009-05-11 16:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-07-23 04:55 . 2010-07-23 04:55 -------- d-----w- c:\program files\Avira
2010-07-23 04:55 . 2010-07-23 04:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-07-22 18:09 . 2010-07-22 18:09 -------- d-----w- C:\found.001
2010-07-22 14:59 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-22 14:59 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-22 14:58 . 2010-07-22 14:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-22 00:45 . 2010-07-22 00:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-22 00:29 . 2010-07-22 00:29 -------- d-----w- C:\found.000
2010-07-20 23:16 . 2010-07-20 23:16 -------- d-----w- c:\documents and settings\Francisco Lee\Application Data\80549D4BAC8408491A18543EEB42DDBD
2010-07-16 21:20 . 2010-07-16 21:20 -------- d-----w- c:\documents and settings\Francisco Lee\Local Settings\Application Data\Unity
2010-07-16 07:00 . 2010-07-16 07:00 -------- d-----w- c:\program files\MSXML 4.0
2010-07-15 05:39 . 2010-07-15 05:41 -------- d-----w- c:\documents and settings\Francisco Lee\Application Data\ooVoo Details
2010-07-15 05:29 . 2010-07-15 05:29 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-07-15 05:29 . 2010-08-12 00:06 -------- d-----w- c:\documents and settings\Francisco Lee\Application Data\skypePM
2010-07-15 05:24 . 2010-08-12 01:06 -------- d-----w- c:\documents and settings\Francisco Lee\Application Data\Skype
2010-07-15 05:22 . 2010-07-15 05:22 -------- d-----w- c:\program files\Common Files\Skype
2010-07-15 05:22 . 2010-07-15 05:23 -------- d-----r- c:\program files\Skype
2010-07-15 05:21 . 2010-07-15 05:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-07-15 05:07 . 2010-07-15 05:08 -------- d-----w- c:\documents and settings\Francisco Lee\Local Settings\Application Data\Temp
2010-07-15 05:07 . 2010-07-15 05:08 -------- d-----w- c:\documents and settings\Francisco Lee\Local Settings\Application Data\Google
2010-07-15 04:50 . 2008-04-13 18:39 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2010-07-15 04:50 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-07-15 04:50 . 2008-04-13 18:46 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2010-07-15 04:50 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-07-15 04:50 . 2008-04-13 18:46 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2010-07-15 04:50 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2010-07-15 04:50 . 2008-04-13 18:46 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2010-07-15 04:50 . 2008-04-13 18:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2010-07-15 04:50 . 2008-04-13 18:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-07-15 04:50 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2010-07-15 04:49 . 2008-04-13 18:46 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2010-07-15 04:49 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2010-07-15 04:49 . 2008-04-13 18:46 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2010-07-15 04:49 . 2008-04-13 18:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2010-07-15 04:48 . 2008-04-14 00:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-07-15 04:48 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-07-15 04:30 . 2010-07-15 04:30 10134 ----a-r- c:\documents and settings\Francisco Lee\Application Data\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe
2010-07-15 04:29 . 2010-07-15 04:29 10134 ----a-r- c:\documents and settings\Francisco Lee\Application Data\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe
2010-07-15 04:29 . 2010-07-15 04:29 10134 ----a-r- c:\documents and settings\Francisco Lee\Application Data\Microsoft\Installer\{EA516024-D84D-41F1-814F-83175A6188F2}\ARPPRODUCTICON.exe
2010-07-15 04:28 . 2007-02-03 14:32 1939360 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2010-07-15 04:28 . 2007-02-03 14:29 264992 ----a-w- c:\windows\system32\lvcodec2.dll
2010-07-15 04:28 . 2003-02-21 08:42 348160 ----a-w- c:\windows\system\msvcr71.dll
2010-07-15 04:28 . 2007-02-03 14:32 527136 ----a-w- c:\windows\system32\LVUI2RC.dll
2010-07-15 04:28 . 2007-02-03 14:32 215840 ----a-w- c:\windows\system32\LVUI2.dll
2010-07-15 04:28 . 2007-02-03 14:30 1507232 ----a-w- c:\windows\system32\drivers\lvpopflt.sys
2010-07-15 04:28 . 2007-02-03 13:01 13398 ----a-w- c:\windows\system32\Repository.reg
2010-07-15 04:28 . 2007-02-03 14:33 22560 ----a-w- c:\windows\system32\drivers\lvuvcflt.sys
2010-07-15 04:28 . 2007-02-03 14:32 41504 ----a-w- c:\windows\system32\drivers\LVUSBSta.sys
2010-07-15 04:28 . 2007-02-03 14:29 129824 ----a-w- c:\windows\system32\lvci1051.dll
2010-07-15 04:26 . 2010-07-15 04:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2010-07-15 04:26 . 2010-07-15 04:48 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-07-15 04:21 . 2010-07-15 04:26 -------- d-----w- c:\program files\Logitech
2010-07-15 03:46 . 2010-07-15 03:46 -------- d-----w- c:\documents and settings\Francisco Lee\Local Settings\Application Data\LogiShrd
2010-07-15 03:45 . 2010-07-15 03:45 -------- d-----w- c:\documents and settings\Francisco Lee\Application Data\Leadertech
2010-07-15 03:41 . 2010-07-15 03:41 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-07-15 03:23 . 2008-04-13 18:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-07-15 03:23 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-07-15 03:23 . 2010-01-21 15:46 441168 ----a-w- c:\documents and settings\Francisco Lee\Application Data\Mozilla\Firefox\Profiles\e59ng5xf.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
2010-07-14 11:51 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-12 01:05 . 2009-03-23 16:38 117760 ----a-w- c:\documents and settings\Francisco Lee\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-12 01:00 . 2010-07-15 04:49 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-07-22 15:00 . 2009-03-07 03:22 -------- d-----w- c:\documents and settings\Francisco Lee\Application Data\Malwarebytes
2010-07-22 00:44 . 2007-03-29 06:30 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-21 18:07 . 2010-03-09 04:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-21 18:06 . 2010-03-09 04:10 -------- d-----w- c:\program files\SpywareBlaster
2010-07-15 04:27 . 2006-06-05 19:35 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-14 14:31 . 2006-06-05 18:46 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-11 20:51 . 2010-06-11 20:51 3055600 ----a-w- c:\documents and settings\Francisco Lee\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-06-11 20:36 . 2010-06-11 20:36 275952 ----a-w- c:\documents and settings\Francisco Lee\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-05-24 05:41 . 2010-05-24 05:41 503808 ----a-w- c:\documents and settings\Francisco Lee\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5d605c38-n\msvcp71.dll
2010-05-24 05:41 . 2010-05-24 05:41 499712 ----a-w- c:\documents and settings\Francisco Lee\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5d605c38-n\jmc.dll
2010-05-24 05:41 . 2010-05-24 05:41 348160 ----a-w- c:\documents and settings\Francisco Lee\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5d605c38-n\msvcr71.dll
2010-05-24 05:41 . 2010-05-24 05:41 61440 ----a-w- c:\documents and settings\Francisco Lee\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-39e02bdd-n\decora-sse.dll
2010-05-24 05:41 . 2010-05-24 05:41 12800 ----a-w- c:\documents and settings\Francisco Lee\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-39e02bdd-n\decora-d3d.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-29 1830128]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google Update"="c:\documents and settings\Francisco Lee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-07-15 136176]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\bcmntray" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-03-12 3067904]
"nwiz"="nwiz.exe" [2004-03-12 753664]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-01-13 69632]
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-01-13 757760]
"RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-01-09 253952]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-11-29 583048]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-29 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 15:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Francisco Lee\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [2/2/2010 8:23 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [2/2/2010 8:23 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [2/2/2010 8:23 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100809.001\IDSXpx86.sys [8/11/2010 9:16 PM 331640]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2009 11:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2009 11:43 AM 55024]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2/2/2010 8:22 PM 117640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/15/2009 11:42 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/30/2010 7:35 PM 102448]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2009 11:43 AM 7408]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/23/2010 12:55 AM 135336]
S3 EraserUtilDrv10615;EraserUtilDrv10615;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10615.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10615.sys [?]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [1/12/2010 9:01 PM 14424]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/30/2007 4:40 PM 646392]
.
Contents of the 'Scheduled Tasks' folder

2010-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-117609710-1801674531-1003Core.job
- c:\documents and settings\Francisco Lee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-15 05:07]

2010-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-117609710-1801674531-1003UA.job
- c:\documents and settings\Francisco Lee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-15 05:07]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: { - c:\documents and settings\All Users\Start Menu\Programs\absoƖute Poker\absoƖute Poker.lnk
FF - ProfilePath - c:\documents and settings\Francisco Lee\Application Data\Mozilla\Firefox\Profiles\e59ng5xf.default\
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Francisco Lee\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Francisco Lee\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\Francisco Lee\Application Data\Mozilla\Firefox\Profiles\e59ng5xf.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\documents and settings\Francisco Lee\Application Data\Mozilla\Firefox\Profiles\e59ng5xf.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\Francisco Lee\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Francisco Lee\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\Francisco Lee\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\Francisco Lee\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-08-11 21:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360]
"ImagePath"=""c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe" /s "N360" /m "c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,77,f8,99,60,9b,06,87,47,b3,fa,bc,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,77,f8,99,60,9b,06,87,47,b3,fa,bc,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1228)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(884)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-08-11 21:43:22
ComboFix-quarantined-files.txt 2010-08-12 01:43
ComboFix2.txt 2010-08-01 00:04
ComboFix3.txt 2010-07-31 02:13

Pre-Run: 12,402,245,632 bytes free
Post-Run: 12,385,980,416 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - AA3AA7D7C81DCFA5E20344A584F3578D

vtflee
Intermediate
Intermediate

Status :
Online
Offline

Posts : 61
Joined : 2008-11-27
OS : Windows XP Media Center

View user profile

Back to top Go down

Re: HTTPS Tidserv Request 2

Post by Belahzur on Thu Aug 12, 2010 11:33 pm

Hmm. Okay then, how is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: HTTPS Tidserv Request 2

Post by vtflee on Fri Aug 13, 2010 2:11 am

seems to be running okay. how can i be sure?

vtflee
Intermediate
Intermediate

Status :
Online
Offline

Posts : 61
Joined : 2008-11-27
OS : Windows XP Media Center

View user profile

Back to top Go down

Re: HTTPS Tidserv Request 2

Post by Belahzur on Fri Aug 13, 2010 9:57 pm

Still getting re-direct symptoms.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: HTTPS Tidserv Request 2

Post by vtflee on Sat Aug 14, 2010 1:14 am

I don't think i've come across any redirect symptoms yet, but I just ran a full scan with my superantispyware. It found 2 files infected with Trojan.Agent/Gen-CDesc[Gen]. Then it quarantined and removed the files, but after that happened my Norton popped up and said I was still infected with the backdoor.tidserv.

vtflee
Intermediate
Intermediate

Status :
Online
Offline

Posts : 61
Joined : 2008-11-27
OS : Windows XP Media Center

View user profile

Back to top Go down

Re: HTTPS Tidserv Request 2

Post by Belahzur on Sat Aug 14, 2010 3:27 pm

Hello.
Did SAS say where it found those 2 files? does Norton say where the problem is too?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: HTTPS Tidserv Request 2

Post by vtflee on Sun Aug 15, 2010 6:48 pm

SAS reported these files:

C:\SYSTEM VOLUME INFORMATION\_RESTORE{13C4ADED-8E9C-46C2-A3e7-DA24A6174591}\RP487\A0086903.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{13C4ADED-8E9C-46C2-A3e7-DA24A6174591}\RP488\A0087199.SYS

As for Norton, I can't find any log information of where the problem is.

Thanks!

vtflee
Intermediate
Intermediate

Status :
Online
Offline

Posts : 61
Joined : 2008-11-27
OS : Windows XP Media Center

View user profile

Back to top Go down

Re: HTTPS Tidserv Request 2

Post by Belahzur on Mon Aug 16, 2010 12:53 am

Ah okay, nothing serious, just restore points.

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Any difference now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: HTTPS Tidserv Request 2

Post by vtflee on Tue Aug 17, 2010 2:18 am

ran SAS again, no problems. however, when I try to open my mozilla browser, it takes forever to open. but when i unplug my ethernet cord, it opens right away. should i be concerned or is it just my computer?

vtflee
Intermediate
Intermediate

Status :
Online
Offline

Posts : 61
Joined : 2008-11-27
OS : Windows XP Media Center

View user profile

Back to top Go down

Re: HTTPS Tidserv Request 2

Post by Belahzur on Wed Aug 18, 2010 9:42 pm

I think it may just be your computer, try upgrading your RAM and closing unnecessary programs.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: HTTPS Tidserv Request 2

Post by vtflee on Fri Aug 20, 2010 12:03 pm

thank you!

vtflee
Intermediate
Intermediate

Status :
Online
Offline

Posts : 61
Joined : 2008-11-27
OS : Windows XP Media Center

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum